| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unkontrollierter Mailversand von meiner web.de-AdresseWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.09.2015, 17:54
| #1 |
 |  Unkontrollierter Mailversand von meiner web.de-Adresse Hallo Community! Seit etwa zwei Wochen versendet eine meiner web.de-Adressen regelmäßig Spam an meine Kontakte und mir unbekannte Empfänger. Die Mails finden sich aber nicht im Postausgang oder Papierkorb wieder. Nach dem ersten Mal habe ich direkt mein Passwort geändert, leider trat das Problem gestern erneut auf. Also habe ich wieder das Passwort geändert, Avira checken lassen (ohne Befund) und das neue PW dieses Mal nicht in Lastpass oder meinen Mail-Apps hinterlegt. Dennoch wurden heute wieder Nachrichten verschickt. Als die erste Welle vor zwei Wochen raus ging, war ich im Urlaub und hatte nur mein Tablet (Win 8.1, jetzt 10) und mein iPhone dabei und online. Die Mails wurden allerdings nachts verschickt, als zumindest das Tablet aus war. Heute war ich nur mit meinem Laptop (Win 10) online und noch während ich im Posteingang war, trafen wieder Spam-Mails bzw. Unzustellbar-Benachrichtigungen ein. Was kann das sein? Und was kann ich dagegen tun? |
|
20.09.2015, 18:10
| #2 |
| /// the machine /// TB-Ausbilder    | Unkontrollierter Mailversand von meiner web.de-Adresse hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
20.09.2015, 18:41
| #3 |
| | Unkontrollierter Mailversand von meiner web.de-Adresse Einmal vom Laptop:
__________________Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
durchgeführt von Toshiba (Administrator) auf TOSHIBA-PC (20-09-2015 19:23:26)
Gestartet von D:\Downloads_neu
Geladene Profile: Toshiba (Verfügbare Profile: Toshiba)
Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Dropbox, Inc.) C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Inference Group, Cavendish Laboratory, University of Cambridge) C:\Program Files (x86)\Dasher\Dasher 4.11\Dasher.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6208.42001.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6208.42001.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.XboxApp_9.9.16003.0_x64__8wekyb3d8bbwe\XboxApp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Inference Group, Cavendish Laboratory, University of Cambridge) C:\Program Files (x86)\Dasher\Dasher 4.11\Dasher.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2015-08-21] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\Run: [Dropbox Update] => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-04-11]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-10-05]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{25efa1fc-4989-49a2-be33-a5d8d70db773}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-16] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\support@lastpass.com [2015-08-26]
FF Extension: Garmin Communicator - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-30]
FF Extension: WOT - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-19]
FF Extension: FireFTP - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-05-30]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\ich@maltegoetz.de.xpi [2015-04-11]
FF Extension: Adblock Plus - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-11]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-04-11] (Adobe Systems) [Datei ist nicht signiert]
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-14] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-07] (COMODO)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-07-30] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-29] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-07-30] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-07-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-07-30] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-07-10] (Realtek Semiconductor Corporation )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-30] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-20 19:23 - 2015-09-20 19:23 - 00000000 ____D C:\FRST
2015-09-20 15:17 - 2015-09-20 15:17 - 00016148 _____ C:\WINDOWS\system32\TOSHIBA-PC_Toshiba_HistoryPrediction.bin
2015-09-20 11:40 - 2015-09-20 11:40 - 00000000 ___HD C:\OneDriveTemp
2015-09-15 08:01 - 2015-09-15 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-14 17:57 - 2015-09-14 17:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-14 17:31 - 2015-09-14 17:31 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-27 21:54 - 2015-08-19 06:50 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-27 19:10 - 2015-08-27 19:12 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Garmin_Ltd._or_its_subsid
2015-08-27 19:10 - 2015-08-27 19:10 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\Garmin
2015-08-27 19:10 - 2015-08-27 19:10 - 00000000 ____D C:\ProgramData\Garmin
2015-08-27 19:10 - 2015-08-27 19:10 - 00000000 ____D C:\Program Files\DIFX
2015-08-27 19:09 - 2015-09-15 08:02 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-27 19:09 - 2015-09-15 08:01 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-08-27 19:09 - 2015-09-15 08:01 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-08-27 19:04 - 2015-08-27 19:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-25 18:27 - 2015-08-25 18:27 - 00001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Annotator.lnk
2015-08-21 21:26 - 2015-08-21 21:27 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
2015-08-21 21:26 - 2015-08-21 21:27 - 00000000 ____D C:\WINDOWS\WindowsMobile
2015-08-21 21:26 - 2015-08-21 21:26 - 00253832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rapistub.dll
2015-08-21 21:26 - 2015-08-21 21:26 - 00223112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rapistub.dll
2015-08-21 21:26 - 2015-08-21 21:26 - 00123272 _____ (Microsoft Corporation) C:\WINDOWS\system32\rapi.dll
2015-08-21 21:26 - 2015-08-21 21:26 - 00105352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rapi.dll
2015-08-21 21:26 - 2015-08-21 21:26 - 00075144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ceutil.dll
2015-08-21 21:26 - 2015-08-21 21:26 - 00074120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ceutil.dll
2015-08-21 21:26 - 2015-08-21 21:26 - 00053128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmcoinst-070531-0952.dll
2015-08-21 21:26 - 2015-08-21 21:26 - 00040840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcescommproxy.dll
2015-08-21 21:26 - 2015-08-21 21:26 - 00034696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rapiproxystub.dll
2015-08-21 21:26 - 2015-08-21 21:26 - 00024968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcescommproxy.dll
2015-08-21 21:26 - 2015-08-21 21:26 - 00024456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rapiproxystub.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-20 19:21 - 2014-10-05 20:30 - 00008816 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-09-20 19:20 - 2014-10-05 12:15 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-09-20 19:16 - 2015-07-10 14:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-20 18:44 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-20 18:32 - 2015-06-23 18:22 - 00001232 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000UA.job
2015-09-20 17:01 - 2014-10-05 12:16 - 00089648 _____ C:\Users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-20 15:32 - 2015-06-23 18:21 - 00001180 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000Core.job
2015-09-20 11:49 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-20 11:41 - 2015-04-13 16:14 - 00000000 ___RD C:\Users\Toshiba\Dropbox
2015-09-20 11:41 - 2015-04-13 16:03 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\Dropbox
2015-09-20 11:40 - 2015-04-11 15:09 - 00000000 ____D C:\Users\Toshiba\OneDrive
2015-09-16 22:23 - 2015-07-10 14:20 - 00015681 _____ C:\WINDOWS\setupact.log
2015-09-16 18:27 - 2015-07-30 21:53 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Packages
2015-09-15 20:31 - 2014-10-05 12:55 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Microsoft Help
2015-09-15 19:37 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-15 10:56 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-15 10:54 - 2014-09-24 00:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-15 10:45 - 2014-09-24 00:18 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-09-15 08:14 - 2014-10-05 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-15 08:10 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-15 08:10 - 2015-07-10 14:20 - 00339232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-15 08:09 - 2015-07-30 21:19 - 00006356 _____ C:\WINDOWS\PFRO.log
2015-09-15 08:09 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-15 08:07 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-15 08:07 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-15 08:07 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-15 08:07 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-15 08:07 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-14 17:30 - 2015-07-30 22:08 - 00002412 _____ C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-03 13:52 - 2013-09-24 10:53 - 00579408 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-09-03 13:52 - 2013-09-24 10:53 - 00445472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-08-25 18:27 - 2015-06-23 18:56 - 00001169 _____ C:\Users\Public\Desktop\PDF Annotator.lnk
2015-08-25 18:27 - 2015-06-23 18:56 - 00000000 ____D C:\Users\Toshiba\AppData\Local\PDF Annotator
2015-08-25 18:27 - 2015-06-23 18:55 - 00000000 ____D C:\Program Files (x86)\PDF Annotator
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-07-30 21:24 - 2015-07-30 21:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\Toshiba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3dzzr0.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-15 10:44
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-09-2015
durchgeführt von Toshiba (2015-09-20 19:26:33)
Gestartet von D:\Downloads_neu
Windows 10 Pro (X64) (2015-07-30 19:51:57)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2801822355-1091776115-2282360880-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2801822355-1091776115-2282360880-503 - Limited - Disabled)
Gast (S-1-5-21-2801822355-1091776115-2282360880-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2801822355-1091776115-2282360880-1002 - Limited - Enabled)
Toshiba (S-1-5-21-2801822355-1091776115-2282360880-1000 - Administrator - Enabled) => C:\Users\Toshiba
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
COMODO Internet Security Premium (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.)
Dasher 4.11 (HKLM-x32\...\{BD8ECD28-2D32-11DF-8D17-000423472618}) (Version: 4.11 - The Dasher Project)
Dropbox (HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
PDF Annotator 5.0.0.510 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.510 - GRAHL software design)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {08287FC4-597D-49DC-9CE0-4DF80BC47E27} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {0E2482CB-BFF8-4F24-B75F-3CCC09E1C4A9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {111EA2CE-F859-448B-9ED9-FAF56C32E31C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {11EA62AB-37B6-4F82-A329-5306E660C027} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1556FD00-6F8B-4DF0-9EFB-B8E19BD5DA15} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000UA => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {1C10BD95-F2CD-4381-80E6-20E605875FF5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {2103F928-292F-458B-9B09-3643CC3F9D3D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {4CB79202-2777-47BF-89E8-B352BF0BD828} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {54D73F89-2F79-47D8-8768-528044CB35A3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {5C3A1012-54C3-498D-A023-95D1D5A63189} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {5C5DBC61-1CC7-4CBD-A55F-DAF786B36AB4} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-07] (COMODO)
Task: {60E07D6A-8489-4748-B451-DB6384C3375C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {61847A8B-8D98-4667-972C-A14D953B5FCF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {63C3003F-E160-41D1-8B42-03E86AFAD4AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {64FF3EE7-71C3-4CDA-9004-915BB1489C50} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {6C19EACD-BFE3-4010-A7AD-398E120EEA3C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {75A46DE7-3667-4153-99F2-C5AE383D1658} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {7C0004BE-6C72-4348-9D3B-888F95DAA41B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {81CE33A9-C813-4A1C-9992-CB09481B7434} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-19] (Adobe Systems Incorporated)
Task: {84E958F4-6C79-4E3E-B697-D645252DE1CC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {93C9AAF2-F374-4F9D-B8E4-D97348BA4AAF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {96999D0E-1C1E-4AD2-ACB4-228CEDD38265} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {9AD39AE9-03C8-4B8C-B448-EAEC66AB88F1} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {A0FF1C4C-B44D-432C-AFCB-8A38CAAB8ADC} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> Keine Datei <==== ACHTUNG
Task: {A1D2109E-AD43-4A83-B17C-E99DC539FC6E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {A7EC3CFE-3CF3-411C-86CD-4AC7730D20ED} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {AA05C488-2E79-4381-B379-AC2E3A33DDA1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {AB1AF363-146B-4DA2-BA03-124C90920086} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C4351641-3822-48E7-A73D-FAE74B7ABBBA} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-07] (COMODO)
Task: {C6D393DE-0343-436A-A56A-A0C5D179F86B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {C732980D-55DB-4BA9-8EB2-1F6AE0906CDC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {C797185C-1CF2-4D34-8F0A-3F855F26C417} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {C8699267-9955-45B1-9916-6CCD099BAF7F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {D0EAFBC6-0D10-4CAF-8CD8-62C3F1C52E6C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {DA9E374E-0F90-4978-89D9-5AC824DCF5CA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {E1C0F344-E15E-40DE-82F8-59090A871A64} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {E5261A67-4ED1-4597-A919-581648F89B7F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E6B8BAF0-787F-488D-BCA5-45DAA9063407} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {E8985E9B-C403-4371-A010-218F5C0E4582} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {F0C3B15F-ECF0-44FC-AB58-362ACBA481AA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F7C0F6B0-E353-47D4-AF72-59AA42E308BB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-09-15] (Microsoft Corporation)
Task: {F8EA873F-16B3-40D1-B532-1720139FA890} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {F98CD2F3-64FA-48E3-B91F-60550D67CCE9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FBD43E5A-FDF6-4D02-9092-B93E8A5F3014} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000Core => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {FCB2BB03-7BBF-49A1-B508-61106E5CB1C8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {FFB50075-3CCF-4563-8E78-922F2DCBF12E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000Core.job => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000UA.job => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-10 13:00 - 2015-07-10 13:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-07-30 22:10 - 2015-07-30 22:10 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-05 21:05 - 2015-08-05 21:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-05 21:05 - 2015-08-05 21:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:43 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 18:43 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2015-09-20 11:45 - 2015-09-20 11:45 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_9.9.16003.0_x64__8wekyb3d8bbwe\XboxApp.exe
2015-09-20 11:45 - 2015-09-20 11:45 - 27473920 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_9.9.16003.0_x64__8wekyb3d8bbwe\XboxApp.dll
2015-09-20 11:45 - 2015-09-20 11:45 - 03128832 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_9.9.16003.0_x64__8wekyb3d8bbwe\Avatars.dll
2015-09-20 11:45 - 2015-09-20 11:45 - 04048384 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_9.9.16003.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.SmartGlass.dll
2015-09-20 11:45 - 2015-09-20 11:45 - 03720704 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_9.9.16003.0_x64__8wekyb3d8bbwe\XboxNano.dll
2013-04-15 17:39 - 2015-01-09 00:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-09-20 11:40 - 2015-09-20 11:40 - 00071168 _____ () c:\users\toshiba\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3dzzr0.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00012800 _____ () C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00779776 _____ () C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 20:39 - 2015-08-05 07:26 - 00056320 _____ () C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00012288 _____ () C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2007-06-05 14:23 - 2007-06-05 14:23 - 00151552 _____ () C:\Program Files (x86)\Dasher\Dasher 4.11\libexpat.dll
2015-07-10 13:00 - 2015-07-10 13:00 - 01021792 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll
2015-07-10 13:00 - 2015-07-10 13:00 - 00528384 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL
2015-08-25 18:18 - 2015-08-25 18:18 - 01020928 _____ () C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-07-03 07:09 - 2015-07-03 07:09 - 20930744 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00322208 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2015-07-03 07:09 - 2015-07-03 07:09 - 45080248 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ceutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\configmanager2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coredpus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack_win.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack_wininternal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\directmanipulation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fwpolicyiomgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkcoiC611.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkinsC611.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkstsC611LM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerShellext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationFrameworkInternalPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationGeofences.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationPermissions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NotificationControllerPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NotificationObjFactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\novamiv7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\novamnv7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prm0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rapiproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsNativeApi.V2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Notifications.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModelShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syncutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tetheringclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tetheringservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tileobjserver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VEDataLayerHelpers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VEEventDispatcher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VoiceActivationManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcescommproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmcoinst-070531-0952.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuautoappupdate.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ceutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\directmanipulation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NotificationObjFactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rapiproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tetheringclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VEEventDispatcher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VoiceActivationManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcescommproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msgpiowin32.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdyboost.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Thotkey.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tunnel.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wof.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Toshiba\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop-hintergrund.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{807475DA-0205-4113-AEEE-5AF566EA7A6E}] => (Allow) C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{907C6B85-1989-4C3C-8514-B458F462847C}] => (Allow) C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{68BA6026-2831-45B8-93A2-089D7C57695E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{272776C8-4FCE-4428-8C5C-A0760AD5115F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7455D731-38E3-4242-85C7-6ADC69F39E59}] => (Allow) C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\OneDrive.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/20/2015 05:08:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WINWORD.EXE, Version 12.0.4518.1014 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d94
Startzeit: 01d0f38fc457291e
Beendigungszeit: 49
Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Berichts-ID: 60c67428-5fa9-11e5-9bc9-1c7508849834
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (09/20/2015 02:34:44 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (204) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/20/2015 02:34:44 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (204) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/20/2015 02:34:33 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (204) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/20/2015 02:34:33 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (204) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/20/2015 02:34:23 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (204) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/20/2015 02:34:23 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (204) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/20/2015 02:34:13 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (204) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/20/2015 02:34:13 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (204) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/20/2015 02:34:02 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (204) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Systemfehler:
=============
Error: (09/16/2015 10:25:29 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {7006698D-2974-4091-A424-85DD0B909E23}
Error: (09/16/2015 10:25:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/16/2015 10:25:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/16/2015 10:25:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/16/2015 10:25:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/15/2015 11:03:35 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {7006698D-2974-4091-A424-85DD0B909E23}
Error: (09/15/2015 11:03:28 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (09/15/2015 11:03:28 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (09/15/2015 11:03:28 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (09/15/2015 11:03:28 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA-PC)
Description: App.AppX9s1cz53zc86xn39kwrb02jyft9ecn62r.mca
CodeIntegrity:
===================================
Date: 2015-09-20 19:21:42.310
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-20 18:17:51.756
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-20 18:03:22.168
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-20 17:57:08.438
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-20 17:29:39.204
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-20 17:21:56.653
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-20 16:57:04.495
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-20 16:44:01.520
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-20 14:17:22.881
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-20 13:04:35.685
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: AMD V140 Processor
Prozentuale Nutzung des RAM: 64%
Installierter physikalischer RAM: 3835.69 MB
Verfügbarer physikalischer RAM: 1356.02 MB
Summe virtueller Speicher: 7675.69 MB
Verfügbarer virtueller Speicher: 3813.3 MB
==================== Laufwerke ================================
Drive c: (SYSTEM) (Fixed) (Total:97.66 GB) (Free:41.13 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (DATA) (Fixed) (Total:135.23 GB) (Free:133.55 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 441A53E7)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135.2 GB) - (Type=OF Extended)
==================== Ende von Addition.txt ============================
|
|
20.09.2015, 18:41
| #4 |
| | Unkontrollierter Mailversand von meiner web.de-Adresse Und hier auch vom Tablet: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:15-09-2015
durchgeführt von Melly (Administrator) auf BUMBLEBEE (20-09-2015 19:32:18)
Gestartet von C:\Users\Melly\Downloads
Geladene Profile: Melly (Verfügbare Profile: Melly & Administrator)
Platform: Microsoft Windows 10 Home (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Dropbox, Inc.) C:\Users\Melly\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\Run: [Spotify Web Helper] => C:\Users\Melly\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-06-02] (Spotify Ltd)
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\Run: [Dropbox Update] => C:\Users\Melly\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Melly\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Melly\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Melly\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-06-14]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-06-14]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2014-06-19]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{47e8a5ae-3ba9-44ca-ae35-b23842545b0e}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2014-06-29] (LastPass)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2014-06-29] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default
FF NewTab: hxxps://safesearch.avira.com/#?source=newtab
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2014-06-14] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-18] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF SearchPlugin: C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\searchplugins\avira-safesearch.xml [2014-11-30]
FF Extension: LastPass - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\support@lastpass.com [2015-07-20]
FF Extension: Garmin Communicator - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-06-01]
FF Extension: WOT - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-13]
FF Extension: FireFTP - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-06-01]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: Adblock Plus - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-14]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-07-31]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [461672 2015-08-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-31] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-31] (Avira Operations GmbH & Co. KG)
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2014-04-19] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1874104 2015-07-14] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290208 2015-07-30] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [283552 2015-07-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
S3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [116032 2015-08-27] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [104840 2015-08-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [138800 2015-08-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37896 2015-05-20] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [37384 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-19] (Broadcom Corp)
S3 BthA2DP; C:\WINDOWS\system32\drivers\BthA2DP.sys [125440 2015-07-10] (Microsoft Corporation)
S3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [193536 2015-07-10] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23040 2015-07-10] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\System32\drivers\btwampfl.sys [162560 2015-04-09] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\System32\drivers\BtwSerialBus.sys [139520 2015-04-09] (Broadcom Corporation.)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 CM3218x; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
R3 CPLMACPI; C:\WINDOWS\system32\DRIVERS\CPLMACPI.sys [25040 2015-07-08] (Capella Microsystems, Inc.)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [44496 2014-01-22] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17416 2015-05-13] (ASUS)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S3 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35904 2015-06-26] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [263936 2015-05-21] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [31848 2015-06-18] (Avira Operations GmbH & Co. KG)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-20 19:32 - 2015-09-20 19:32 - 00019657 _____ C:\Users\Melly\Downloads\FRST.txt
2015-09-20 19:32 - 2015-09-20 19:32 - 00000000 ____D C:\FRST
2015-09-20 19:31 - 2015-09-20 19:31 - 01695232 _____ (Farbar) C:\Users\Melly\Downloads\FRST.exe
2015-09-20 19:30 - 2015-09-20 19:31 - 02191360 _____ (Farbar) C:\Users\Melly\Downloads\FRST64.exe
2015-09-20 19:28 - 2015-09-20 19:28 - 00000000 ___HD C:\OneDriveTemp
2015-09-20 19:27 - 2015-09-20 19:27 - 00016148 _____ C:\WINDOWS\system32\BUMBLEBEE_Melly_HistoryPrediction.bin
2015-09-18 20:26 - 2015-09-18 20:26 - 00000000 ____D C:\Users\Melly\AppData\Local\NetworkTiles
2015-09-14 21:37 - 2015-09-14 21:37 - 00061776 _____ C:\Users\Melly\Downloads\FORTE.TTF
2015-09-14 20:26 - 2015-09-14 20:26 - 00000000 ___RD C:\Users\Melly\3D Objects
2015-09-14 19:47 - 2015-09-14 19:47 - 00000000 ____D C:\Users\Melly\AppData\Local\MicrosoftEdge
2015-09-14 19:37 - 2015-09-14 19:37 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-14 19:29 - 2015-09-15 21:19 - 00002401 _____ C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-14 19:27 - 2015-09-14 19:27 - 00000000 ____D C:\Users\Melly\AppData\Local\Publishers
2015-09-14 19:26 - 2015-09-20 19:27 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-09-14 19:26 - 2015-09-14 22:23 - 00000000 ____D C:\Users\Melly\AppData\Local\Comms
2015-09-14 19:26 - 2015-09-14 19:26 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-09-14 19:26 - 2015-09-14 19:26 - 00000000 ____D C:\Users\Melly\AppData\Local\TileDataLayer
2015-09-14 19:25 - 2015-09-14 19:25 - 00000020 ___SH C:\Users\Melly\ntuser.ini
2015-09-14 19:22 - 2015-09-14 19:22 - 00053352 _____ C:\WINDOWS\system32\ASGCoInstaller_x86.dll
2015-09-14 19:22 - 2015-09-14 19:22 - 00000000 ____D C:\ProgramData\SetupTPDriver
2015-09-14 19:14 - 2015-09-15 21:20 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-14 19:14 - 2015-09-14 18:18 - 00000000 __SHD C:\Recovery
2015-09-14 19:12 - 2015-09-14 19:13 - 00000000 ____D C:\Windows.old
2015-09-14 19:11 - 2015-09-14 19:11 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-09-14 19:10 - 2015-09-14 19:10 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2015-09-14 19:10 - 2015-09-14 19:10 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-09-14 19:10 - 2015-09-14 19:10 - 00000000 ____D C:\Program Files\MSBuild
2015-09-14 19:09 - 2015-05-29 22:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-09-14 19:09 - 2015-05-29 22:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-14 19:09 - 2015-05-29 22:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-09-14 18:46 - 2015-08-19 06:11 - 00549160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-14 18:46 - 2015-07-22 05:08 - 00719360 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Programme
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\ProgramData\Startmenü
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\ProgramData\Dokumente
2015-09-14 18:45 - 2015-07-25 06:54 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-09-14 18:41 - 2015-09-14 18:41 - 00021532 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-09-14 18:38 - 2015-09-20 19:30 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-14 18:31 - 2015-09-14 18:31 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-14 18:24 - 2015-09-14 18:24 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-09-14 18:22 - 2015-09-14 23:06 - 00000000 ____D C:\Users\Melly
2015-09-14 18:22 - 2015-09-14 19:26 - 00000000 ___RD C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-14 18:22 - 2015-09-14 18:34 - 00000000 ____D C:\Users\Administrator
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Startmenü
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Netzwerkumgebung
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Druckumgebung
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Documents\Eigene Musik
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Documents\Eigene Bilder
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\AppData\Local\Verlauf
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 __RSD C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 __RSD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-14 18:17 - 2015-09-14 18:25 - 00000000 ____D C:\Program Files\Intel
2015-09-14 18:17 - 2015-09-14 18:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SdoV2_02_15_00.Wdf
2015-09-14 18:17 - 2015-09-14 18:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_CM3218x_01_11_00.Wdf
2015-09-14 18:17 - 2015-07-30 22:41 - 00069104 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-09-14 18:16 - 2015-09-14 18:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_INVN_MotionApps_01_11_00.Wdf
2015-09-14 18:16 - 2015-09-14 18:16 - 00000000 ____D C:\Program Files\Common Files\Intel
2015-09-14 18:15 - 2015-09-19 20:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-09-14 18:15 - 2015-09-14 18:16 - 00026751 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-09-14 18:15 - 2015-09-14 18:15 - 00000398 _____ C:\WINDOWS\PFRO.log
2015-09-14 17:25 - 2015-09-14 18:44 - 00013338 _____ C:\WINDOWS\diagwrn.xml
2015-09-14 17:25 - 2015-09-14 18:44 - 00013338 _____ C:\WINDOWS\diagerr.xml
2015-09-14 17:25 - 2015-09-14 18:42 - 00006610 _____ C:\WINDOWS\comsetup.log
2015-09-13 22:37 - 2015-09-14 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-13 22:37 - 2015-09-13 22:37 - 00001829 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-13 22:36 - 2015-09-13 22:37 - 00000000 ____D C:\Program Files\QuickTime
2015-09-13 22:35 - 2015-09-14 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-13 22:35 - 2015-09-13 22:35 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-13 22:34 - 2015-09-13 22:35 - 00000000 ____D C:\Program Files\iTunes
2015-09-13 22:34 - 2015-09-13 22:34 - 00000000 ____D C:\Program Files\iPod
2015-09-13 12:49 - 2015-09-13 12:49 - 00001114 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-09-05 23:55 - 2015-09-14 18:32 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-01 23:39 - 2015-09-13 12:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-31 21:32 - 2015-08-31 21:32 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Logitech
2015-08-31 21:32 - 2015-08-31 21:32 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Logishrd
2015-08-31 21:31 - 2015-08-31 21:32 - 02190408 _____ (Logitech Inc.) C:\Users\Melly\Downloads\ConnectUtility.exe
2015-08-31 21:28 - 2015-09-14 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-08-31 21:28 - 2015-08-31 21:28 - 00000000 ____D C:\ProgramData\LogiShrd
2015-08-31 21:28 - 2015-08-31 21:28 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2015-08-31 21:27 - 2015-08-31 21:27 - 04147600 _____ ($Co_Name Inc.) C:\Users\Melly\Downloads\unifying250.exe
2015-08-27 10:29 - 2015-08-27 10:29 - 00862664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr110.dll
2015-08-27 10:29 - 2015-08-27 10:29 - 00534480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110.dll
2015-08-27 10:29 - 2015-08-27 10:29 - 00251864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib110.dll
2015-08-27 10:29 - 2015-08-27 10:29 - 00116032 _____ (ASUS Corporation) C:\WINDOWS\system32\Drivers\AsusSGDrv.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-20 19:28 - 2014-06-18 20:39 - 00000000 ___DO C:\Users\Melly\OneDrive
2015-09-20 19:28 - 2014-06-14 17:11 - 00000000 ___RD C:\Users\Melly\Dropbox
2015-09-20 19:28 - 2014-06-14 17:09 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Dropbox
2015-09-20 19:26 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-19 23:35 - 2014-04-19 09:48 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-19 23:22 - 2015-06-18 17:11 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001UA.job
2015-09-19 22:42 - 2014-06-14 23:12 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-19 22:22 - 2015-06-18 17:11 - 00001192 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001Core.job
2015-09-19 20:41 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-15 21:20 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\AppCompat
2015-09-14 21:55 - 2015-07-10 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-14 20:34 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-09-14 20:04 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-09-14 19:53 - 2014-06-16 21:09 - 00000000 __SHD C:\aws
2015-09-14 19:53 - 2013-12-13 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-09-14 19:53 - 2013-12-13 22:38 - 00000000 ____D C:\Program Files\Common Files\AWS
2015-09-14 19:53 - 2013-12-13 22:38 - 00000000 ____D C:\Program Files\ASUS
2015-09-14 19:42 - 2014-06-14 14:49 - 00000000 ____D C:\Users\Melly\AppData\Roaming\WebStorage
2015-09-14 19:33 - 2015-07-10 11:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-14 19:33 - 2015-07-10 08:59 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-14 19:27 - 2015-01-07 20:27 - 00000000 ____D C:\Users\Melly\AppData\Local\PackageStaging
2015-09-14 19:26 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-09-14 19:26 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-09-14 19:26 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-09-14 19:26 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-09-14 19:23 - 2014-04-19 10:02 - 00000000 ____D C:\Program Files\DIFX
2015-09-14 19:23 - 2014-04-19 09:56 - 00038112 _____ C:\WINDOWS\DPINST.LOG
2015-09-14 19:17 - 2015-07-10 11:53 - 00259720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-14 19:14 - 2015-07-10 10:28 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-09-14 19:10 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-09-14 19:10 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\de-DE
2015-09-14 18:45 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Windows NT
2015-09-14 18:45 - 2015-07-10 08:59 - 00000000 __RHD C:\Users\Default
2015-09-14 18:44 - 2015-07-10 11:53 - 00015698 _____ C:\WINDOWS\setupact.log
2015-09-14 18:42 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\rescache
2015-09-14 18:42 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Registration
2015-09-14 18:42 - 2014-06-14 14:48 - 00000000 ____D C:\WINDOWS\system32\NETGEAR
2015-09-14 18:36 - 2015-07-10 10:28 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-14 18:36 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-09-14 18:32 - 2015-07-10 10:29 - 00004362 _____ C:\WINDOWS\DtcInstall.log
2015-09-14 18:32 - 2015-07-10 08:59 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-14 18:32 - 2015-05-12 23:19 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-14 18:32 - 2015-05-12 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-14 18:32 - 2015-01-01 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-09-14 18:32 - 2014-11-22 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-14 18:32 - 2014-11-01 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-14 18:32 - 2014-10-03 20:04 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brettspielwelt
2015-09-14 18:32 - 2014-10-01 13:00 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-09-14 18:32 - 2014-09-09 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-09-14 18:32 - 2014-06-14 19:09 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-09-14 18:32 - 2014-06-14 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-09-14 18:32 - 2014-06-14 17:04 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dasher 4.11
2015-09-14 18:32 - 2014-06-14 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-14 18:32 - 2014-06-14 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-14 18:32 - 2013-08-22 08:21 - 00000000 ____D C:\Users\Default.migrated
2015-09-14 18:26 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-14 18:26 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-09-14 18:26 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-09-14 18:26 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-09-14 18:25 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Public
2015-09-14 18:25 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\InputMethod
2015-09-14 18:25 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Microsoft.NET
2015-09-14 18:25 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-14 18:23 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-09-14 17:25 - 2015-07-10 15:40 - 00000000 ___HD C:\$Windows.~BT
2015-09-13 22:34 - 2015-06-01 21:29 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-09-13 22:34 - 2014-12-13 15:10 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-13 12:49 - 2014-04-19 09:56 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-13 12:43 - 2014-06-14 18:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-09 02:31 - 2014-07-27 20:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-26 18:36 - 2014-07-27 20:53 - 132039072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-23 16:12 - 2014-06-14 16:32 - 00000000 ____D C:\Program Files\Microsoft Office 15
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-06-14 19:09 - 2014-06-14 19:10 - 11211264 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2013-12-13 22:38 - 2012-07-30 08:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2013-12-13 22:38 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-12-13 22:38 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Einige Dateien in TEMP:
====================
C:\Users\Melly\AppData\Local\Temp\avgnt.exe
C:\Users\Melly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8jki1g.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-14 18:15
==================== Ende vom FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:15-09-2015
durchgeführt von Melly (2015-09-20 19:33:35)
Gestartet von C:\Users\Melly\Downloads
Microsoft Windows 10 Home (X86) (2015-09-14 17:18:13)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1758828274-3236195225-1443054956-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1758828274-3236195225-1443054956-503 - Limited - Disabled)
Gast (S-1-5-21-1758828274-3236195225-1443054956-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1758828274-3236195225-1443054956-1003 - Limited - Enabled)
Melly (S-1-5-21-1758828274-3236195225-1443054956-1001 - Administrator - Enabled) => C:\Users\Melly
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 2.0.0 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.6 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BrettspielWelt (HKLM\...\BrettspielWelt) (Version: 1.0 - BrettspielWelt GmbH)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
Dasher 4.11 (HKLM\...\{BD8ECD28-2D32-11DF-8D17-000423472618}) (Version: 4.11 - The Dasher Project)
Dropbox (HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LastPass (Nur deinstallieren) (HKLM\...\LastPass) (Version: - LastPass)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - ASUS (AsusSGDrv) Mouse (07/07/2015 8.0.0.17) (HKLM\...\957A3BFBBA16065613E677D24C64785D717C6B05) (Version: 07/07/2015 8.0.0.17 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0254D69E-5E89-464C-8558-D59592DD2168} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {1B8B1182-214B-4036-B1C7-C6E4A26B8AEF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1BF6668A-E645-4941-98CE-19B3E6A33AF9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {232DFFC8-D233-4805-A993-F591FF224DF3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {3FEED5D4-8318-47FC-87E7-3A11CC43EE21} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {47D44576-2C7C-4202-BAFC-754496579C01} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {50FAE778-2887-4E3A-970D-42A212D6C034} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001UA => C:\Users\Melly\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {59D7B8CD-B25A-4513-94AD-65B032FD0ACB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {5A9DC0BD-FF6D-4E77-9CB4-D1920D97BD23} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001Core => C:\Users\Melly\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {5C6E24CC-AF35-4752-8669-3D0AED353FD3} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-12-23] (ASUSTek Computer INC.)
Task: {8833A671-7E38-4171-94F4-948C96820AE4} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2015-08-27] (AsusTek)
Task: {933B03FD-D4D0-42F4-9F06-F66D59448E66} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1758828274-3236195225-1443054956-1001
Task: {947EDF4A-F306-4323-805E-A734BBB521EB} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {9E8448A2-2678-4138-8A60-D8890F1D3F58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {A628B384-7A03-4C9A-A452-F56563357621} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CA427B08-9C27-460D-8213-05580A8AF116} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {CDA93F53-569E-4938-AD8A-EB6CE7FFF484} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {D2DE74CF-97B3-4F6B-8D7E-0766E00F97CF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {DAEF647E-C29D-4BA3-BC8A-9970572D6825} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {DF3D13C6-9815-49A0-ACB9-C2EEA6D4BF81} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {E61DF71D-AF38-42F2-9A25-662C5B1A6B07} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {EA8A500E-4AAA-4319-8458-C864031E397F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {EBA1F9FC-A53C-4C60-8BD8-AE4E816E20FA} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2015-09-14] ()
Task: {F4E21E3A-FD64-4217-AA2D-2D7D2D7991C9} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2015-09-14] ()
Task: {F51A26E6-87B2-4E54-9966-A2EAEBF967B4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {F992097E-75AB-4A00-B8AF-C743986E190D} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001Core.job => C:\Users\Melly\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001UA.job => C:\Users\Melly\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-10 10:24 - 2015-07-10 10:24 - 00025088 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-10 10:25 - 2015-07-10 10:25 - 00007680 _____ () C:\Windows\System32\WppRecorderUM.dll
2015-07-10 10:24 - 2015-07-10 10:24 - 00301056 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-23 20:49 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2015-07-10 10:24 - 2015-07-10 10:24 - 01768544 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-07-10 10:24 - 2015-07-10 10:24 - 01768544 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-19 20:40 - 2015-09-19 20:40 - 08685568 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.915.17170.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-07-10 10:25 - 2015-07-10 15:16 - 04321792 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 10:25 - 2015-07-10 15:16 - 00377856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-10 10:25 - 2015-07-10 15:16 - 01425920 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-18 16:48 - 2015-07-18 16:48 - 01020928 _____ () C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-07-10 10:24 - 2015-07-10 10:24 - 00288768 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2014-11-20 22:16 - 2014-11-20 22:16 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-20 22:14 - 2014-11-20 22:14 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-09-20 19:28 - 2015-09-20 19:28 - 00071168 _____ () c:\users\melly\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8jki1g.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00012800 _____ () C:\Users\Melly\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00779776 _____ () C:\Users\Melly\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-01 09:21 - 2015-08-05 07:26 - 00056320 _____ () C:\Users\Melly\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00012288 _____ () C:\Users\Melly\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Melly\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Melly\SkyDrive:ms-properties
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "PDFPrint"
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D91BE2CC-2443-4109-9F7C-A1442BA736F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{9389C989-21ED-426D-B034-F77359997D7C}C:\program files\danusoft\wifi hotspot creator\wifi hotspot creator.exe] => (Allow) C:\program files\danusoft\wifi hotspot creator\wifi hotspot creator.exe
FirewallRules: [TCP Query User{4172DC57-8D0A-4A24-ADE6-5DC0EF65C6F3}C:\program files\danusoft\wifi hotspot creator\wifi hotspot creator.exe] => (Allow) C:\program files\danusoft\wifi hotspot creator\wifi hotspot creator.exe
FirewallRules: [{A064BC24-600E-4CCE-8896-E3888F36A18E}] => (Allow) C:\Program Files\DanuSoft\WiFi HotSpot Creator\WiFi HotSpot Creator.exe
FirewallRules: [{7622EF65-3A0F-4D97-B380-4D770FB0ACC2}] => (Allow) C:\Program Files\DanuSoft\WiFi HotSpot Creator\WiFi HotSpot Creator.exe
FirewallRules: [UDP Query User{13802BFB-4126-4595-A9A9-D1A384270915}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [TCP Query User{F7778C84-05B2-4E90-830C-6C2D5F2ABFE2}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [UDP Query User{56FB906E-BDC6-450B-B2F6-8DDD39B5AD20}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{9A7D3958-DB12-4CD8-85A3-E161CCA575F1}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{570F83BC-3F5C-41BC-B92A-94C854019E40}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D26E8E3B-6250-4112-9D9A-2429F7A9298F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{FE06066F-9F23-43C9-9DBD-1DC71C47E3C2}C:\users\melly\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melly\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D391D3FA-D6E2-44E0-9F8C-9FAF477E4178}C:\users\melly\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melly\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BCA58C55-323D-48F0-AC6D-31A9033C6E08}C:\users\melly\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melly\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{CC19BD34-4611-4F1B-B406-50E80439588C}C:\users\melly\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melly\appdata\roaming\spotify\spotify.exe
FirewallRules: [{15D5CD1E-0245-4D4C-B0C6-D6D50A040D4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4CCE1B45-9F49-41A1-9651-87C11C0A14D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A94941F2-A997-4F31-9CFE-C0E14605D3EA}] => (Allow) C:\Users\Melly\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{71C0D762-EFA4-4856-AB88-B27F17E7A43B}] => (Allow) C:\Users\Melly\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{97346E65-83B0-43C7-802A-558641B62881}] => (Allow) C:\Users\Melly\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/20/2015 07:28:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BUMBLEBEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023169. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/18/2015 08:26:52 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1708) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/18/2015 08:26:52 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1708) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/18/2015 08:26:42 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1708) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/18/2015 08:26:42 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1708) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/18/2015 08:26:31 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1708) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/18/2015 08:26:31 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1708) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/18/2015 08:26:21 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1708) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/18/2015 08:26:21 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1708) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/18/2015 08:26:11 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1708) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Systemfehler:
=============
Error: (09/20/2015 07:30:36 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (09/19/2015 11:35:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/19/2015 11:35:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/19/2015 11:35:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_Session4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/19/2015 11:35:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/19/2015 08:41:51 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (09/19/2015 08:30:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (09/19/2015 08:11:16 PM) (Source: DCOM) (EventID: 10010) (User: BUMBLEBEE)
Description: {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
Error: (09/19/2015 08:11:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (09/19/2015 08:10:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Prozentuale Nutzung des RAM: 66%
Installierter physikalischer RAM: 1933.15 MB
Verfügbarer physikalischer RAM: 649.8 MB
Summe virtueller Speicher: 3149.15 MB
Verfügbarer virtueller Speicher: 1127.8 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:27.78 GB) (Free:2.42 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 7B9D6AF3)
Partition: GPT.
==================== Ende vom Addition.txt ============================
|
|
21.09.2015, 16:01
| #5 |
| /// the machine /// TB-Ausbilder | Unkontrollierter Mailversand von meiner web.de-Adresse hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.09.2015, 18:44
| #6 |
| | Unkontrollierter Mailversand von meiner web.de-Adresse Hier schon mal vom Tablet, da scheint alles okay zu sein: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.09.21.04
rootkit: v2015.09.18.01
Windows 10 x86 NTFS
Internet Explorer 11.0.10240.16384
Melly :: BUMBLEBEE [administrator]
21.09.2015 17:55:01
mbar-log-2015-09-21 (17-55-01).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 369970
Time elapsed: 15 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 18:17:40.0392 0x13e4 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
18:17:40.0392 0x13e4 UEFI system
18:18:35.0995 0x13e4 ============================================================
18:18:35.0995 0x13e4 Current date / time: 2015/09/21 18:18:35.0995
18:18:35.0995 0x13e4 SystemInfo:
18:18:35.0995 0x13e4
18:18:35.0995 0x13e4 OS Version: 10.0.10240 ServicePack: 0.0
18:18:35.0995 0x13e4 Product type: Workstation
18:18:35.0995 0x13e4 ComputerName: BUMBLEBEE
18:18:35.0995 0x13e4 UserName: Melly
18:18:36.0010 0x13e4 Windows directory: C:\WINDOWS
18:18:36.0010 0x13e4 System windows directory: C:\WINDOWS
18:18:36.0010 0x13e4 Processor architecture: Intel x86
18:18:36.0010 0x13e4 Number of processors: 4
18:18:36.0010 0x13e4 Page size: 0x1000
18:18:36.0010 0x13e4 Boot type: Normal boot
18:18:36.0010 0x13e4 ============================================================
18:18:36.0949 0x13e4 KLMD registered as C:\WINDOWS\system32\drivers\34563534.sys
18:18:37.0136 0x13e4 System UUID: {E4A358D9-71FB-CA0C-6578-668A0824A96D}
18:18:37.0777 0x13e4 !crdlk
18:18:37.0793 0x13e4 Drive \Device\Harddisk0\DR0 - Size: 0x748000000 ( 29.13 Gb ), SectorSize: 0x200, Cylinders: 0xEDA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:18:37.0793 0x13e4 ============================================================
18:18:37.0793 0x13e4 \Device\Harddisk0\DR0:
18:18:37.0793 0x13e4 Can't read MBR
18:18:37.0793 0x13e4 Initialize success
18:18:37.0793 0x13e4 ============================================================
18:19:35.0684 0x115c ============================================================
18:19:35.0684 0x115c Scan started
18:19:35.0684 0x115c Mode: Manual; SigCheck; TDLFS;
18:19:35.0684 0x115c ============================================================
18:19:35.0684 0x115c KSN ping started
18:19:38.0014 0x115c KSN ping finished: true
18:19:38.0436 0x115c ================ Scan system memory ========================
18:19:38.0436 0x115c System memory - ok
18:19:38.0436 0x115c ================ Scan services =============================
18:19:38.0498 0x115c 1394ohci - ok
18:19:38.0514 0x115c 3ware - ok
18:19:38.0529 0x115c ACPI - ok
18:19:38.0529 0x115c acpiex - ok
18:19:38.0545 0x115c acpipagr - ok
18:19:38.0561 0x115c AcpiPmi - ok
18:19:38.0576 0x115c acpitime - ok
18:19:38.0576 0x115c AdobeFlashPlayerUpdateSvc - ok
18:19:38.0592 0x115c ADP80XX - ok
18:19:38.0607 0x115c AFD - ok
18:19:38.0623 0x115c agp440 - ok
18:19:38.0639 0x115c ahcache - ok
18:19:38.0639 0x115c AJRouter - ok
18:19:38.0654 0x115c ALG - ok
18:19:38.0670 0x115c amdagp - ok
18:19:38.0670 0x115c AmdK8 - ok
18:19:38.0686 0x115c AmdPPM - ok
18:19:38.0701 0x115c amdsata - ok
18:19:38.0701 0x115c amdsbs - ok
18:19:38.0717 0x115c amdxata - ok
18:19:38.0732 0x115c AntiVirMailService - ok
18:19:38.0732 0x115c AntiVirSchedulerService - ok
18:19:38.0748 0x115c AntiVirService - ok
18:19:38.0764 0x115c AntiVirWebService - ok
18:19:38.0779 0x115c AppID - ok
18:19:38.0779 0x115c AppIDSvc - ok
18:19:38.0795 0x115c Appinfo - ok
18:19:38.0811 0x115c Apple Mobile Device - ok
18:19:38.0811 0x115c AppReadiness - ok
18:19:38.0826 0x115c AppXSvc - ok
18:19:38.0826 0x115c arcsas - ok
18:19:38.0842 0x115c AsHidService - ok
18:19:38.0857 0x115c ASLDRService - ok
18:19:38.0873 0x115c ASMMAP - ok
18:19:38.0873 0x115c AsusHID - ok
18:19:38.0889 0x115c AsusSGDrv - ok
18:19:38.0904 0x115c AsyncMac - ok
18:19:38.0904 0x115c atapi - ok
18:19:38.0920 0x115c ATKGFNEXSrv - ok
18:19:38.0936 0x115c ATKWMIACPIIO - ok
18:19:38.0936 0x115c AudioEndpointBuilder - ok
18:19:38.0951 0x115c Audiosrv - ok
18:19:38.0967 0x115c avgntflt - ok
18:19:38.0967 0x115c avipbb - ok
18:19:38.0982 0x115c Avira.ServiceHost - ok
18:19:38.0998 0x115c avkmgr - ok
18:19:38.0998 0x115c avnetflt - ok
18:19:39.0014 0x115c AxInstSV - ok
18:19:39.0029 0x115c BasicDisplay - ok
18:19:39.0029 0x115c BasicRender - ok
18:19:39.0045 0x115c BcmBtRSupport - ok
18:19:39.0061 0x115c bcmfn2 - ok
18:19:39.0076 0x115c BCMSDH43XX - ok
18:19:39.0076 0x115c BDESVC - ok
18:19:39.0092 0x115c Beep - ok
18:19:39.0107 0x115c BFE - ok
18:19:39.0107 0x115c BITS - ok
18:19:39.0123 0x115c Bonjour Service - ok
18:19:39.0139 0x115c bowser - ok
18:19:39.0139 0x115c BrokerInfrastructure - ok
18:19:39.0154 0x115c Browser - ok
18:19:39.0170 0x115c BthA2DP - ok
18:19:39.0170 0x115c BthAvrcpTg - ok
18:19:39.0186 0x115c BthEnum - ok
18:19:39.0201 0x115c BthHFEnum - ok
18:19:39.0201 0x115c bthhfhid - ok
18:19:39.0217 0x115c BthHFSrv - ok
18:19:39.0232 0x115c BthLEEnum - ok
18:19:39.0232 0x115c BthMini - ok
18:19:39.0248 0x115c BTHMODEM - ok
18:19:39.0264 0x115c BthPan - ok
18:19:39.0264 0x115c BTHPORT - ok
18:19:39.0279 0x115c bthserv - ok
18:19:39.0279 0x115c btwampfl - ok
18:19:39.0295 0x115c BtwSerialBus - ok
18:19:39.0311 0x115c buttonconverter - ok
18:19:39.0311 0x115c camera - ok
18:19:39.0326 0x115c CapImg - ok
18:19:39.0342 0x115c cdfs - ok
18:19:39.0342 0x115c CDPSvc - ok
18:19:39.0357 0x115c cdrom - ok
18:19:39.0373 0x115c CertPropSvc - ok
18:19:39.0373 0x115c circlass - ok
18:19:39.0389 0x115c CLFS - ok
18:19:39.0404 0x115c ClickToRunSvc - ok
18:19:39.0404 0x115c ClipSVC - ok
18:19:39.0436 0x115c CM3218x - ok
18:19:39.0436 0x115c CmBatt - ok
18:19:39.0451 0x115c CNG - ok
18:19:39.0467 0x115c cnghwassist - ok
18:19:39.0482 0x115c CompositeBus - ok
18:19:39.0482 0x115c COMSysApp - ok
18:19:39.0498 0x115c condrv - ok
18:19:39.0514 0x115c CoreMessagingRegistrar - ok
18:19:39.0529 0x115c cphs - ok
18:19:39.0529 0x115c CPLMACPI - ok
18:19:39.0545 0x115c CryptSvc - ok
18:19:39.0561 0x115c dam - ok
18:19:39.0576 0x115c DcomLaunch - ok
18:19:39.0592 0x115c DcpSvc - ok
18:19:39.0592 0x115c defragsvc - ok
18:19:39.0607 0x115c DeviceAssociationService - ok
18:19:39.0623 0x115c DeviceInstall - ok
18:19:39.0623 0x115c DevQueryBroker - ok
18:19:39.0639 0x115c Dfsc - ok
18:19:39.0654 0x115c Dhcp - ok
18:19:39.0654 0x115c diagnosticshub.standardcollector.service - ok
18:19:39.0670 0x115c DiagTrack - ok
18:19:39.0686 0x115c disk - ok
18:19:39.0686 0x115c DmEnrollmentSvc - ok
18:19:39.0701 0x115c dmvsc - ok
18:19:39.0717 0x115c dmwappushservice - ok
18:19:39.0717 0x115c Dnscache - ok
18:19:39.0733 0x115c dot3svc - ok
18:19:39.0748 0x115c DPS - ok
18:19:39.0764 0x115c DptfDevAmbient - ok
18:19:39.0764 0x115c DptfDevDBPT - ok
18:19:39.0780 0x115c DptfDevDisplay - ok
18:19:39.0795 0x115c DptfDevGen - ok
18:19:39.0795 0x115c DptfDevProc - ok
18:19:39.0811 0x115c DptfManager - ok
18:19:39.0826 0x115c DptfParticipantProcessorService - ok
18:19:39.0826 0x115c DptfPolicyCriticalService - ok
18:19:39.0842 0x115c DptfPolicyLpmService - ok
18:19:39.0858 0x115c drmkaud - ok
18:19:39.0858 0x115c DsmSvc - ok
18:19:39.0873 0x115c DsSvc - ok
18:19:39.0889 0x115c DXGKrnl - ok
18:19:39.0889 0x115c EapHost - ok
18:19:39.0905 0x115c EFS - ok
18:19:39.0920 0x115c EhStorClass - ok
18:19:39.0920 0x115c EhStorTcgDrv - ok
18:19:39.0936 0x115c embeddedmode - ok
18:19:39.0951 0x115c EntAppSvc - ok
18:19:39.0951 0x115c ErrDev - ok
18:19:39.0983 0x115c EventSystem - ok
18:19:39.0983 0x115c exfat - ok
18:19:39.0998 0x115c fastfat - ok
18:19:40.0014 0x115c Fax - ok
18:19:40.0014 0x115c fcvsc - ok
18:19:40.0030 0x115c fdc - ok
18:19:40.0030 0x115c fdPHost - ok
18:19:40.0045 0x115c FDResPub - ok
18:19:40.0061 0x115c fhsvc - ok
18:19:40.0061 0x115c FileCrypt - ok
18:19:40.0076 0x115c FileInfo - ok
18:19:40.0092 0x115c Filetrace - ok
18:19:40.0092 0x115c flpydisk - ok
18:19:40.0108 0x115c FltMgr - ok
18:19:40.0123 0x115c FontCache - ok
18:19:40.0123 0x115c FontCache3.0.0.0 - ok
18:19:40.0139 0x115c FsDepends - ok
18:19:40.0155 0x115c Fs_Rec - ok
18:19:40.0155 0x115c fvevol - ok
18:19:40.0170 0x115c gagp30kx - ok
18:19:40.0186 0x115c GEARAspiWDM - ok
18:19:40.0186 0x115c gencounter - ok
18:19:40.0201 0x115c genericusbfn - ok
18:19:40.0217 0x115c GPIO - ok
18:19:40.0217 0x115c GPIOClx0101 - ok
18:19:40.0233 0x115c GpioVirtual - ok
18:19:40.0248 0x115c gpsvc - ok
18:19:40.0248 0x115c GpuEnergyDrv - ok
18:19:40.0264 0x115c HDAudBus - ok
18:19:40.0280 0x115c HidBatt - ok
18:19:40.0280 0x115c HidBth - ok
18:19:40.0295 0x115c hidi2c - ok
18:19:40.0311 0x115c hidinterrupt - ok
18:19:40.0311 0x115c HidIr - ok
18:19:40.0326 0x115c hidserv - ok
18:19:40.0342 0x115c HIDSwitch - ok
18:19:40.0342 0x115c HidUsb - ok
18:19:40.0358 0x115c HomeGroupListener - ok
18:19:40.0373 0x115c HomeGroupProvider - ok
18:19:40.0373 0x115c HpSAMD - ok
18:19:40.0389 0x115c HTTP - ok
18:19:40.0405 0x115c hwpolicy - ok
18:19:40.0405 0x115c hyperkbd - ok
18:19:40.0420 0x115c HyperVideo - ok
18:19:40.0436 0x115c i8042prt - ok
18:19:40.0436 0x115c iaioi2c - ok
18:19:40.0451 0x115c iaiouart - ok
18:19:40.0467 0x115c iaStorA - ok
18:19:40.0467 0x115c iaStorAV - ok
18:19:40.0483 0x115c iaStorV - ok
18:19:40.0498 0x115c icssvc - ok
18:19:40.0498 0x115c IEEtwCollectorService - ok
18:19:40.0514 0x115c igfx - ok
18:19:40.0530 0x115c igfxCUIService1.0.0.0 - ok
18:19:40.0530 0x115c IKEEXT - ok
18:19:40.0545 0x115c intaud_WaveExtensible - ok
18:19:40.0561 0x115c Intel(R) Capability Licensing Service Interface - ok
18:19:40.0576 0x115c Intel(R) Capability Licensing Service TCP IP Interface - ok
18:19:40.0576 0x115c intelide - ok
18:19:40.0592 0x115c intelpep - ok
18:19:40.0608 0x115c intelppm - ok
18:19:40.0608 0x115c IntelSST - ok
18:19:40.0623 0x115c INVN_MotionApps - ok
18:19:40.0639 0x115c IoQos - ok
18:19:40.0639 0x115c IpFilterDriver - ok
18:19:40.0655 0x115c iphlpsvc - ok
18:19:40.0670 0x115c IPMIDRV - ok
18:19:40.0670 0x115c IPNAT - ok
18:19:40.0686 0x115c iPod Service - ok
18:19:40.0702 0x115c IRENUM - ok
18:19:40.0702 0x115c isapnp - ok
18:19:40.0717 0x115c iScsiPrt - ok
18:19:40.0733 0x115c iwdbus - ok
18:19:40.0733 0x115c jhi_service - ok
18:19:40.0748 0x115c kbdclass - ok
18:19:40.0764 0x115c kbdhid - ok
18:19:40.0764 0x115c kdnic - ok
18:19:40.0780 0x115c KeyIso - ok
18:19:40.0795 0x115c KSecDD - ok
18:19:40.0795 0x115c KSecPkg - ok
18:19:40.0811 0x115c KtmRm - ok
18:19:40.0827 0x115c LanmanServer - ok
18:19:40.0827 0x115c LanmanWorkstation - ok
18:19:40.0842 0x115c lfsvc - ok
18:19:40.0858 0x115c LicenseManager - ok
18:19:40.0858 0x115c lltdio - ok
18:19:40.0873 0x115c lltdsvc - ok
18:19:40.0889 0x115c lmhosts - ok
18:19:40.0905 0x115c LSI_SAS - ok
18:19:40.0905 0x115c LSI_SAS2i - ok
18:19:40.0920 0x115c LSI_SAS3i - ok
18:19:40.0936 0x115c LSI_SSS - ok
18:19:40.0936 0x115c LSM - ok
18:19:40.0952 0x115c luafv - ok
18:19:40.0967 0x115c MapsBroker - ok
18:19:40.0967 0x115c MBI - ok
18:19:40.0983 0x115c megasas - ok
18:19:40.0998 0x115c megasr - ok
18:19:40.0998 0x115c MMCSS - ok
18:19:41.0014 0x115c Modem - ok
18:19:41.0030 0x115c monitor - ok
18:19:41.0045 0x115c mouclass - ok
18:19:41.0045 0x115c mouhid - ok
18:19:41.0061 0x115c mountmgr - ok
18:19:41.0061 0x115c MozillaMaintenance - ok
18:19:41.0077 0x115c mpsdrv - ok
18:19:41.0092 0x115c MpsSvc - ok
18:19:41.0108 0x115c MRxDAV - ok
18:19:41.0108 0x115c mrxsmb - ok
18:19:41.0123 0x115c mrxsmb10 - ok
18:19:41.0139 0x115c mrxsmb20 - ok
18:19:41.0139 0x115c MsBridge - ok
18:19:41.0155 0x115c MSDTC - ok
18:19:41.0170 0x115c Msfs - ok
18:19:41.0186 0x115c msgpiowin32 - ok
18:19:41.0202 0x115c mshidkmdf - ok
18:19:41.0202 0x115c mshidumdf - ok
18:19:41.0217 0x115c msisadrv - ok
18:19:41.0217 0x115c MSiSCSI - ok
18:19:41.0233 0x115c msiserver - ok
18:19:41.0248 0x115c MSKSSRV - ok
18:19:41.0248 0x115c MsLldp - ok
18:19:41.0264 0x115c MSPCLOCK - ok
18:19:41.0280 0x115c MSPQM - ok
18:19:41.0295 0x115c MsRPC - ok
18:19:41.0311 0x115c mssmbios - ok
18:19:41.0327 0x115c MSTEE - ok
18:19:41.0327 0x115c MT9M114 - ok
18:19:41.0342 0x115c MTConfig - ok
18:19:41.0358 0x115c Mup - ok
18:19:41.0358 0x115c mvumis - ok
18:19:41.0373 0x115c NativeWifiP - ok
18:19:41.0389 0x115c NcaSvc - ok
18:19:41.0405 0x115c NcbService - ok
18:19:41.0405 0x115c NcdAutoSetup - ok
18:19:41.0420 0x115c NDIS - ok
18:19:41.0436 0x115c NdisCap - ok
18:19:41.0436 0x115c NdisImPlatform - ok
18:19:41.0452 0x115c NdisTapi - ok
18:19:41.0467 0x115c Ndisuio - ok
18:19:41.0467 0x115c NdisVirtualBus - ok
18:19:41.0483 0x115c NdisWan - ok
18:19:41.0498 0x115c ndiswanlegacy - ok
18:19:41.0498 0x115c ndproxy - ok
18:19:41.0514 0x115c Ndu - ok
18:19:41.0530 0x115c NetBIOS - ok
18:19:41.0545 0x115c NetBT - ok
18:19:41.0545 0x115c Netlogon - ok
18:19:41.0561 0x115c Netman - ok
18:19:41.0577 0x115c netprofm - ok
18:19:41.0577 0x115c NetSetupSvc - ok
18:19:41.0592 0x115c NetTcpPortSharing - ok
18:19:41.0608 0x115c netvsc - ok
18:19:41.0623 0x115c NgcCtnrSvc - ok
18:19:41.0623 0x115c NgcSvc - ok
18:19:41.0639 0x115c NlaSvc - ok
18:19:41.0655 0x115c Npfs - ok
18:19:41.0655 0x115c npsvctrig - ok
18:19:41.0670 0x115c nsi - ok
18:19:41.0686 0x115c nsiproxy - ok
18:19:41.0702 0x115c NTFS - ok
18:19:41.0702 0x115c Null - ok
18:19:41.0717 0x115c nvraid - ok
18:19:41.0733 0x115c nvstor - ok
18:19:41.0733 0x115c nv_agp - ok
18:19:41.0748 0x115c OneSyncSvc - ok
18:19:41.0764 0x115c ose - ok
18:19:41.0780 0x115c p2pimsvc - ok
18:19:41.0795 0x115c p2psvc - ok
18:19:41.0795 0x115c Parport - ok
18:19:41.0811 0x115c partmgr - ok
18:19:41.0827 0x115c Parvdm - ok
18:19:41.0827 0x115c PcaSvc - ok
18:19:41.0842 0x115c pci - ok
18:19:41.0858 0x115c pciide - ok
18:19:41.0858 0x115c pcmcia - ok
18:19:41.0873 0x115c pcw - ok
18:19:41.0889 0x115c pdc - ok
18:19:41.0889 0x115c PEAuth - ok
18:19:41.0905 0x115c percsas2i - ok
18:19:41.0920 0x115c percsas3i - ok
18:19:41.0952 0x115c PimIndexMaintenanceSvc - ok
18:19:41.0967 0x115c pla - ok
18:19:41.0967 0x115c PlugPlay - ok
18:19:41.0983 0x115c PMIC - ok
18:19:41.0998 0x115c PNRPAutoReg - ok
18:19:41.0998 0x115c PNRPsvc - ok
18:19:42.0014 0x115c PolicyAgent - ok
18:19:42.0030 0x115c Power - ok
18:19:42.0045 0x115c PptpMiniport - ok
18:19:42.0045 0x115c PrintNotify - ok
18:19:42.0061 0x115c Processor - ok
18:19:42.0077 0x115c ProfSvc - ok
18:19:42.0077 0x115c Psched - ok
18:19:42.0092 0x115c QWAVE - ok
18:19:42.0108 0x115c QWAVEdrv - ok
18:19:42.0108 0x115c RasAcd - ok
18:19:42.0123 0x115c RasAgileVpn - ok
18:19:42.0139 0x115c RasAuto - ok
18:19:42.0139 0x115c Rasl2tp - ok
18:19:42.0155 0x115c RasMan - ok
18:19:42.0170 0x115c RasPppoe - ok
18:19:42.0170 0x115c RasSstp - ok
18:19:42.0186 0x115c rdbss - ok
18:19:42.0202 0x115c rdpbus - ok
18:19:42.0217 0x115c RDPDR - ok
18:19:42.0233 0x115c RdpVideoMiniport - ok
18:19:42.0248 0x115c rdyboost - ok
18:19:42.0248 0x115c RemoteAccess - ok
18:19:42.0264 0x115c RemoteRegistry - ok
18:19:42.0280 0x115c RetailDemo - ok
18:19:42.0280 0x115c RFCOMM - ok
18:19:42.0295 0x115c RpcEptMapper - ok
18:19:42.0311 0x115c RpcLocator - ok
18:19:42.0311 0x115c RpcSs - ok
18:19:42.0327 0x115c rspndr - ok
18:19:42.0342 0x115c rtii2sac - ok
18:19:42.0342 0x115c s3cap - ok
18:19:42.0358 0x115c SamSs - ok
18:19:42.0373 0x115c sbp2port - ok
18:19:42.0373 0x115c SCardSvr - ok
18:19:42.0389 0x115c ScDeviceEnum - ok
18:19:42.0405 0x115c scfilter - ok
18:19:42.0405 0x115c Schedule - ok
18:19:42.0420 0x115c SCPolicySvc - ok
18:19:42.0436 0x115c sdbus - ok
18:19:42.0436 0x115c SDRSVC - ok
18:19:42.0452 0x115c sdstor - ok
18:19:42.0467 0x115c seclogon - ok
18:19:42.0467 0x115c SENS - ok
18:19:42.0483 0x115c SensorDataService - ok
18:19:42.0498 0x115c SensorService - ok
18:19:42.0514 0x115c SensrSvc - ok
18:19:42.0514 0x115c SerCx - ok
18:19:42.0530 0x115c SerCx2 - ok
18:19:42.0545 0x115c Serenum - ok
18:19:42.0545 0x115c Serial - ok
18:19:42.0561 0x115c sermouse - ok
18:19:42.0592 0x115c SessionEnv - ok
18:19:42.0592 0x115c sfloppy - ok
18:19:42.0608 0x115c SharedAccess - ok
18:19:42.0623 0x115c ShellHWDetection - ok
18:19:42.0639 0x115c sisagp - ok
18:19:42.0639 0x115c SiSRaid2 - ok
18:19:42.0655 0x115c SiSRaid4 - ok
18:19:42.0671 0x115c smphost - ok
18:19:42.0671 0x115c SmsRouter - ok
18:19:42.0702 0x115c SNMPTRAP - ok
18:19:42.0702 0x115c spaceport - ok
18:19:42.0718 0x115c SpbCx - ok
18:19:42.0733 0x115c Spooler - ok
18:19:42.0733 0x115c sppsvc - ok
18:19:42.0749 0x115c srv - ok
18:19:42.0764 0x115c srv2 - ok
18:19:42.0764 0x115c srvnet - ok
18:19:42.0780 0x115c SSDPSRV - ok
18:19:42.0796 0x115c ssmdrv - ok
18:19:42.0796 0x115c SstpSvc - ok
18:19:42.0811 0x115c StateRepository - ok
18:19:42.0827 0x115c stexstor - ok
18:19:42.0843 0x115c StiSvc - ok
18:19:42.0843 0x115c storahci - ok
18:19:42.0858 0x115c storflt - ok
18:19:42.0874 0x115c stornvme - ok
18:19:42.0874 0x115c storqosflt - ok
18:19:42.0889 0x115c StorSvc - ok
18:19:42.0905 0x115c storufs - ok
18:19:42.0905 0x115c storvsc - ok
18:19:42.0921 0x115c svsvc - ok
18:19:42.0936 0x115c swenum - ok
18:19:42.0936 0x115c swprv - ok
18:19:42.0952 0x115c Synth3dVsc - ok
18:19:42.0968 0x115c SysMain - ok
18:19:42.0968 0x115c SystemEventsBroker - ok
18:19:42.0983 0x115c TabletInputService - ok
18:19:42.0999 0x115c TapiSrv - ok
18:19:42.0999 0x115c Tcpip - ok
18:19:43.0014 0x115c Tcpip6 - ok
18:19:43.0030 0x115c tcpipreg - ok
18:19:43.0046 0x115c tdx - ok
18:19:43.0061 0x115c terminpt - ok
18:19:43.0061 0x115c TermService - ok
18:19:43.0077 0x115c Themes - ok
18:19:43.0093 0x115c tiledatamodelsvc - ok
18:19:43.0108 0x115c TimeBroker - ok
18:19:43.0108 0x115c TPM - ok
18:19:43.0124 0x115c TrkWks - ok
18:19:43.0139 0x115c TrustedInstaller - ok
18:19:43.0155 0x115c TsUsbFlt - ok
18:19:43.0155 0x115c TsUsbGD - ok
18:19:43.0171 0x115c tunnel - ok
18:19:43.0186 0x115c TXEI - ok
18:19:43.0186 0x115c uagp35 - ok
18:19:43.0202 0x115c UASPStor - ok
18:19:43.0218 0x115c UcmCx0101 - ok
18:19:43.0218 0x115c UcmUcsi - ok
18:19:43.0233 0x115c Ucx01000 - ok
18:19:43.0249 0x115c UdeCx - ok
18:19:43.0249 0x115c udfs - ok
18:19:43.0264 0x115c UEFI - ok
18:19:43.0280 0x115c Ufx01000 - ok
18:19:43.0280 0x115c UfxChipidea - ok
18:19:43.0296 0x115c ufxsynopsys - ok
18:19:43.0311 0x115c UI0Detect - ok
18:19:43.0327 0x115c uliagpkx - ok
18:19:43.0343 0x115c umbus - ok
18:19:43.0343 0x115c UmPass - ok
18:19:43.0358 0x115c UmRdpService - ok
18:19:43.0374 0x115c UnistoreSvc - ok
18:19:43.0389 0x115c upnphost - ok
18:19:43.0405 0x115c UrsChipidea - ok
18:19:43.0405 0x115c UrsCx01000 - ok
18:19:43.0421 0x115c UrsSynopsys - ok
18:19:43.0436 0x115c usbccgp - ok
18:19:43.0436 0x115c usbcir - ok
18:19:43.0452 0x115c usbehci - ok
18:19:43.0452 0x115c usbhub - ok
18:19:43.0468 0x115c USBHUB3 - ok
18:19:43.0483 0x115c usbohci - ok
18:19:43.0483 0x115c usbprint - ok
18:19:43.0499 0x115c usbser - ok
18:19:43.0514 0x115c USBSTOR - ok
18:19:43.0530 0x115c usbuhci - ok
18:19:43.0530 0x115c USBXHCI - ok
18:19:43.0546 0x115c UserDataSvc - ok
18:19:43.0561 0x115c UserManager - ok
18:19:43.0577 0x115c UsoSvc - ok
18:19:43.0577 0x115c VaultSvc - ok
18:19:43.0593 0x115c vdrvroot - ok
18:19:43.0608 0x115c vds - ok
18:19:43.0608 0x115c VerifierExt - ok
18:19:43.0624 0x115c vhdmp - ok
18:19:43.0639 0x115c vhf - ok
18:19:43.0639 0x115c viaagp - ok
18:19:43.0655 0x115c ViaC7 - ok
18:19:43.0671 0x115c vmbus - ok
18:19:43.0671 0x115c VMBusHID - ok
18:19:43.0686 0x115c vmicguestinterface - ok
18:19:43.0702 0x115c vmicheartbeat - ok
18:19:43.0718 0x115c vmickvpexchange - ok
18:19:43.0718 0x115c vmicrdv - ok
18:19:43.0733 0x115c vmicshutdown - ok
18:19:43.0749 0x115c vmictimesync - ok
18:19:43.0749 0x115c vmicvmsession - ok
18:19:43.0764 0x115c vmicvss - ok
18:19:43.0780 0x115c volmgr - ok
18:19:43.0780 0x115c volmgrx - ok
18:19:43.0796 0x115c volsnap - ok
18:19:43.0811 0x115c vsmraid - ok
18:19:43.0811 0x115c VSS - ok
18:19:43.0827 0x115c VSTXRAID - ok
18:19:43.0843 0x115c vwifibus - ok
18:19:43.0843 0x115c vwififlt - ok
18:19:43.0858 0x115c vwifimp - ok
18:19:43.0874 0x115c W32Time - ok
18:19:43.0874 0x115c WacomPen - ok
18:19:43.0889 0x115c WalletService - ok
18:19:43.0905 0x115c wanarp - ok
18:19:43.0905 0x115c wanarpv6 - ok
18:19:43.0921 0x115c wbengine - ok
18:19:43.0936 0x115c WbioSrvc - ok
18:19:43.0936 0x115c Wcmsvc - ok
18:19:43.0952 0x115c wcncsvc - ok
18:19:43.0968 0x115c WcsPlugInService - ok
18:19:43.0968 0x115c WdBoot - ok
18:19:43.0983 0x115c Wdf01000 - ok
18:19:43.0999 0x115c WdFilter - ok
18:19:44.0014 0x115c WdiServiceHost - ok
18:19:44.0014 0x115c WdiSystemHost - ok
18:19:44.0030 0x115c wdiwifi - ok
18:19:44.0030 0x115c WdNisDrv - ok
18:19:44.0046 0x115c WdNisSvc - ok
18:19:44.0061 0x115c WebClient - ok
18:19:44.0077 0x115c Wecsvc - ok
18:19:44.0077 0x115c WEPHOSTSVC - ok
18:19:44.0093 0x115c wercplsupport - ok
18:19:44.0108 0x115c WerSvc - ok
18:19:44.0108 0x115c wfpcapture - ok
18:19:44.0124 0x115c WFPLWFS - ok
18:19:44.0139 0x115c WiaRpc - ok
18:19:44.0139 0x115c WIMMount - ok
18:19:44.0155 0x115c WinDefend - ok
18:19:44.0171 0x115c WindowsTrustedRT - ok
18:19:44.0186 0x115c WindowsTrustedRTProxy - ok
18:19:44.0202 0x115c WinHttpAutoProxySvc - ok
18:19:44.0202 0x115c winmgmt - ok
18:19:44.0218 0x115c WinRM - ok
18:19:44.0233 0x115c WINUSB - ok
18:19:44.0249 0x115c WlanSvc - ok
18:19:44.0264 0x115c wlidsvc - ok
18:19:44.0264 0x115c WmiAcpi - ok
18:19:44.0280 0x115c wmiApSrv - ok
18:19:44.0296 0x115c WMPNetworkSvc - ok
18:19:44.0311 0x115c Wof - ok
18:19:44.0327 0x115c workfolderssvc - ok
18:19:44.0327 0x115c wpcfltr - ok
18:19:44.0343 0x115c WPDBusEnum - ok
18:19:44.0358 0x115c WpdUpFltr - ok
18:19:44.0358 0x115c WpnService - ok
18:19:44.0374 0x115c ws2ifsl - ok
18:19:44.0389 0x115c wscsvc - ok
18:19:44.0389 0x115c WSDPrintDevice - ok
18:19:44.0405 0x115c WSDScan - ok
18:19:44.0421 0x115c WSearch - ok
18:19:44.0436 0x115c WSService - ok
18:19:44.0452 0x115c wuauserv - ok
18:19:44.0452 0x115c WudfPf - ok
18:19:44.0468 0x115c WUDFRd - ok
18:19:44.0483 0x115c wudfsvc - ok
18:19:44.0483 0x115c WwanSvc - ok
18:19:44.0499 0x115c XblAuthManager - ok
18:19:44.0499 0x115c XblGameSave - ok
18:19:44.0514 0x115c xboxgip - ok
18:19:44.0530 0x115c XboxNetApiSvc - ok
18:19:44.0546 0x115c xinputhid - ok
18:19:44.0546 0x115c ================ Scan global ===============================
18:19:44.0561 0x115c [ Global ] - ok
18:19:44.0561 0x115c ================ Scan MBR ==================================
18:19:44.0561 0x115c [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:19:44.0608 0x115c \Device\Harddisk0\DR0 - ok
18:19:44.0608 0x115c ================ Scan VBR ==================================
18:19:44.0608 0x115c ================ Scan generic autorun ======================
18:19:44.0608 0x115c DptfPolicyLpmServiceHelper - ok
18:19:44.0608 0x115c IgfxTray - ok
18:19:44.0608 0x115c RtkNGUI - ok
18:19:44.0608 0x115c avgnt - ok
18:19:44.0624 0x115c PDFPrint - ok
18:19:44.0624 0x115c Avira SystrayStartTrigger - ok
18:19:44.0624 0x115c iTunesHelper - ok
18:19:44.0640 0x115c QuickTime Task - ok
18:19:44.0640 0x115c OneDriveSetup - ok
18:19:44.0640 0x115c OneDriveSetup - ok
18:19:44.0655 0x115c Spotify Web Helper - ok
18:19:44.0655 0x115c Dropbox Update - ok
18:19:44.0655 0x115c OneDrive - ok
18:19:44.0671 0x115c OneDriveSetup - ok
18:19:44.0671 0x115c WAB Migrate - ok
18:19:44.0718 0x115c AV detected via SS2: Avira Antivirus, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.12.420 ), 0x41000 ( enabled : updated )
18:19:44.0733 0x115c AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x60100 ( disabled : updated )
18:19:44.0749 0x115c Win FW state via NFP2: enabled ( trusted )
18:19:47.0125 0x115c ============================================================
18:19:47.0125 0x115c Scan finished
18:19:47.0125 0x115c ============================================================
18:19:47.0157 0x150c Detected object count: 0
18:19:47.0157 0x150c Actual detected object count: 0
Beim Laptop hat etwas länger gedauert, weil sich mbar im Schritt Scannen von Registry und Directory aufgehängt hatte. Beim zweiten Versuch ging es dann aber durch. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.09.21.05
rootkit: v2015.09.18.01
Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16431
Toshiba :: TOSHIBA-PC [administrator]
21.09.2015 18:42:18
mbar-log-2015-09-21 (18-42-18).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 401602
Time elapsed: 35 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\ProgramData\Comodo\Cis\Quarantine\data\{F84E999D-B2E3-4E72-B991-7B6E0630F12D} (Spyware.Password) -> Delete on reboot. [0c7db67c66253ef8e803b7664fb26799]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 19:34:04.0195 0x1600 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
19:34:07.0598 0x1600 ============================================================
19:34:07.0598 0x1600 Current date / time: 2015/09/21 19:34:07.0598
19:34:07.0598 0x1600 SystemInfo:
19:34:07.0598 0x1600
19:34:07.0598 0x1600 OS Version: 10.0.10240 ServicePack: 0.0
19:34:07.0598 0x1600 Product type: Workstation
19:34:07.0598 0x1600 ComputerName: TOSHIBA-PC
19:34:07.0599 0x1600 UserName: Toshiba
19:34:07.0599 0x1600 Windows directory: C:\WINDOWS
19:34:07.0599 0x1600 System windows directory: C:\WINDOWS
19:34:07.0599 0x1600 Running under WOW64
19:34:07.0599 0x1600 Processor architecture: Intel x64
19:34:07.0599 0x1600 Number of processors: 1
19:34:07.0599 0x1600 Page size: 0x1000
19:34:07.0599 0x1600 Boot type: Normal boot
19:34:07.0599 0x1600 ============================================================
19:34:08.0138 0x1600 KLMD registered as C:\WINDOWS\system32\drivers\91406135.sys
19:34:08.0597 0x1600 System UUID: {956A4369-251C-86B6-E489-BDBAD6B9FE8D}
19:34:09.0652 0x1600 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x764A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
19:34:09.0667 0x1600 ============================================================
19:34:09.0667 0x1600 \Device\Harddisk0\DR0:
19:34:09.0675 0x1600 MBR partitions:
19:34:09.0675 0x1600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC350151
19:34:09.0700 0x1600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC3501CF, BlocksNum 0x10E74FC1
19:34:09.0700 0x1600 ============================================================
19:34:09.0744 0x1600 C: <-> \Device\Harddisk0\DR0\Partition1
19:34:09.0804 0x1600 D: <-> \Device\Harddisk0\DR0\Partition2
19:34:09.0804 0x1600 ============================================================
19:34:09.0804 0x1600 Initialize success
19:34:09.0804 0x1600 ============================================================
19:34:22.0267 0x0c94 ============================================================
19:34:22.0267 0x0c94 Scan started
19:34:22.0267 0x0c94 Mode: Manual; SigCheck; TDLFS;
19:34:22.0268 0x0c94 ============================================================
19:34:22.0268 0x0c94 KSN ping started
19:34:24.0691 0x0c94 KSN ping finished: true
19:34:27.0293 0x0c94 ================ Scan system memory ========================
19:34:27.0293 0x0c94 System memory - ok
19:34:27.0301 0x0c94 ================ Scan services =============================
19:34:27.0523 0x0c94 [ 22CE801AD25C51E2553F41A076BB0CB2, 0520216417F1619FB642734EC937C59D5E79A24306C1E9B793C82FAE077851E6 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
19:34:27.0694 0x0c94 1394ohci - ok
19:34:27.0754 0x0c94 [ 2C49A2441EBB24C6ACFB524C1459115F, 0ABACB6F21C41C0297994E61F1BFABB3905AF6B569D0446FE8E174EB9225B8EF ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
19:34:27.0779 0x0c94 3ware - ok
19:34:27.0838 0x0c94 [ B87D3D07FE6F15328C6860D542F0E2BD, 46CF069EDD7DBFB4DB800BABA3081DAB363DD2CFD724AFF5916D3419F62A3574 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
19:34:27.0902 0x0c94 ACPI - ok
19:34:27.0928 0x0c94 [ 1E3C4EDBB7F3F668B7205E351010BB79, A3CA12F72836C4F77B671264828B370B9EBA9CD71110E2C0514994760B6B12FF ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
19:34:27.0948 0x0c94 acpiex - ok
19:34:27.0988 0x0c94 [ 13B1C26AEDCB40082CDD97506F968129, 883442206B4C60AA493E84CC3037B6C1568441E1F43D2B1FCBFD8D87D135D511 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
19:34:28.0051 0x0c94 acpipagr - ok
19:34:28.0097 0x0c94 [ B3D64FF927D611721DA73A61BF3A18B3, 96B51AFDC3078B5088AAF66F0CF3E07D2FCBBC84A19D309A25DF0A5C6CECB958 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
19:34:28.0146 0x0c94 AcpiPmi - ok
19:34:28.0176 0x0c94 [ 19F793B2203D94AC1F8AEDB08B494E2E, DC98CCF9935E1F1C32FA88575A9A678B74916EFF48E39A64CF1FF92232F64A52 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
19:34:28.0238 0x0c94 acpitime - ok
19:34:28.0333 0x0c94 [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:34:28.0382 0x0c94 Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
19:34:30.0758 0x0c94 Detect skipped due to KSN trusted
19:34:30.0758 0x0c94 Adobe LM Service - ok
19:34:30.0865 0x0c94 [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:34:30.0885 0x0c94 AdobeARMservice - ok
19:34:31.0058 0x0c94 [ 2A24E10C1A1DE0E0035E353EED494A1C, CBBFA86578BE74CAADDCA923D65E3BFFC57BC17B887936ADE5C6952530546A22 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
19:34:31.0151 0x0c94 ADP80XX - ok
19:34:31.0213 0x0c94 [ 6C12C7E01A4F64E0AA9C88AF66955CC9, 81A413702909341F8694823EC83FBA0089523D7EC927B80E55E0779BB83AD263 ] AFD C:\WINDOWS\system32\drivers\afd.sys
19:34:31.0274 0x0c94 AFD - ok
19:34:31.0313 0x0c94 [ EF09D07626820F7F89519514C17FE768, C3EC1DC163CD5946270ED876CD414889BBF2C586A8AF5DC7825FA5D77001E827 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
19:34:31.0331 0x0c94 agp440 - ok
19:34:31.0383 0x0c94 [ 8A289EF0721F95267BF2404BABEE146D, E263D258F03DF3BB405D49AE7230C37E7EB8F392FDEE48059C7C1E3709520D35 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
19:34:31.0449 0x0c94 ahcache - ok
19:34:31.0499 0x0c94 [ C301499987AF909258774AE9DC5778BB, 3ED539C999847116AE9DB9C8C5A34AB09703BAE3018E1EAF6DBC779BB6736F32 ] AJRouter C:\WINDOWS\System32\AJRouter.dll
19:34:31.0551 0x0c94 AJRouter - ok
19:34:31.0590 0x0c94 [ DD69535D379F9E40AD0D6002887AAA99, 579DD18CE2B264B4058C6069B8AEE6FD9FE6A882B7DA19E300DFE40B37A4E5BE ] ALG C:\WINDOWS\System32\alg.exe
19:34:31.0628 0x0c94 ALG - ok
19:34:31.0673 0x0c94 [ 7FE59496114A48A64E98E3218664A3E6, 1C11EE3686CB7F57783A5A5F56CCED71F61A46B26B0F4C4D04B1B37E8AC5A7D1 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
19:34:31.0752 0x0c94 AMD External Events Utility - ok
19:34:31.0797 0x0c94 [ 6763084E8322A4876D1613854640F914, 89EEEB47517A9964FA799821E5E45BDD6009EBDC628D6DADE6A7F03DE7CDA6CD ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
19:34:31.0859 0x0c94 AmdK8 - ok
19:34:32.0463 0x0c94 [ E66C25946B3D9268D8E10D3769CF4719, C273A59D3A29549E3C8BBF896015CA0E5D64A4ECCD6C2FF360927773DA736022 ] amdkmdag C:\WINDOWS\system32\DRIVERS\atikmdag.sys
19:34:33.0253 0x0c94 amdkmdag - ok
19:34:33.0331 0x0c94 [ D1D66D1D42E53B53AFC7598058E71796, 12A1C8D895891F89745493091174D3FF5A9953F21427E7E1BE1120DA762E0CBD ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
19:34:33.0439 0x0c94 amdkmdap - ok
19:34:33.0468 0x0c94 [ DE29D8AB57AD67D4940CAB4A48B3E230, 4E92AFCD9107573DAB8E65AC6318E4B8851DCCBE17E135DFF8CF5733210B52E6 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
19:34:33.0527 0x0c94 AmdPPM - ok
19:34:33.0562 0x0c94 [ 4C1F9BBAF5CCD76D4642F3B92B97B454, 514CCAA8B586B1019658BE101046386EB727AD48D7913AEF9A168763E91F0DE5 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
19:34:33.0598 0x0c94 amdsata - ok
19:34:33.0659 0x0c94 [ F8195C1A15955180DD663E7FF4C2F6DD, F3C0C6B38FB9478217EE25EBDBDF7A18F01B97655BC38373E70E71171705D5E9 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
19:34:33.0699 0x0c94 amdsbs - ok
19:34:33.0743 0x0c94 [ DD2F5BBCFAC4D8E48DB1A95A7EEBFF08, 619E3106072C6F785144D785C4AFB4C607CAF7ED29AAA4A1411BE262E62B7ADE ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
19:34:33.0767 0x0c94 amdxata - ok
19:34:33.0848 0x0c94 [ E4AFE476D9F758514A8A571DF6A24372, A37055A2CDB577CC8B76D4B020924A6C68D94166C1C9A64F7C0E9E16692709FC ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll
19:34:33.0889 0x0c94 AppHostSvc - ok
19:34:33.0922 0x0c94 [ 46AAF119090573A80D603745582229ED, 8D7C4AED66DD32A104965DC23D17C0815CD1BE2E3D52375C1A63863664EE174F ] AppID C:\WINDOWS\system32\drivers\appid.sys
19:34:33.0942 0x0c94 AppID - ok
19:34:33.0982 0x0c94 [ 24315B385F515D6D5476757EAFD62633, CE645397BF43CC54B864A0E4FCB86F76C10B9C2D2482E85DBBE15EF7BF045F17 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
19:34:34.0018 0x0c94 AppIDSvc - ok
19:34:34.0040 0x0c94 [ 2CE396457D5C18F034D243EC7E159010, DDF588A568DF5EAE058DF315535BD746760363E2242EF8C705F8DCBA2D5DA4A7 ] Appinfo C:\WINDOWS\System32\appinfo.dll
19:34:34.0083 0x0c94 Appinfo - ok
19:34:34.0135 0x0c94 [ 68AF553066C4DAE7D8698322526BDA86, 806A5228D204B18B3B9F88AB87B5918046BE96D1B3AEFEC9331CA7A483547486 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:34:34.0196 0x0c94 AppMgmt - ok
19:34:34.0249 0x0c94 [ A8AC0B8ED134888731D1A1BCEF930FA1, 917D2C99CB28C5F20BA386148B6A93541AEF900A9A99D310D732B501322945E5 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
19:34:34.0305 0x0c94 AppReadiness - ok
19:34:34.0596 0x0c94 [ 4F9CBB4B6FC2D9D0EAC8234343BAA29D, 5A01B55B3D63C3E1593C9E4B653C4D63CAEFBBEB2847D3EBAD4DB3BABA39DE50 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
19:34:34.0768 0x0c94 AppXSvc - ok
19:34:34.0797 0x0c94 [ 0756EECAC010BE449D07502DF27E7701, 6A895CA80050D021DB5E130102F626027339A22673B7C15C51A375C0401F03D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
19:34:34.0817 0x0c94 arcsas - ok
19:34:34.0925 0x0c94 [ BD63768F58666341BE007DAA21B3A063, 1D6112E97042E19E4D916AA22F8AEB7FCC2F36CA45F55049D77042DAF3B8847C ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:34:34.0973 0x0c94 aspnet_state - ok
19:34:35.0002 0x0c94 [ A5792F971EFE86B7F56EE7299ED1082B, 82DCD15E2C9D8A3EA663941C9CE73020FEEF2F91354D0BB51E8A142AA1E30217 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
19:34:35.0043 0x0c94 AsyncMac - ok
19:34:35.0080 0x0c94 [ 8921DF6060DB5C7700AA48CB12E9EA08, 8F18841B454CDE4926C50B23F818D00ECE0AE884DB198E396445CB44CB39B2C4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
19:34:35.0094 0x0c94 atapi - ok
19:34:35.0190 0x0c94 [ 240FF83DD79546B26F187FAB20F83864, C4DC0159016B4A4630357131E614814C068D07BEA94AAF6393E882A78C9FCA1E ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
19:34:35.0247 0x0c94 AudioEndpointBuilder - ok
19:34:35.0440 0x0c94 [ 5D6D5DA39A402AE7B05047781699ABDE, E3E4A7BA6E92190F9D9D6AD9AE084E293D2E271089CA78503AD72D7F39492459 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
19:34:35.0526 0x0c94 Audiosrv - ok
19:34:35.0596 0x0c94 [ 2F7F80543129210CA75995D0DCA488E8, 353E598FF26FA363C02A2B44BA8D7D1ED97B8AC8C69F1B5C5D521BD0D5D5AB94 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
19:34:35.0645 0x0c94 AxInstSV - ok
19:34:35.0717 0x0c94 [ 00D64E82900E4EC9062805ED87C2D75A, 577110F9A7C6C2C4CF86FFF4F60E23F61623ED325FC950033900A5102754A677 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
19:34:35.0751 0x0c94 b06bdrv - ok
19:34:35.0784 0x0c94 [ 5164A66EC1565711A7B4CF2F143B4979, DA29F0FB63F3EB2BF92D51FEB4BB7D2B964553D2F634556325953927464CB3A5 ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
19:34:35.0814 0x0c94 BasicDisplay - ok
19:34:35.0838 0x0c94 [ F4C58BBF2972BD84C73F6A14CA35AC4E, B7A226EB861B63ACF4BF9B5A331ACA6FFC9B787DCCAA7697EEFC4F634508A6D5 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
19:34:35.0875 0x0c94 BasicRender - ok
19:34:35.0916 0x0c94 [ 25349D0B334E528667980948ED107D89, 70EF9D3B8DCAC6E9720C6F3EBC77392FADC182A6925F9024FE30A21321E0137F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
19:34:35.0936 0x0c94 bcmfn2 - ok
19:34:35.0982 0x0c94 [ DF78B56EEE6004DEE8CE57763128075E, 5758CAF4B0182F3F2E2508B3BB58B0271F2689808D09675B2753FE373D1D77D2 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
19:34:36.0052 0x0c94 BDESVC - ok
19:34:36.0098 0x0c94 [ 1E8A9267F8886803AAE02982FC1B5BC4, 655DF84E037BD6E582A6BA89737A4388956219171AF7253D126E54A23F16BE59 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:34:36.0126 0x0c94 Beep - ok
19:34:36.0197 0x0c94 [ 7FAFFFC4C59F5010D6E7CEA152076B92, 945FD6C04E109D4E5A4164BAA9A8120EC85AB809555AAD83E61B9F179F976FD7 ] BFE C:\WINDOWS\System32\bfe.dll
19:34:36.0257 0x0c94 BFE - ok
19:34:36.0331 0x0c94 [ BD60F5633F6BD617D9ECCA3FFDC0D37E, 2F0DECAEB7096CD628387263381E123C883F483BD87F7F2BA6DEFBB5A184BAA3 ] BITS C:\WINDOWS\System32\qmgr.dll
19:34:36.0444 0x0c94 BITS - ok
19:34:36.0466 0x0c94 [ C9FD65687EF89715999C582D3E568812, 42BA59A78A47C510CB2AFDC6C6080B33F9F611F84FEE5262DFF16D7633C50EB1 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
19:34:36.0502 0x0c94 bowser - ok
19:34:36.0555 0x0c94 [ EB4F4B88DF20C7B134F33A64EFD56BED, 7C32485FDDEEA23760DF24FC9576FBA11330C5BBA9053869FDAA9AD8A16B1610 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
19:34:36.0597 0x0c94 BrokerInfrastructure - ok
19:34:36.0620 0x0c94 [ 2AAD720B32904B97EDD8C3211344F79E, 41B1AEA5FAA48033B2581E18D68EFC986C3D65B383847E250C054CE3133A893C ] Browser C:\WINDOWS\System32\browser.dll
19:34:36.0659 0x0c94 Browser - ok
19:34:36.0700 0x0c94 [ F8DD3B0EAC1EF1D087AE47E5819540AC, 866C951B52E3202AC89552AEA72A45123367199335578F03815E2ED55DA2FDAE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
19:34:36.0735 0x0c94 BthAvrcpTg - ok
19:34:36.0771 0x0c94 [ 647E2A425AD43637EAA01096A58B7089, 8F76D024FEBCBA1AC54363133DE1E0DD5B9D696E5E688EFEBC3B79F7F1B9C568 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
19:34:36.0813 0x0c94 BthHFEnum - ok
19:34:36.0836 0x0c94 [ B95040CAD3434D9EE003065363A0FAFF, D441E0676EA1AE1ABC305732024311CA59715E6763B3D7ADB728DEEFC403E182 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
19:34:36.0873 0x0c94 bthhfhid - ok
19:34:36.0939 0x0c94 [ F334BF7B0737CEB3B6822631EAD55A87, 4E5AEB1F8E109BA01A5D1CDE2E3C677FF07F2AFE8B195CB5F82AA28816D2060E ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
19:34:36.0984 0x0c94 BthHFSrv - ok
19:34:37.0008 0x0c94 [ 29AEE352AED4FCD2191436D263D75347, 3D21262EA26BF423BFA4A9146E53F8B036B2A1157DBE91A11C5603AF7A670B6F ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
19:34:37.0054 0x0c94 BTHMODEM - ok
19:34:37.0086 0x0c94 [ 26DD0127A05B333E36316E6EA9A6AAE2, A2DC4483FF5639EE8DD315AB2989865CA6A6992C578FD7F7D31698A015355941 ] bthserv C:\WINDOWS\system32\bthserv.dll
19:34:37.0115 0x0c94 bthserv - ok
19:34:37.0142 0x0c94 [ F34AD5A9F944D91BD285D1C29EEECB2B, 2EDA8C481B7F7F49AC8399485AE7C2D182568EE2E62394DC78C9A821ADAEA5EC ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
19:34:37.0178 0x0c94 buttonconverter - ok
19:34:37.0220 0x0c94 [ A10A1E05A943B10ECE5D57D131B7404D, 71BB816B6841001A4305DF1814926B639265E91895CA5D06284B0970E40CE386 ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
19:34:37.0259 0x0c94 CapImg - ok
19:34:37.0273 0x0c94 [ F2829DC6D292DCAC5029893BB2E9FEE3, AF2A25722D3BE37BABD1F6668786AAF39E9D6CA18CE8E845E63266E218C64526 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
19:34:37.0318 0x0c94 cdfs - ok
19:34:37.0362 0x0c94 [ F3A9E38AE23AD4015764AF89E4AE3519, 57ED6AC834177E128720FEC5B5793F35C7C36474E2D787F182B6730933222CC9 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
19:34:37.0398 0x0c94 CDPSvc - ok
19:34:37.0433 0x0c94 [ CA160E02F35A61C6F5C681FB4669C519, E6BC66156EE226F16804C4FDC8A60EB15CE6212EAFB9FB841FAC899979E140E2 ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
19:34:37.0471 0x0c94 cdrom - ok
19:34:37.0510 0x0c94 [ 320E7A02D81A468E8C1FEEFDB856AFAE, E65127D3D6B628F9D19EA509FEBD9E4DC1BF20D0C62C3C9E1D7087DF972B2AA7 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
19:34:37.0559 0x0c94 CertPropSvc - ok
19:34:37.0593 0x0c94 [ 60D7D304DF75DFF6A46CF633F583B592, 4141D8D1C6FE829C02053DA91AC6B0628BDEB3322CAAD4AD958190F9D173340E ] circlass C:\WINDOWS\System32\drivers\circlass.sys
19:34:37.0620 0x0c94 circlass - ok
19:34:37.0703 0x0c94 [ FF9D4BCE19E5D36CB3A845A3286DA6C3, A0E2C38D629359EEC6F8EEC6F92A3E571AEF018BAF259F395DC497ED4827460B ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
19:34:37.0743 0x0c94 CLFS - ok
19:34:37.0878 0x0c94 [ 5C4648673693724C8D4A1A92E1AA06E6, 5D548241715687BFA52E40B867EF73CB45D01B7F9A9B7F00B92BF2B4C97BE1D0 ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
19:34:37.0929 0x0c94 ClipSVC - ok
19:34:37.0968 0x0c94 [ 8EBA63416EC166EBA6EF6D34A505D8C8, 5EB0236ABEA2277B71D9F009DA71934C618606B20BBEC07B8595195E40C12A2B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
19:34:37.0997 0x0c94 CmBatt - ok
19:34:38.0536 0x0c94 [ 848B4EBA6C41F33D8B26B909A612BEBD, 3AC44D6A2B864DA9A17D6AB5581257359E961C4AFC627080C3168C8B5D65A00D ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:34:38.0853 0x0c94 cmdAgent - ok
19:34:38.0911 0x0c94 [ 8E88EC3F2FF186D5995AF57D6EE61116, C5131ECA70E478CBBC4A0691B1A4C2894894AFAB2DAF6E2C2871C21FCDA2F26E ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
19:34:38.0920 0x0c94 cmderd - ok
19:34:38.0987 0x0c94 [ 24C48CCEC97E786ED8022C3B93864054, 13C367CC78EB486D87D91842EF26D3AC67C1F639AE764A11C544B168738804B5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
19:34:39.0031 0x0c94 cmdGuard - ok
19:34:39.0050 0x0c94 [ 6D3300E1E4A633426F49B17164E8BD40, FB49B9165DD142847E941247FDB0F5F7AFBD42DBE5B4F4D91EA13E7735B1CDFE ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
19:34:39.0058 0x0c94 cmdHlp - ok
19:34:39.0218 0x0c94 [ 7906367DCA033F747F7F0426A9F7C97E, 855BCFF8F71C692AA9B15B0378C4C257104078F0D435F3649C84A1068B568FAB ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
19:34:39.0358 0x0c94 cmdvirth - ok
19:34:39.0425 0x0c94 [ 3B64DA873CEA5BEC42570BFF1054A014, 3649B25855CB9BE5BA3B3FEE4221575381FB2D488B8B050B5DD0088386AA0F7B ] CNG C:\WINDOWS\system32\Drivers\cng.sys
19:34:39.0466 0x0c94 CNG - ok
19:34:39.0493 0x0c94 [ 5EEA0856000F81B3D709BC81B3AA1EF2, C04E4E31D3FC38102BA410D312F58AF848920EE37004A5C306D79229C9B6079A ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
19:34:39.0509 0x0c94 cnghwassist - ok
19:34:39.0623 0x0c94 [ 74CD3BF688E2B408227FE012A2F2D8ED, CC01AC79CEB9DC94FA5675D66F048928C9968B8944E34F5482A73C14B70EE8A8 ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
19:34:39.0702 0x0c94 CompositeBus - ok
19:34:39.0713 0x0c94 COMSysApp - ok
19:34:39.0741 0x0c94 [ D38774D1D383A2CDB9A4F64B7206913B, 6CDDC46D1D431342F00CA537FC327B23B8AA4D513CEEEE61F3E19C77975DF9C8 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
19:34:39.0804 0x0c94 condrv - ok
19:34:39.0936 0x0c94 [ 5C2C63BC5CE4A753C16CED512F91A04D, 4ACFA702B4CD7E30525D9595533E6B8EACBFF7F38EE7A05E8AC087BB229AD9D4 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
19:34:39.0997 0x0c94 CoreMessagingRegistrar - ok
19:34:40.0039 0x0c94 [ 35DB06AACD8AD5999161DA71FF0E16F0, 22AD27811AAD14666ACEF4115447B0CFAA70D1E73923059FB2A9B4C3CBE500A6 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
19:34:40.0084 0x0c94 CryptSvc - ok
19:34:40.0119 0x0c94 [ 838755238B2BAE5A4802B038443B8A22, 1A89E413C6E5C3E8C2B64F8A1D41271D3FA39BC67291331FEC8DCFD4F8CCE994 ] CSC C:\WINDOWS\system32\drivers\csc.sys
19:34:40.0173 0x0c94 CSC - ok
19:34:40.0239 0x0c94 [ 7D64B14DAFEBBC19A87EC9D5B862F6AA, BE7510E618566FEA013E2E77CE4C7C160BADE105C493424595A15D0A7F1615CF ] CscService C:\WINDOWS\System32\cscsvc.dll
19:34:40.0308 0x0c94 CscService - ok
19:34:40.0358 0x0c94 [ F038EAF73AAB72A4A89185A5A7B9FD75, 8213A60B3BEAFC1C554C5D049DFE3C6E44CEFE639EDD6A335AC18A9DAEDA2D4B ] dam C:\WINDOWS\system32\drivers\dam.sys
19:34:40.0403 0x0c94 dam - ok
19:34:40.0495 0x0c94 [ 5E57B9FBB4E9C43EE5B69BEE01A1819F, A1F8D1E52AF446CEA2EB50064E3A24B713B19197D61C3EAECB81B3CCD80558E7 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:34:40.0580 0x0c94 DcomLaunch - ok
19:34:40.0624 0x0c94 [ 0605AB12BF1856DF21AB708F28EA91CF, 3A6A7F8F84044DC1EA490A007E6DBC52203BA237ECF1B845961D9BB95E9BF8C8 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
19:34:40.0670 0x0c94 DcpSvc - ok
19:34:40.0717 0x0c94 [ BABB7BB5AD3CECFF466E6080F43CFC58, 1B8FF66557EC4C749156ED6DACC4D61D5DC4E25DD58F6DB3713C356214B80FDA ] defragsvc C:\WINDOWS\System32\defragsvc.dll
19:34:40.0778 0x0c94 defragsvc - ok
19:34:40.0826 0x0c94 [ 63C9464B165D31ACC46B6B089AB36B41, DE38DE4E6331D07630B63224F8014C27368C29791EDB58CC5DAE7CBACD37160A ] DeviceAssociationService C:\WINDOWS\system32\das.dll
19:34:40.0878 0x0c94 DeviceAssociationService - ok
19:34:40.0925 0x0c94 [ 7B3DA16FAA498838BB457E0B7E380EDF, B73DCFFA60886F10765E4B76A58CFF18C08CAFEE620700361FC8FEC7E80B5958 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
19:34:40.0984 0x0c94 DeviceInstall - ok
19:34:41.0026 0x0c94 [ CF3895DD260ADE05BC91D8FBE0A82907, D7D8A29E873BE5C3832C9264F0165F6CD50D42ED0E04B0FCF07F054793092334 ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
19:34:41.0067 0x0c94 DevQueryBroker - ok
19:34:41.0104 0x0c94 [ 25435407D97419627F4B10653433BF2B, 5429B0DB7C5302E9A6AF92C046637183D4147D4A206963ABEA3A611214D6AB04 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
19:34:41.0143 0x0c94 Dfsc - ok
19:34:41.0198 0x0c94 [ E59C209F1F633C1AEAF151B2CA46BBAA, 6A4DA927418B56A228CC8D9DFA3351B2B53A9328F5C56C10F0C7B19974B2ED89 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
19:34:41.0256 0x0c94 Dhcp - ok
19:34:41.0309 0x0c94 [ 95AA7877FD4161BFBC8493F9279B1901, F6B7DF75D763A89901BD12454BEF92D161B392F721B8568505073929D9F419BD ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
19:34:41.0339 0x0c94 diagnosticshub.standardcollector.service - ok
19:34:41.0433 0x0c94 [ 58395E37ED838B93A56F1D089C2F53CF, 57D167B58DF5B33F7E2A98E1B8B33C8F076D34CA032D22F050AE6F83A48DC8E6 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
19:34:41.0518 0x0c94 DiagTrack - ok
19:34:41.0544 0x0c94 [ FDCD449AE9E75D7690593D16ADAF4DB4, 3366C4BDB031EB525F85850E903C46802A2AC762C0772C6F6E543DDA4AF1E9D5 ] disk C:\WINDOWS\system32\drivers\disk.sys
19:34:41.0562 0x0c94 disk - ok
19:34:41.0604 0x0c94 [ 8E481EDF066552D551613EC9FE7D179F, 96E955CA82B4CDEC00ED08003FDC8DD61E685F421912EDBF7B0DA740048416F9 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
19:34:41.0670 0x0c94 DmEnrollmentSvc - ok
19:34:41.0708 0x0c94 [ F10A8F6D036CEDD14A5471782C52F041, E0DA3C4F76DBBEAED549375E57819F8825B33A118F7674D417D294054863F648 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
19:34:41.0741 0x0c94 dmvsc - ok
19:34:41.0782 0x0c94 [ 7228733177F673B4D51BD1AA082D47C1, DBE155CDCFAA7C32407A207F637F252FA0CE30F1DE7E7DBEC42DB37FADB5BFA7 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
19:34:41.0822 0x0c94 dmwappushservice - ok
19:34:41.0860 0x0c94 [ 592E41B3C11CA12203D3708AD8FC3D37, 6C69D5D603FBF038C069EDDCE29F7C6A60CAAE58B985AB218E1497F2BA934D42 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:34:41.0901 0x0c94 Dnscache - ok
19:34:41.0943 0x0c94 [ 6184C7A2F12625C108AEFD3A43429967, 689153F319BB1013FF60F71317E8380A6945EEE8141EDBDD6B185A966E23BB93 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
19:34:41.0992 0x0c94 dot3svc - ok
19:34:42.0034 0x0c94 [ A616D8297C1BEA690BBC796736A7A78D, 9365470F4609606410AD79D98E1E77D815DC7C5AA924FB639FCF713EE8EDEA76 ] DPS C:\WINDOWS\system32\dps.dll
19:34:42.0084 0x0c94 DPS - ok
19:34:42.0127 0x0c94 [ 45771610FF181434073B5A0A00F20F8D, 6A17DB09AA6D021F000F7315317235E1FCF41FD58EA7DF81A7C9F5A6DE999984 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:34:42.0141 0x0c94 drmkaud - ok
19:34:42.0184 0x0c94 [ 00D9A948FB7344C62CEBED88E50EE39A, EF33FE7FB34DE571F3956C1F7AC8EFAA25BFD9F3AFA3ECD25DD34C5890873245 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
19:34:42.0252 0x0c94 DsmSvc - ok
19:34:42.0287 0x0c94 [ F2328181D289CE83E9979733EAB6742A, 73B1CDA6ED8C42B36126909F1335B72126A5DDC6FC7CE8BA2CA274A2B92E82FD ] DsSvc C:\WINDOWS\System32\DsSvc.dll
19:34:42.0328 0x0c94 DsSvc - ok
19:34:42.0427 0x0c94 [ 310334DAF2C455744703E2D582942DF3, C25C42B4C5BA3456DCB2C24546D7E38A9F5321992B81138A8BDCE021C4BE6D13 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
19:34:42.0522 0x0c94 DXGKrnl - ok
19:34:42.0568 0x0c94 [ 6E36BDBB46DF7F865D0DD30663AE3891, 98967B01EA450AD4D5FE8085F710359C022D783B839A51BD4A266718156B01EB ] Eaphost C:\WINDOWS\System32\eapsvc.dll
19:34:42.0608 0x0c94 Eaphost - ok
19:34:42.0791 0x0c94 [ 3070013B01EDA42C7EB67D731340C396, C083CA05650750876E70CB6AB51D5C047C06098C2ED86B083A74C97830247BFC ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
19:34:42.0959 0x0c94 ebdrv - ok
19:34:43.0001 0x0c94 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] EFS C:\WINDOWS\System32\lsass.exe
19:34:43.0019 0x0c94 EFS - ok
19:34:43.0060 0x0c94 [ 59EE187E333EE9914DD9BEA5F4E0D85D, E34BB8075E38FC6AEC056323C6E3B5B4E7041EE6F4D51699B706DEEA18BDB911 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
19:34:43.0077 0x0c94 EhStorClass - ok
19:34:43.0110 0x0c94 [ 9297F1CC486F24BDFD2874156AC5430F, 1AF8689ADE4E658FC9418F7886B6C19F7D005EAB2AEF9B0E14FC81C61A74CECF ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
19:34:43.0129 0x0c94 EhStorTcgDrv - ok
19:34:43.0171 0x0c94 [ 9E8FF6B95FD420FA9E40BE548E5C8D92, 8825B81418335D03CFAADB792C1466023C459BE489ACACBD6686FFB544F22D30 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
19:34:43.0224 0x0c94 embeddedmode - ok
19:34:43.0289 0x0c94 [ DC2F91EAE9A28FA8C6610A9B7701B70D, 480DB509BF944AAC3617594F1245B4603069DE39186BC1FA7EDB8E0536B05E79 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
19:34:43.0364 0x0c94 EntAppSvc - ok
19:34:43.0384 0x0c94 [ F7FCCA6300485EF60CEA6D991D6C8C78, 24080D80CF1FD678DF4C9CAE70F65F8D9232F5F6A6F2B73A77B5E3C91E6505F3 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
19:34:43.0411 0x0c94 ErrDev - ok
19:34:43.0481 0x0c94 [ 2093F65AA84478E28C8E9D05BC413845, 086D4E0D4B993F4041AA8A9DCBEEDB53BD05B88E2BEFB218837FB10FACDF4233 ] EventSystem C:\WINDOWS\system32\es.dll
19:34:43.0544 0x0c94 EventSystem - ok
19:34:43.0595 0x0c94 [ DCCDC3F35F0618692117DF90800A4284, B636B2A39AE89A9C2CDE17EC52DA669DA8AA9E2B04CA5CA19926DA8009655244 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
19:34:43.0652 0x0c94 exfat - ok
19:34:43.0685 0x0c94 [ 435FC0D25ADFD1A2FBA8C98BD4D79E23, F89D02518923D5AAB4A63686F26EE6118584AA9641D2C0B5B1AE4A728D5C06A4 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
19:34:43.0713 0x0c94 fastfat - ok
19:34:43.0771 0x0c94 [ 046FC9CF53A91E2FBA498CA7B0C3B028, BCFB06DF53065706DD6287E8C47BF5047F8A1E33981E1881E6ED7510337F5BC8 ] Fax C:\WINDOWS\system32\fxssvc.exe
19:34:43.0876 0x0c94 Fax - ok
19:34:43.0921 0x0c94 [ 4E4B7D935DBF522B2F23D3573596181D, 9D0EC9F65920EE0FFFB2D49C58E4D5151C8CEEB7AA82543D226E4B84EEE4B3F0 ] fcvsc C:\WINDOWS\System32\drivers\fcvsc.sys
19:34:43.0953 0x0c94 fcvsc - ok
19:34:43.0982 0x0c94 [ 583EB1C7690E361213BBD0472155128B, 5F5871490A6DAC4A824F4428941AC86FBFA9AA349B99B5D9544E5D62EB459FA8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
19:34:44.0009 0x0c94 fdc - ok
19:34:44.0055 0x0c94 [ 94B1A46EDD335F0C54C7BDAFC43348E6, 58073D58D0BE7389C2A4736AFE108835E5AE9C9950FF630644F585C99B964043 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
19:34:44.0100 0x0c94 fdPHost - ok
19:34:44.0125 0x0c94 [ BC855BB7DFE06F27F78E0EB2A8CCB70D, D16C3DAB99C16B077BA5DA5E9E0646B0B9237B00ABAE867D9F81A2D072D583B1 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
19:34:44.0164 0x0c94 FDResPub - ok
19:34:44.0216 0x0c94 [ F1125F20D56F28DDCD1A6F3E81EB4F5F, A6620ECCB15FAA70E4A43ADA4CE82CF97D708B6FA07F3FAED276359E7F92FD0F ] fhsvc C:\WINDOWS\system32\fhsvc.dll
19:34:44.0263 0x0c94 fhsvc - ok
19:34:44.0289 0x0c94 [ CDFD81CACE0E11596A3BB61EC4CF6467, 569FA86A215B054131AA9AFEECFEE7FD7143DCFFE275B84196004AEA538B2476 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
19:34:44.0321 0x0c94 FileCrypt - ok
19:34:44.0349 0x0c94 [ 3F02FEDAE894CBF4BAADDF8C8E1D53A8, DA32ABB1CDA867B8456C46F8581FA7F3A8D8B89D9F6E7422F51941D5FFA15B13 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
19:34:44.0367 0x0c94 FileInfo - ok
19:34:44.0388 0x0c94 [ 2824933386E30DE5BA089DF539CE19A3, 7B33E514576C68B444AE99CBA1360EBFAE8A46EEE5C01F4EE4CF471A712AB148 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
19:34:44.0414 0x0c94 Filetrace - ok
19:34:44.0438 0x0c94 [ 6A598249640F8BEDD79EC73917E1664F, A675238EA19E6632CDEB4EEFF7CF509EAAEF76AD8DFD247664E5607555D9CEE1 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
19:34:44.0456 0x0c94 flpydisk - ok
19:34:44.0494 0x0c94 [ 44B6A6832134DF651E887E941478CA35, FCF4EB726D00F5A17DD66C81CFDA49427281C94CF9CA2008397D591AEA61AE05 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:34:44.0522 0x0c94 FltMgr - ok
19:34:44.0689 0x0c94 [ C197284A9D565A38497733AF2BDFA111, C6615AF0D366C2DD6D431B073901EED02D49AA3F252230735DBB52A90BCFA833 ] FontCache C:\WINDOWS\system32\FntCache.dll
19:34:44.0843 0x0c94 FontCache - ok
19:34:44.0912 0x0c94 [ 109AACC7FB0170535F71491F673AFD38, 212B6761ABBAC29993DA0A47C3DDE8074EA9E5A8FFA8FF6EAB95AC69D8FDD5A0 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:34:44.0925 0x0c94 FontCache3.0.0.0 - ok
19:34:45.0001 0x0c94 [ 3F3B9E8CECD5604BC7746EF3A852EB67, 51AF62A9563379266C0C873E82F55427900032DFD7AC3EBDCDF77F8F8DE91A5D ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
19:34:45.0027 0x0c94 FsDepends - ok
19:34:45.0052 0x0c94 [ A60583221C7BB7CEC35C63285A297BE1, 3C842FBEAD1FA2BD8D37B2B0E8EDF77F4F50508C56FB25DFA81DE9679090D51D ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:34:45.0068 0x0c94 Fs_Rec - ok
19:34:45.0112 0x0c94 [ 58013A50225174EEF1410E37795D7908, F8E557CA4110ABB203192DEAF59D91A5FEF2A5EA394637276DAB7F4D2E7BFA39 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
19:34:45.0151 0x0c94 fvevol - ok
19:34:45.0183 0x0c94 [ 0DAAE3EFCE00133AB3E383A36C47CDAF, 9145665F4F0575F951803AAFAA1A7DC0FAA35430CAE7D90E902074D60D6F4C62 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
19:34:45.0199 0x0c94 gagp30kx - ok
19:34:45.0410 0x0c94 [ 898F20847EFAFA91EB8936D39A9B6F7D, 6BE43ADC7094016B555623F474D70E091751628C0A19A9C2D6C706B0487795D7 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
19:34:45.0447 0x0c94 Garmin Device Interaction Service - ok
19:34:45.0492 0x0c94 [ F59155B95D01C08F9ED774B626B504A1, EF0FCF35AD9CD5E5D695F0C064244D2B327E7FB10FD7CBB0586253EC75562918 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
19:34:45.0558 0x0c94 gencounter - ok
19:34:45.0592 0x0c94 [ AE24452F55C6F1784CBD7489D0CDDB02, 4E13C51CBF30A8662B1180AC74E968CFC428B6EA7931F09357E7D120063D4823 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
19:34:45.0645 0x0c94 genericusbfn - ok
19:34:45.0686 0x0c94 [ 96F0D3A583A91B634EE2AC2507356EDC, 43D2575F33D28F61C13D2DCF358BFA9DCEAE276C83152DBE7AE2020A66929CD9 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
19:34:45.0706 0x0c94 GPIOClx0101 - ok
19:34:45.0794 0x0c94 [ E50CE978F571B900D9A7E2F1C5BCC070, EA14873A5F1B700D7CDBE55B9D214DC457262866A90D80B3E8325A8EB7932CE7 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
19:34:45.0886 0x0c94 gpsvc - ok
19:34:45.0915 0x0c94 [ BA2455D93BD57989A04FE4094AA6F941, B579FB367C063EA30C034381148410D49D38E183A5A4D51D2334A81DAEE95CEC ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
19:34:45.0958 0x0c94 GpuEnergyDrv - ok
19:34:45.0985 0x0c94 [ C277A49F8A8295840DEBC9240B75A282, 8B2BA0E6A8300323765D95ECD843105B0FC4B80B85EE2220E677C4E9A760C9D8 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
19:34:46.0014 0x0c94 HDAudBus - ok
19:34:46.0056 0x0c94 [ D5A57EF4822A0388352FFF9F5CD53495, 509F365386859157E9078821FAA56D2A3C0BA296CA129E0D42453428A14687A5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
19:34:46.0085 0x0c94 HidBatt - ok
19:34:46.0132 0x0c94 [ 39575B53EB80C77FF2A3F1449D00B7F5, 37E66B38BACE00AFEF7093F990A234399D8451A9D2C2C8CBECAB69C664E63EA6 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
19:34:46.0177 0x0c94 HidBth - ok
19:34:46.0207 0x0c94 [ 35C3B602664116E737FF729F9A7156AD, 7A3C5CAD716E819CC53405971F3ACD135BCF023EC2228C1095E2116BCC384E62 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
19:34:46.0228 0x0c94 hidi2c - ok
19:34:46.0252 0x0c94 [ C4ABE526BBF2A18E8AF70177FBAD9C6E, 4DA06B563A08AC15D949F4599F73F172B3BFCB5D23B34240D1E2114438A11929 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
19:34:46.0268 0x0c94 hidinterrupt - ok
19:34:46.0297 0x0c94 [ 348416C7D7EB05BC3099FE2F2B27985C, F30E8682E9DD731A1AD7328FB8A48A2BB7D6E52780AE1FDE839D26E84B4FA7B5 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
19:34:46.0338 0x0c94 HidIr - ok
19:34:46.0369 0x0c94 [ 5576DF399CF2D3B63608F7F282151249, 04939E79B8B8035547CE6FFE9001252CA810BAD46D8DB75FF5C13EB10EEB5C57 ] hidserv C:\WINDOWS\system32\hidserv.dll
19:34:46.0404 0x0c94 hidserv - ok
19:34:46.0425 0x0c94 [ 01F732724AF6EFE69886DA95A4E51820, E048A480F9396418BDE9659596E7EDA5FF97D3CE029D186048609B47575BEAE1 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
19:34:46.0486 0x0c94 HidUsb - ok
19:34:46.0536 0x0c94 [ 7433A8D28EE11A661C7A45AF28BA7987, 8A73DB423924E84CD3629BF6C7298CD093D2437B73B3F4520D39330923DDA2D6 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
19:34:46.0577 0x0c94 HomeGroupListener - ok
19:34:46.0638 0x0c94 [ 3FDBFBE5AE639996EB8D482C16BA7EA9, 7E48304818AABB4C5B0CB7FD32D96D6F90F4180AB0F668A2FE653A7097A40673 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
19:34:46.0689 0x0c94 HomeGroupProvider - ok
19:34:46.0729 0x0c94 [ 3844CE7DD23530CAD59D8CABA57CCB05, A44BB60686A0E98FF370D9DED5B32C3F34F0352ACFA3B3052BA4023922B53DB7 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
19:34:46.0745 0x0c94 HpSAMD - ok
19:34:46.0873 0x0c94 [ CA6EADBB8731CA27BDA4037BF290AC14, 31EC9397D55D4EEC416AD722134E2D6B5D14E46D2150CB94889C4BFDAACBF421 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
19:34:46.0933 0x0c94 HTTP - ok
19:34:46.0963 0x0c94 [ 8841D927EB1F7FFC8B1805BC0CF190ED, B063E686380EEF582CF736E33751812F0041C593C7F30EE97D13DEDC9B246AB5 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
19:34:46.0979 0x0c94 hwpolicy - ok
19:34:47.0014 0x0c94 [ 53436C3835E80F4421652A67F44D6313, 8731091945A839713348DF3060A4C96033874E2B3DC7E099BEEC8C65B07F98CF ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
19:34:47.0042 0x0c94 hyperkbd - ok
19:34:47.0066 0x0c94 [ B2DC6C2F313EBB967B556B4E73A75451, B1816A0AE15705F0325F167EA76166779607D6086EC36A4A960E3BA47B4EBC4B ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
19:34:47.0093 0x0c94 HyperVideo - ok
19:34:47.0121 0x0c94 [ D4CDEE4A62BDFFF6E8558A9552148EA7, 55306786CB45082AE374937EBA256FF9CD640BB2E8C19DC6C704489D4743F5CC ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
19:34:47.0165 0x0c94 i8042prt - ok
19:34:47.0197 0x0c94 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
19:34:47.0209 0x0c94 iaLPSSi_GPIO - ok
19:34:47.0235 0x0c94 [ F1DF87463AC308047B089E9F0456B4C8, DFFF3C63D3124C2B879B888104042406FE326D4E7C8C1881A269BD4287B9CD33 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
19:34:47.0249 0x0c94 iaLPSSi_I2C - ok
19:34:47.0309 0x0c94 [ 9FDD4763A115D04F565C38183DE4646F, A8B0653E7C5F5B3CB2A1B642F502269FB1BB1E35DBB1CBABDBDADF92C9815727 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
19:34:47.0354 0x0c94 iaStorAV - ok
19:34:47.0396 0x0c94 [ 4E69EE8F8E5DA036535D433C544AF9E2, 2ADE9B97CE1C19FF984D8BB99CF31415872C2D9628864BD78C0E44D21CC94EE3 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
19:34:47.0426 0x0c94 iaStorV - ok
19:34:47.0488 0x0c94 [ 15C59DF20F74A0C2C764B991FED7F4A5, 6E9804775E815F32A4D73C346E627D64A3096525E78FAE3B6E43CFECAE270428 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
19:34:47.0518 0x0c94 ibbus - ok
19:34:47.0580 0x0c94 [ 501AEED29B30B32BB50416C1E04380E6, 5488B34F3FE5D3DFEF321C1EC2F1DC38831A06EA5FC0618FEF24367975ACB862 ] icssvc C:\WINDOWS\System32\tetheringservice.dll
19:34:47.0683 0x0c94 icssvc - ok
19:34:47.0700 0x0c94 IEEtwCollectorService - ok
19:34:47.0760 0x0c94 [ 6F9C31435DD3E3D3BC247212EA144EBF, 05C4A0BD4BABD27783CEFEE6108C1A05911A212189233F09AF1A56BDC60F60F8 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
19:34:47.0823 0x0c94 IKEEXT - ok
19:34:47.0879 0x0c94 [ 0C45D68D4CEF535DA7B9CB2B82029AFA, 59FC6C94D2BE82663CBB72E9D508CA83E8072F726D9A371BB02195EBE756A5D2 ] inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
19:34:47.0892 0x0c94 inspect - ok
19:34:49.0118 0x0c94 [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
19:34:49.0341 0x0c94 IntcAzAudAddService - ok
19:34:49.0378 0x0c94 [ 498759139F71142888CF7EFA1ABE18C8, 9CD0CD748B143F947B4DEDE39344A8C284717CC8AC97E25827EB73CF10831419 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
19:34:49.0393 0x0c94 intelide - ok
19:34:49.0416 0x0c94 [ DC270DDCDDC2EF65D484A65CC5166222, A88BEAD819ABEFE28B6F9A10586ADCB0EE2A5ED9273F176E9313750609C7892F ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
19:34:49.0434 0x0c94 intelpep - ok
19:34:49.0459 0x0c94 [ B4D9C777762B1F7356958B9C0AA93BEB, F11B07FE939A107AB4EED4857854DF269C2D86A80C8507C8B1E95F7805975EDB ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
19:34:49.0499 0x0c94 intelppm - ok
19:34:49.0520 0x0c94 [ 22BD83268B80A8C89AAC0BDF46E4EB5D, E7DC0C2E4104B51EA545BA8D0CFF11FD6A15BFD8EE16E546E8FC220853402CB3 ] IoQos C:\WINDOWS\system32\drivers\ioqos.sys
19:34:49.0562 0x0c94 IoQos - ok
19:34:49.0604 0x0c94 [ A49E47A6E1429123F46A7CA9C05AEFC1, FFD68CA46DFAA4954FD76145808E2C74BDC34FFD6979BB3FB6A3EE4DC33CDC78 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:34:49.0688 0x0c94 IpFilterDriver - ok
19:34:49.0957 0x0c94 [ 8FBA61B7CB44F136226BE3B346FC6D19, 2190A523AC948B18C2C7B6DC96ABB654DAB471AD5E5E13F79899416E91777AED ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
19:34:50.0071 0x0c94 iphlpsvc - ok
19:34:50.0115 0x0c94 [ E0C276985AF968CE295B8E09C121321F, 07B54165E80D4254C29A6CF00CC634E70F190EF0EB8EEF73EC14F38B841087A5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
19:34:50.0158 0x0c94 IPMIDRV - ok
19:34:50.0186 0x0c94 [ 5D3744E6FDEC1A6FB3FA9B1DD4AF0694, 209BE9FC25C8BF8CE058B7E993B6A902B881380DADC69F5208733077DA7F4382 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
19:34:50.0230 0x0c94 IPNAT - ok
19:34:50.0252 0x0c94 [ B18202D72C0EF4B53CEC6F59E3E1B955, 6DA244E6485372C16CF0B38838DC90B48079A85F5D22B0F2F197C8DA37F0A293 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
19:34:50.0286 0x0c94 IRENUM - ok
19:34:50.0315 0x0c94 [ CD04CBCCCB4C0E4BB06B98E0F45C888A, 106B3E823C188BD14328F2BEA28559D2F637C270064B2FD214522FAC4E616F4C ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
19:34:50.0329 0x0c94 isapnp - ok
19:34:50.0445 0x0c94 [ 5D90E942C94B20E0F321015C0ABF3EEA, 4110551B172D4A5524DD857D7CB65FAF2594310BE7883D5641BC0DF5EF49C82C ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
19:34:50.0470 0x0c94 iScsiPrt - ok
19:34:50.0501 0x0c94 [ 4192DFE6CA143C0AD8AF42C51A82BECA, 31FB3A261D0D5241CC87EF7DFF8BFC1A1EACE8CEC42138918EC5958DAEE100CD ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
19:34:50.0518 0x0c94 kbdclass - ok
19:34:50.0543 0x0c94 [ B63C0DB341DCB46CF7AA259333A737DD, F1B43BA68707F3F99CD31AB2035F5E86CD967AE4E5393928C69861785E960872 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
19:34:50.0576 0x0c94 kbdhid - ok
19:34:50.0619 0x0c94 [ 53C79A7FABDAAFD11EAB31963FB2CED7, 357418645DDCEFA5546AE78EDCAE86D50928710CA7A3F65F01CF721AADA36623 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
19:34:50.0718 0x0c94 kdnic - ok
19:34:50.0735 0x0c94 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] KeyIso C:\WINDOWS\system32\lsass.exe
19:34:50.0752 0x0c94 KeyIso - ok
19:34:50.0783 0x0c94 [ 1E99B26BDB9B9C9BC775ED4543558560, 890870A6737B4910735D1B23F714AA73FCCD1C131D135FACBA6909F06D31B3FF ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
19:34:50.0803 0x0c94 KSecDD - ok
19:34:50.0832 0x0c94 [ 6198A79011C67497B324798B3D4272CE, C587F7D86837550D07918F6AACF26BF65EBAF7FF57475DC9196B4D011E83AE47 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
19:34:50.0852 0x0c94 KSecPkg - ok
19:34:50.0888 0x0c94 [ 503597D9B72DBD9998F722F12A51ACFC, 9B3585282191163AA70243BAD921ED8725A98454E0D3879E0F671E0E4F56AB4F ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
19:34:50.0930 0x0c94 ksthunk - ok
19:34:51.0007 0x0c94 [ ED5AE20C27F27F293C6C61AEC9881054, 4D5BE394D129BD559B0A9D237F3F59CB3D24C15ABDD97AE2E64931D6B9D14FF1 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
19:34:51.0106 0x0c94 KtmRm - ok
19:34:51.0226 0x0c94 [ C529DA0AD5A21878E318801B024AF8E7, A14E8ADCA33C37B1D256CB4926A19F56D2D19B94EDF314A4ED34A8B5AB62CA5A ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
19:34:51.0290 0x0c94 LanmanServer - ok
19:34:51.0328 0x0c94 [ D6D9F4CAFD3F1A7E30AD02E508552CD2, F0D225E5951CFE1D8349F634CC91BDD5B3F9DCF6233CCB965E99BFEAFE642265 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
19:34:51.0380 0x0c94 LanmanWorkstation - ok
19:34:51.0421 0x0c94 [ 24881F16D2829764681F5FAE7B86D7D3, 290348CFAF3165847E4B53965D22E9D417EE20FFD23293B5C1855C57E6328599 ] lfsvc C:\WINDOWS\System32\lfsvc.dll
19:34:51.0469 0x0c94 lfsvc - ok
19:34:51.0484 0x0c94 [ 6ED675774BDC3735AB6DA12D29F825CF, 4317C7CF491F4E806975E7A973CFF11CFEE9E94730DDABCC67C3D693691DDDE5 ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
19:34:51.0522 0x0c94 LicenseManager - ok
19:34:51.0600 0x0c94 [ DB789F57CE94C827FBFF709CA5ABD29E, 4CA4DD079A63649C36F76A31C4081F11F5CF6574AC573B63EF930DB19B1D1C95 ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
19:34:51.0679 0x0c94 lltdio - ok
19:34:51.0784 0x0c94 [ FECBC6C4981772E5D0F517B34A5496EE, 15DB097BFB221B91E580E5CD1DD6B34A9A2C78A1A6FCE4162A855BB4AFE673E9 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
19:34:51.0825 0x0c94 lltdsvc - ok
19:34:51.0888 0x0c94 [ 24C87BDC66AB192FEB273BEE5FD5AA38, BFAAE1F2450DEBD1A14877C046C6EBA91014DB0B5D0FB95EC14CB714B773B3C0 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
19:34:51.0906 0x0c94 lmhosts - ok
19:34:51.0972 0x0c94 [ 3BB39166E446D456C277C17DFEA3DAC6, 1A08E1D017BBCE91E508D876835FA7AD2DA0859A8CFE8F8F31B4F12B48E2573D ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
19:34:52.0001 0x0c94 LSI_SAS - ok
19:34:52.0033 0x0c94 [ 25CF625E46307A5D6674C8DFA1A289AA, 1D00EB70B6B0157013A7C15EF194F51B8596612066EF31B337D8134D6BD0BBBE ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
19:34:52.0070 0x0c94 LSI_SAS2i - ok
19:34:52.0102 0x0c94 [ 722C52B12EA4C198D56994934C9DDAB6, 5F4AB818251C770821BAF41C19B1C483A31CCC28EB96F2084D4092E33EAF906B ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
19:34:52.0120 0x0c94 LSI_SAS3i - ok
19:34:52.0140 0x0c94 [ 3371FF1D5D745C3306C6A2C4E99C25A9, DD6F0099001501BAEDDF8411FBCD930BD6472662D209199249203CB2FDAA23FB ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
19:34:52.0158 0x0c94 LSI_SSS - ok
19:34:52.0255 0x0c94 [ E2EEF074F5260378F9AAFBCD592319A3, DC56674A08FA03FA7AF7DD8B3CC55D8324D1CB51546092A990A935FF9AB48A3C ] LSM C:\WINDOWS\System32\lsm.dll
19:34:52.0324 0x0c94 LSM - ok
19:34:52.0371 0x0c94 [ C692B9C0352315417CF49FFA664957A3, C2D4F9A936B809889F7C51FE48214A1923175913A6C5D0B72D3BA469214B5174 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
19:34:52.0421 0x0c94 luafv - ok
19:34:52.0457 0x0c94 [ 6A4C75FD28F60062FEA3DF3B15D956C0, 4FC58F3320D33BDACCF759A50C623A3E58E4320749E6691B397DF0C8EAAA8A6F ] MapsBroker C:\WINDOWS\System32\moshost.dll
19:34:52.0565 0x0c94 MapsBroker - ok
19:34:52.0628 0x0c94 [ 47701ECA633574E122687693B5C5D35C, 1DB12767462347504956450FAD0D90B6E682E2E8959A6C5DF3792C3C3DA289B1 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
19:34:52.0642 0x0c94 mbamchameleon - ok
19:34:52.0682 0x0c94 [ B2ED9A7A5587A128A0EFD0DBE7662E95, 63070AAFD44E3CD2A4B262DF27222B103455A4D8C2E45914502BFA03D84D32C9 ] megasas C:\WINDOWS\system32\drivers\megasas.sys
19:34:52.0716 0x0c94 megasas - ok
19:34:52.0771 0x0c94 [ 083F71488E6780A67290273180256EA5, 5F43CE66F5A48850BABB70F4D219FDD002F9BC2B2F0E58E66FE2C492AA335E50 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
19:34:52.0831 0x0c94 megasr - ok
19:34:53.0016 0x0c94 [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:34:53.0051 0x0c94 Microsoft Office Groove Audit Service - ok
19:34:53.0213 0x0c94 [ 5907A10D46747A2B6DBFD6A198254DC2, 6C283E9DC75C7ABFD270D6FABBF4F54628A1786E7CE2F603BF664CBB9E4FE583 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
19:34:53.0262 0x0c94 mlx4_bus - ok
19:34:53.0336 0x0c94 [ 91ED6F0EDF4158D63C52194F17D4F42E, ACF543978E253650C167C6C370699AEA7340EBCECF7CAB904CBDD334D1BD6928 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
19:34:53.0418 0x0c94 MMCSS - ok
19:34:53.0443 0x0c94 [ 2C4CC9F6ADBED5A6D131FDB97A78FF68, 04DC76E3F0959C0A9B00DF2133B075194FB7DCBD76832B9D25B0E37223D300DC ] Modem C:\WINDOWS\system32\drivers\modem.sys
19:34:53.0478 0x0c94 Modem - ok
19:34:53.0523 0x0c94 [ D8DB13529C8AD6FBAF8E2F382024374F, 13025035C479E2EF76EDCB90D83BE65B4ADD9F7000AD31FEAD628D5DDFE69158 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
19:34:53.0543 0x0c94 monitor - ok
19:34:53.0613 0x0c94 [ 2DAAF1EE1C30F2FCF59851A64ADA0422, 08CD801E63E2862DE058CD732C3DB3D87B1A2898732365440E3F8919932E96FC ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
19:34:53.0658 0x0c94 mouclass - ok
19:34:53.0682 0x0c94 [ D30FE074503283829ED194BCAE6239C3, A3A127381ECC798417D01F6B8A1894EED7D71989047BC4D1D74D0E7C8394AD65 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
19:34:53.0778 0x0c94 mouhid - ok
19:34:53.0844 0x0c94 [ D5EC9413527B286CFEEB0294C53ABB95, B094C611F5A7E33D2F8667B2A4D6260E1D57BD135867F984EE5B674C7EE72B95 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
19:34:53.0891 0x0c94 mountmgr - ok
19:34:53.0990 0x0c94 [ CC11EEB7AF4617D65DF0E9A21FC1ABD0, A683A5FB26E1B9FB4EEB40A9C7186F8433E3FB0A45848DF6102EF07B4DC75AC8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:34:54.0041 0x0c94 MozillaMaintenance - ok
19:34:54.0075 0x0c94 [ 989A1BBD9C49B107B4A47D06E6827A69, 62D90B22AE13AC84324DFD5FEBA595813AD07469B7FEC41380CE223D93020CCA ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
19:34:54.0170 0x0c94 mpsdrv - ok
19:34:54.0467 0x0c94 [ 51D4584BC245AF1B679CAF01669ACE23, AA0BE0D216A00113F5C07DD95CBC15C4448BF2CBD4954CF16D1E9689455447DB ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
19:34:54.0553 0x0c94 MpsSvc - ok
19:34:54.0606 0x0c94 [ 5B37FDC07159FE9F5F52399F7D78F60B, A0C20EB9A7918395A13A5E21917887DDC9897C475D33091B518354163CAE108A ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
19:34:54.0647 0x0c94 MQAC - ok
19:34:54.0693 0x0c94 [ C1E74DD1D84861D8F12FF8BC0BA11975, 5912A0455C840F5C8AD6383823C9C7DE6FF8B5CAF1B72EA181864999891EAF30 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
19:34:54.0752 0x0c94 MRxDAV - ok
19:34:54.0793 0x0c94 [ 1DF2C5FD2710A13B07E663A12F0E0EEA, 8EBCA9269F52A5CF602F5DE2B0C2AB2BFD82F415465DBB74C73D43F321D9FD46 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:34:54.0858 0x0c94 mrxsmb - ok
19:34:54.0888 0x0c94 [ 185932B1149BD707F8A13174CDAB365B, BC26CB10DD6E81A94477564444E91F76D47E685E897BD77B9C1393F0D31AB718 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
19:34:54.0935 0x0c94 mrxsmb10 - ok
19:34:54.0966 0x0c94 [ 99E24D4DBACBC569833B9A67710D65E7, 93BC765E7B6E19E83AFF783DE8080A80A1D69A406B496F1E36C47AE6E86AFB76 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
19:34:55.0008 0x0c94 mrxsmb20 - ok
19:34:55.0046 0x0c94 [ 6F8BE4FB6262012E61BBADB5444628DC, E87489207AA48106C08E4BADDD8D66D14BC9DD6AD2A4CDD880BA655932CDDE60 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
19:34:55.0102 0x0c94 MsBridge - ok
19:34:55.0145 0x0c94 [ 283BDF3602F442336DAF242BDD07FB98, 185F046B6AA24FFD1567F00AA70357C82002FF627E329CEF9B926645A6DDB172 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:34:55.0173 0x0c94 MSDTC - ok
19:34:55.0210 0x0c94 [ 7C55F1751CAC199680D4489D1EE46544, 967EC8137D321F6139C3382D19A338FD97A3023EB654747AC57C2008BE4AF677 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:34:55.0236 0x0c94 Msfs - ok
19:34:55.0295 0x0c94 [ 988588C16A53C2581488C15FF18934BF, F021FD31163CB5C7012CF96EF642C5E551708C835039075268F4CBED002D441D ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
19:34:55.0322 0x0c94 msgpiowin32 - ok
19:34:55.0344 0x0c94 [ 09622DBC24D0178F15DB8461BB6970DF, C0B3F9B2219AAF87E417EE9FF54C64B8AD9944E101EA79B5DC81D99E8C2ECF30 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
19:34:55.0370 0x0c94 mshidkmdf - ok
19:34:55.0402 0x0c94 [ 34BB07495C0159BE4189841E16F3BC2F, 264B5735D9A68C85BEDE363D4C0AE1FCC381B39EA884B4BAEE185EB8A873184A ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
19:34:55.0420 0x0c94 mshidumdf - ok
19:34:55.0453 0x0c94 [ 7BF3F0DA362C053918F5F2EC43CE39E2, AA773FA3F83C0C572160D3D0286A697DC628FF4F3655EF21D01C6D1B7BE5DF1C ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
19:34:55.0467 0x0c94 msisadrv - ok
19:34:55.0501 0x0c94 [ 669DA2006C0B9D882D2014617E1E88F5, 090F558818806CAEF6C81D369F8BFFE4A8240295EF37CAA7102A18F4CD20D868 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
19:34:55.0528 0x0c94 MSiSCSI - ok
19:34:55.0539 0x0c94 msiserver - ok
19:34:55.0569 0x0c94 [ B2D0FD21FE67D6434769CC6F7A7883CA, B2368BD72952C6EE6DAF1AA006DF575A3019E4721BEFB108D3DF1B9E07B2BC5D ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:34:55.0613 0x0c94 MSKSSRV - ok
19:34:55.0658 0x0c94 [ FB3801F176376286A3F8F20FFB8CDC53, EEF89081665B9BBA93AE9F5912C40C1698E8BA8DBBCCC3BBE0BAB5A86B7E05D4 ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
19:34:55.0741 0x0c94 MsLldp - ok
19:34:55.0779 0x0c94 [ 85EBF0A28B8B132B67C84C6CE5EBAC29, D0012CF4822A3D16F7BF61C94C5650DC1ED310A0DD1A3333465D28C73D40ECDB ] MSMQ C:\WINDOWS\system32\mqsvc.exe
19:34:55.0802 0x0c94 MSMQ - ok
19:34:55.0846 0x0c94 [ 8CBDF0E7A6CD824352F37A682A33DF7E, 4567FF4C73648FF26EA68EAE2B524B767099789086C158875C97768C77B81359 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:34:55.0864 0x0c94 MSPCLOCK - ok
19:34:55.0894 0x0c94 [ 33E5B6261D69ACD4948A5C64B9D8F29F, 1D32340640312372E52E59AFB5DB872E6F9DFE3AC16B56F9D928AE230DA02B8A ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:34:55.0912 0x0c94 MSPQM - ok
19:34:55.0953 0x0c94 [ 557DF8C0DBBBF518AC395C6EB1B179AE, B294B5A7882C0C60D91FB853FC87505B6E7638D25E360FDAE002AEBB714ED471 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
19:34:55.0980 0x0c94 MsRPC - ok
19:34:56.0013 0x0c94 [ 0A29AFA668F5DD50482A98ECE70C77A7, 4C1F23B062361D97B1C8D864AB227E5F398F774A99B5E60A1149A4F78D5BEC20 ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
19:34:56.0045 0x0c94 mssmbios - ok
19:34:56.0096 0x0c94 [ 30CE30877FD5BFADE74FA27D7829BF89, B5EA1F8C91E75722DB1E3E2172C8607FEDBF35BDC4141258A3E6D29D8B0E193B ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:34:56.0131 0x0c94 MSTEE - ok
19:34:56.0142 0x0c94 [ 13D88C0B8A2FA001CD72D454955A6974, 19DD5C8BBD07B64F355737436BF702FFC209D84A8855D2224D3377E233D4BB34 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
19:34:56.0163 0x0c94 MTConfig - ok
19:34:56.0194 0x0c94 [ 00C7F0F06A0A48B9CDB6B3AC3BE288F0, BF469A2DDF495ACB9FEE9063C6680C95BCC8686682C9EDAE6D1893D4058E8AA6 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
19:34:56.0226 0x0c94 Mup - ok
19:34:56.0258 0x0c94 [ 8E237527CA260C71D39ED4081BDF3419, CA52DD174C756A404B1FAD3F2A70E50085C2820BF12369259F61DA649101A179 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
19:34:56.0275 0x0c94 mvumis - ok
19:34:56.0361 0x0c94 [ 48D0587A8302FD3302CFE6F59F7345B0, 26D48AF3F7FF4867E179347CD635055DEA9A751C6C61CE2C391A7F74FC0DC1DE ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
19:34:56.0436 0x0c94 NativeWifiP - ok
19:34:56.0483 0x0c94 [ 11BE8117653C542D264788A700AC5BFE, 87EAAC2DF62BB26619DA72950F5EE41DCA1DBDF93F098647F9D200D588F14003 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
19:34:56.0540 0x0c94 NcaSvc - ok
19:34:56.0571 0x0c94 [ 286C6276B2BA86F29A0F687D05466277, AC8551536F37717A0ACE4A260F5696D1276F7AC62F669E8F12AA158DD86F71A5 ] NcbService C:\WINDOWS\System32\ncbservice.dll
19:34:56.0643 0x0c94 NcbService - ok
19:34:56.0668 0x0c94 [ C55DA734ED2A831E0BACAAFA01CEB7FF, 9D989B03D07BBAD287B317D238691664B0694331D6A69B7A1AA3D8AB7D1323FC ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
19:34:56.0745 0x0c94 NcdAutoSetup - ok
19:34:56.0786 0x0c94 [ CF8296427834CF8BBB3EE1444C17362D, 6EFBE1F015DFFA0704C66DF5C88089DD5771E1542018E4AE98389CFF3D0B2309 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
19:34:56.0802 0x0c94 ndfltr - ok
19:34:56.0876 0x0c94 [ D43EAFF4887321A07D9F9A9DD7225E07, CF29073BBABE12D56744B041118F15C6C08CB89EF12413E359A6875C90FA383F ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
19:34:56.0937 0x0c94 NDIS - ok
19:34:56.0984 0x0c94 [ A0719D1EBA971DFC5DF5F7CC010385F8, A982487D3A74E66F3C29AAA5B46CE9A0969F07F267DDEFE58C58573573AB0024 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
19:34:57.0038 0x0c94 NdisCap - ok
19:34:57.0067 0x0c94 [ 0C557932CCCC65AEB37326DD36504527, C0AF3066DEE4BCC32DB30CCC16B7A91442A8383BB36C7C4E3CC0A5EFE0FAAA9B ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
19:34:57.0117 0x0c94 NdisImPlatform - ok
19:34:57.0169 0x0c94 [ 56F9345D1945826135FBAB7589592B1F, 6BC2A5900076B917823C7392C582A2648D0C8000F2F65D309D5B48E36D4FB4D6 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:34:57.0209 0x0c94 NdisTapi - ok
19:34:57.0236 0x0c94 [ AADFC340939D99E5D756E713E1D452EB, EFEFDBB2188DE82C2C5E67929861B269FD4C127D34D1DE6D0596ABC33E2C2B51 ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
19:34:57.0282 0x0c94 Ndisuio - ok
19:34:57.0311 0x0c94 [ 312DFD787D99D3BF1427B0388BC04F71, C082CA1F332AD57FF2100748518D3D7B3D0F1B042F69BD7401C44B77AFE97462 ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
19:34:57.0363 0x0c94 NdisVirtualBus - ok
19:34:57.0429 0x0c94 [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
19:34:57.0476 0x0c94 NdisWan - ok
19:34:57.0491 0x0c94 [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:34:57.0522 0x0c94 ndiswanlegacy - ok
19:34:57.0550 0x0c94 [ 6E98F16983C4AE8703FF9F90AB4B31DD, BB8BD5DB4B5FB31F3A257747C27CBEFA4B7837EC5C0CF3D4F408E626E4003F4C ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
19:34:57.0592 0x0c94 ndproxy - ok
19:34:57.0616 0x0c94 [ F1B7CC77F412C8D45B2DDCF76EDA4F9D, 25F2AA76E675D9BCC0B1FD47AFEC6DF2D0B47E7B1C8AF6FB27C1ED2FB902961A ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
19:34:57.0654 0x0c94 Ndu - ok
19:34:57.0676 0x0c94 [ 824FDC990A3F79069BE468A132EB6888, D09F7A9EC04E37DA504CE54EEC25C312B407B6A8B214CBB074BEB50DE420F52A ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
19:34:57.0693 0x0c94 NetBIOS - ok
19:34:57.0725 0x0c94 [ F0D791348AD254360CC3C3E501CCB745, E4CAB4D3C2CD3169731283B00DEBFE26438BB66A3F0D78BDB68E876A14FC7070 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:34:57.0775 0x0c94 NetBT - ok
19:34:57.0801 0x0c94 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:34:57.0819 0x0c94 Netlogon - ok
19:34:57.0874 0x0c94 [ 7C8A7380CBE45DFD3DF118D8601499A7, C137280B7696F8CF4258BDC8B241C66BB3AA5708C5410D85255E46C7E8284826 ] Netman C:\WINDOWS\System32\netman.dll
19:34:57.0924 0x0c94 Netman - ok
19:34:57.0979 0x0c94 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:34:58.0016 0x0c94 NetMsmqActivator - ok
19:34:58.0029 0x0c94 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:34:58.0046 0x0c94 NetPipeActivator - ok
19:34:58.0114 0x0c94 [ BBE9D72EFC7BD66B28309C3607683DBA, FC372EFBC650CE0BDB117858D840A1FB361947B1C67D1DD16BABA95D0286856A ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
19:34:58.0179 0x0c94 netprofm - ok
19:34:58.0236 0x0c94 [ 5D046D71B18BEFB2E4D164C3DEEDD672, 536834D020889973854830919B23DF22CC1B27236AFAEDEBDF42D432CE48FCDE ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
19:34:58.0298 0x0c94 NetSetupSvc - ok
19:34:58.0323 0x0c94 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:34:58.0344 0x0c94 NetTcpActivator - ok
19:34:58.0355 0x0c94 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:34:58.0375 0x0c94 NetTcpPortSharing - ok
19:34:58.0419 0x0c94 [ 46E862DA2CF8F351375EF537276B69B5, AC0FE0977E56380849DCE668AC0F5AF183AAB115ED84ADD964E390CC0BEDF6D3 ] netvsc C:\WINDOWS\System32\drivers\netvsc.sys
19:34:58.0442 0x0c94 netvsc - ok
19:34:58.0493 0x0c94 [ 88CE4AC85F36B6347C1D820FA373B998, E10B5DF8883928A2062FC6180DE4CF0DE33C68622C2E3E4E1AFC56A0682F8E75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
19:34:58.0563 0x0c94 NgcCtnrSvc - ok
19:34:58.0589 0x0c94 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] NgcSvc C:\WINDOWS\system32\lsass.exe
19:34:58.0611 0x0c94 NgcSvc - ok
19:34:58.0666 0x0c94 [ D5B50FCE0B749FC82BD8FD3A79FF623E, DB5E21011E020C08A5BE2B250BDEF9ACEA9891D6B7022BB9AAA5C6B92A4C87F8 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
19:34:58.0730 0x0c94 NlaSvc - ok
19:34:58.0753 0x0c94 [ 41557BE174E9EC6AC703A8A4ADBC6650, 8CF6DF3FDC3C7C44B32851538A67BF86A54AB6444A424D7A20B7A9A94B4158D8 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:34:58.0788 0x0c94 Npfs - ok
19:34:58.0813 0x0c94 [ AC3F70FCFBCE97AA2F12BA43EE13B86E, D0AC50FB022C0F3031531CEE210D47FC3244C6FB55FAAD4AAB04081F0A21DAE4 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
19:34:58.0842 0x0c94 npsvctrig - ok
19:34:58.0879 0x0c94 [ 0AF4872D3D6FD3A030E836DAC2B3EF2D, 03EE7B6FAFC0BB5C26793BC5FF8BD1019AC96B3104688009C1E062C3F4F34D6D ] nsi C:\WINDOWS\system32\nsisvc.dll
19:34:58.0900 0x0c94 nsi - ok
19:34:58.0933 0x0c94 [ 66A98C407085B8920DF1E6D722F1ADB8, 3FE307E4A9E41B08E0453507E50D6D0C67FA6F4245A863D90181463C749C83B5 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
19:34:58.0966 0x0c94 nsiproxy - ok
19:34:59.0190 0x0c94 [ 466EC5659C02ED53DBD47DC1BC2B8086, 1F35DE75386F7D029C01D67B09D5E5157141C6892858885C11972CE73D6078AC ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys
19:34:59.0289 0x0c94 NTFS - ok
19:34:59.0333 0x0c94 [ 383E546EF4982262A0EF6CC2B6E9D525, 3C6C90B62E8EB094E6928C388E5081A3F73DF87B0F34F716B72EA7B6EF71FBB7 ] Null C:\WINDOWS\system32\drivers\Null.sys
19:34:59.0375 0x0c94 Null - ok
19:34:59.0408 0x0c94 [ 466F875F1D4C6ABB46AF28007009237C, 26F5A5579737A7CF2267F79DDE5A551149C682D5FD24663B53FCEC5AA6B448CE ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
19:34:59.0428 0x0c94 nvraid - ok
19:34:59.0456 0x0c94 [ 76F19EAE7A52CBAF7B8EC428BE6E0DA0, CF1E55D92FA32744A20AB75D466A3E05E6FACF4694F9265C41F5C27C1E7243DC ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
19:34:59.0477 0x0c94 nvstor - ok
19:34:59.0502 0x0c94 [ 0D0CB77D74B38E0EC62341C19E469D8D, A05D3CC67FEEB2FD219BFAA34BF98CB3F3718042124AF28F0E9FDFB9F132DD76 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
19:34:59.0523 0x0c94 nv_agp - ok
19:34:59.0673 0x0c94 [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:34:59.0701 0x0c94 odserv - ok
19:34:59.0759 0x0c94 [ EA3FFE8617B9FCA1620AD9876E92F4F1, 68D5143CA71D10A2BB44E29B3C76580596669D0624076BCF6CCBA7AF3140538E ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
19:34:59.0809 0x0c94 OneSyncSvc - ok
19:34:59.0878 0x0c94 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:34:59.0891 0x0c94 ose - ok
19:34:59.0948 0x0c94 [ CAFB5A95883158A0579DED2ED5CB0627, B23F7D19142DD3544F96ADB36F152F4EA7F6C524A1281EC26A2B95D7D044822C ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
19:35:00.0018 0x0c94 p2pimsvc - ok
19:35:00.0081 0x0c94 [ 3612CE3432E0A2BE0081E6B488ACF84C, F1A641735FD374CA293FB98FADA2C41E2033B17FECCA3B6D225D0E591AFFF413 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
19:35:00.0120 0x0c94 p2psvc - ok
19:35:00.0162 0x0c94 [ 38F1AE32339731F6E5A7281AE8042545, 308954518C45D29FC199525F0CC7FE4EA805322EC0B871DDDCBEEC15355514C8 ] Parport C:\WINDOWS\System32\drivers\parport.sys
19:35:00.0203 0x0c94 Parport - ok
19:35:00.0239 0x0c94 [ 707889D2F95AAE8C9DD254D8767AD908, BE7BD94728D7629F8B7567523FFB42B8979941CEA2EA03E11BFCD51CF119FC27 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
19:35:00.0257 0x0c94 partmgr - ok
19:35:00.0304 0x0c94 [ A09B0D8F9F0FC17EBCE6481AC9FD5CDF, 8E8D68992D98CF3DBC4B70C7902B3EC28A1E2DA8D4DB38F0AD9D52B1A5A1D40F ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
19:35:00.0340 0x0c94 PcaSvc - ok
19:35:00.0396 0x0c94 [ 2834089EA4E550FF3B96E61FB4AA34ED, D25DAB47F9778675E984E0738D2014024C2758D52D7E071167A12FF466B7898E ] pci C:\WINDOWS\system32\drivers\pci.sys
19:35:00.0423 0x0c94 pci - ok
19:35:00.0447 0x0c94 [ 3D587E4295B11B8480F7ACB09A89D718, 8C3BD62B3451E1B2E7197EDAE381785406DF86C03BEEC486602C642FDD37DBC1 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
19:35:00.0462 0x0c94 pciide - ok
19:35:00.0505 0x0c94 [ B8F07002B5F1DA23CFF979C2806B09F3, AD5C589A02BB8185AA070420BF30E78BC8BE3C6F9B0F66319A8CA05B70A5ED32 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
19:35:00.0523 0x0c94 pcmcia - ok
19:35:00.0548 0x0c94 [ FF588077D0C6AC2EA3FCBF1903CE08D0, 64BE1646FB6D8CC902B6F386255F7C0420E3C334E14DECD527DD541B43A1DCD6 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
19:35:00.0564 0x0c94 pcw - ok
19:35:00.0578 0x0c94 [ 5A4426450501534666F9E6157E258A0B, 2735EE7C5581D2FF5454662623BE94D08043C894580D540F0E5D3E21C7D7EC45 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
19:35:00.0596 0x0c94 pdc - ok
19:35:00.0658 0x0c94 [ 688F47C342E1BBC87A48AB71D316233E, CE99AB67C7E7A11AC69C2F4513AEBDACA385BA7F8CC49BE6313CE04ED404A0E7 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
19:35:00.0728 0x0c94 PEAUTH - ok
19:35:00.0883 0x0c94 [ 303D2C90139ABFC1D12E279F0F101710, CE02E335A72011004395DC635EB819B3ED8D00041B9C59024DE246366AF00559 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll
19:35:01.0029 0x0c94 PeerDistSvc - ok
19:35:01.0119 0x0c94 [ 189265498945593D5256CFF7FEBB9665, 9CB88CC3C726BFE6EDCE8D9E4544306AACD3FB9E969E3A438D9FD533F25C1281 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
19:35:01.0160 0x0c94 percsas2i - ok
19:35:01.0201 0x0c94 [ 9B86965114F6831A5130EFE6657B17D9, 4C5B657DB9A9F96BFD3EAFA756ED60D911EB58857C439F5FA6E495A473ED1145 ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
19:35:01.0216 0x0c94 percsas3i - ok
19:35:01.0314 0x0c94 [ 8A5A52C855FB5BFEF019AE9938AEA8AE, 77CB8A09B209DB5895319BA9D073A67148926E22C47836343050DFC178AFAEEE ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
19:35:01.0364 0x0c94 PerfHost - ok
19:35:01.0426 0x0c94 [ 42172DDE99D9F2AB3B0739506699A566, 6B0FAD656A24787E9429EA89F7DC03CC535D8E5D093378F93164ECADCEE5CFDF ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
19:35:01.0484 0x0c94 PimIndexMaintenanceSvc - ok
19:35:01.0597 0x0c94 [ 82FDEC2A262728F62F2111A84CC04B16, A1FCE38D4F55F10BB9B3BFB7D9E3EF7C27D499D9C8882218C8A9A73487798188 ] pla C:\WINDOWS\system32\pla.dll
19:35:01.0708 0x0c94 pla - ok
19:35:01.0747 0x0c94 [ 7B3DA16FAA498838BB457E0B7E380EDF, B73DCFFA60886F10765E4B76A58CFF18C08CAFEE620700361FC8FEC7E80B5958 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
19:35:01.0777 0x0c94 PlugPlay - ok
19:35:01.0817 0x0c94 [ F1E9C35A8DFD4D64382CFB9019A950F9, 24E0381C6909F9876D6DC4697DC6405FE18DF91531891B2CCA6DB0191B9C6DF4 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
|
|
21.09.2015, 18:45
| #7 |
| | Teil 2 vom letzten LogCode:
ATTFilter 19:35:01.0837 0x0c94 PNRPAutoReg - ok
19:35:01.0878 0x0c94 [ CAFB5A95883158A0579DED2ED5CB0627, B23F7D19142DD3544F96ADB36F152F4EA7F6C524A1281EC26A2B95D7D044822C ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
19:35:01.0921 0x0c94 PNRPsvc - ok
19:35:01.0963 0x0c94 [ 62C0BD179961132EF2C5B952210C11F5, 2473FBB3619D0DDA229D4BEC30CEFE7497C27ED3844A5B7655F6F2D328FEAF61 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
19:35:02.0021 0x0c94 PolicyAgent - ok
19:35:02.0049 0x0c94 [ 6390391EDFC43DD11CE9E6AADCAC20EA, C8BC222FFBB9E47489D16BB5248E0E2E594011C46CFF71F5DBCC4D5CC6788098 ] Power C:\WINDOWS\system32\umpo.dll
19:35:02.0079 0x0c94 Power - ok
19:35:02.0121 0x0c94 [ 1433EB7908E5E1E20FFD50E4126C3484, 34D81680C8F2F2C5892FC0E0A6DFCBB241AFF493267A1FE182ED28AE9F712456 ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
19:35:02.0162 0x0c94 PptpMiniport - ok
19:35:02.0440 0x0c94 [ 12E2582F69ACA40A6BAE91DA578CBF34, 648C6394763906AA4163976DA2C3308F8B706486D9D8F16258CB1D61C2929930 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
19:35:02.0714 0x0c94 PrintNotify - ok
19:35:02.0777 0x0c94 [ 22DE54C3974E4FD98F61D095C22C59B7, 64E78D6DEC4A28ABB0A23F2CF078459D81796EC79235AE45976ABB4F72B1D1E6 ] Processor C:\WINDOWS\System32\drivers\processr.sys
19:35:02.0808 0x0c94 Processor - ok
19:35:02.0855 0x0c94 [ 27D0B024BB356C6BEB1214B61E47DE02, 8CBDD62E243CC652F2197AE83DEDD21D91D2792558A6D7D1CC680B37607DEF4B ] ProfSvc C:\WINDOWS\system32\profsvc.dll
19:35:02.0902 0x0c94 ProfSvc - ok
19:35:02.0933 0x0c94 [ EDD52C352CBAAAD13FD7BD5DCEA309B3, EC7D294B23FD5C309E5C4C455896937B85DC615E1B36C9F8F3BDC90E75EBF9CF ] Psched C:\WINDOWS\system32\drivers\pacer.sys
19:35:02.0948 0x0c94 Psched - ok
19:35:02.0995 0x0c94 [ DD3FF2053356D11C785999BBC633F3E0, E9A5B7C657F4523E5DEF7AEE7ECFCC94E911FC65F1D491BEF01239F357B8D8E0 ] QWAVE C:\WINDOWS\system32\qwave.dll
19:35:03.0042 0x0c94 QWAVE - ok
19:35:03.0089 0x0c94 [ 51590F442C6E5D43244BA30DDB0CE79D, 9C7FD0A19753C13FD4A27EBFD60703A2414D5A2F6F451F0B32769C8D7C953980 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
19:35:03.0105 0x0c94 QWAVEdrv - ok
19:35:03.0183 0x0c94 [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr C:\WINDOWS\WindowsMobile\rapimgr.dll
19:35:03.0198 0x0c94 RapiMgr - ok
19:35:03.0230 0x0c94 [ E951E70019865B06126AF850BCCA2026, C590DE38C7603149AFA0271D57EEBAF956F18F50584FCF04BC2C8D8CEC5C5932 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:35:03.0261 0x0c94 RasAcd - ok
19:35:03.0308 0x0c94 [ 0BF8607133AE264BC3C41A5BAA5FFB7B, 9A4F6AC6013AB5C2A99BCFC2CCF161DD225DE8D85D61579655ADBF04A4383A61 ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
19:35:03.0355 0x0c94 RasAgileVpn - ok
19:35:03.0386 0x0c94 [ FE0976379F9E7DB6F7945FCEB88C7E29, BA331CE55C02E86478714DA87FAC547B50D53BC7D02BCA5A64D484DED44BFAA5 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:35:03.0433 0x0c94 RasAuto - ok
19:35:03.0464 0x0c94 [ CA60F6C03611AF1710BC903ED9F566FB, B5C9E8BAC631738761E11168AB68EB1ECC5EC96BF9A8248B9127DCF744CA4691 ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
19:35:03.0495 0x0c94 Rasl2tp - ok
19:35:03.0605 0x0c94 [ 586A17C10D417D889F1FF7D8636E2F34, EEDA4EE8D2BC5C8C7756AB79F1F19AF8B1C4057996748FAE4E3F37844DB0EB33 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:35:03.0667 0x0c94 RasMan - ok
19:35:03.0683 0x0c94 [ E5FA41160F5A3D78D8F7765E5C5F6BB0, 31BA423FFFC3206717DC34B482149421EE28B27A4A3BA2DC78C3B3A9EE0C1365 ] RasPppoe C:\WINDOWS\System32\drivers\raspppoe.sys
19:35:03.0714 0x0c94 RasPppoe - ok
19:35:03.0745 0x0c94 [ DF0834AE921E633E05D1FDC55C318957, 851A00961224DACBEF9DA427122F6B4B73BB99849D5ECB55DBBD311B2EA84C33 ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
19:35:03.0792 0x0c94 RasSstp - ok
19:35:03.0823 0x0c94 [ FC9B7AC6E2B837EF7CD6C64F7068D41D, 9B0DD842033E82BC7EE80416A62B084BF5200923EB7A6C80415BB28004E9B5E3 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:35:03.0870 0x0c94 rdbss - ok
19:35:03.0917 0x0c94 [ FB7375657F8A5932C35EAA45E9B4B416, 99594708BFD6DC9F8CECBF092058D4D0D4F1BC3204E86F9FDAD5207ED5ECF194 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
19:35:03.0933 0x0c94 rdpbus - ok
19:35:03.0980 0x0c94 [ A32AED8C644734B283A7C9D08D76064D, A12F67C57E43B6A2FE6449EA3822B1108FE70C66AF9911798777F85D760E384C ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
19:35:04.0027 0x0c94 RDPDR - ok
19:35:04.0073 0x0c94 [ 37CC7E41243EFBB4FBC0510E5CA32A02, 634E2F81D61F937F30E5ECE01FB581E090C6DA073EF7B1A3F6083ECAF363CB46 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
19:35:04.0089 0x0c94 RdpVideoMiniport - ok
19:35:04.0136 0x0c94 [ DAF957B25A35757E9D814611FAE8FE3B, 5244A427B2DEB5349B9F336A4A39A6834A6E8118A8EDA00738C6CE09F2452C24 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
19:35:04.0183 0x0c94 rdyboost - ok
19:35:04.0355 0x0c94 [ 2C72E029C153D25325CA182A669E4ADE, 5CE0E04A6B53A1F11E8159DFD1E59F2AE6631E3B5BD27BAAEC4A35BC02A55722 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
19:35:04.0402 0x0c94 ReFSv1 - ok
19:35:04.0464 0x0c94 [ BABEE4A896D005BD0D205F1C932DA25E, 269FDF65BE3A226FA2A5CA25085366E32ADAD30A020484FE844962E8C61CB1D2 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:35:04.0527 0x0c94 RemoteAccess - ok
19:35:04.0558 0x0c94 [ 066062967A77867BDCF665960EFDAD32, 68143DBDFA7C68786C22F5CC4E80200255C663A844069C080E7816F423ABB1F4 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:35:04.0605 0x0c94 RemoteRegistry - ok
19:35:04.0761 0x0c94 [ 16018214C82C4AA1F58A037FC4601A04, DD9FCC06894879EB11841645C3F0325B61D57A7546811743BAE331E25605201A ] RetailDemo C:\WINDOWS\system32\RDXService.dll
19:35:04.0870 0x0c94 RetailDemo - ok
19:35:04.0948 0x0c94 [ 6451FE42C35FDE3862D99579444F4A8F, BD56A1120AACF6143E6EB739E12BEE86DF142F1159865608BDF1BBE54B66AFCE ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
19:35:04.0995 0x0c94 RpcEptMapper - ok
19:35:05.0027 0x0c94 [ F24131EAD1D0B73463052BB042A37B6C, 43B5772310B200DF1914C8E4D10401A0BCE9082BDEAC34736AFB2920B39D7956 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:35:05.0042 0x0c94 RpcLocator - ok
19:35:05.0105 0x0c94 [ 5E57B9FBB4E9C43EE5B69BEE01A1819F, A1F8D1E52AF446CEA2EB50064E3A24B713B19197D61C3EAECB81B3CCD80558E7 ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:35:05.0167 0x0c94 RpcSs - ok
19:35:05.0198 0x0c94 [ DC66C1D262D64E30A30B68E9F21AC74B, A5ED3D31BCD68DBC00A956787517ACA167C86F5FFDAF7C9A85505FA2B705C6CB ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
19:35:05.0230 0x0c94 rspndr - ok
19:35:05.0292 0x0c94 [ 179E6BCF8D16AD39C137CB4FCFE015C5, A1DF499AA378BDB1CB7F95ACC0C7D6929358AF4596A47FDEDFAE115461563CD5 ] rt640x64 C:\WINDOWS\System32\drivers\rt640x64.sys
19:35:05.0355 0x0c94 rt640x64 - ok
19:35:05.0542 0x0c94 [ D2B0FA7DF1966B8496A0CB145EEFE104, B3201181C11556C8F94AEE18C6868ED8E20C0BF19A02E892AB380024FBDD7481 ] rtwlane_13 C:\WINDOWS\System32\drivers\rtwlane_13.sys
19:35:05.0839 0x0c94 rtwlane_13 - ok
19:35:05.0902 0x0c94 [ 88F7703F2A4677C828124AE2110D3EBC, 529F6A5815806F2EA2235802BD28AF8D7A40E7799356BD3EC337C9E71B6B53E6 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
19:35:05.0917 0x0c94 s3cap - ok
19:35:05.0933 0x0c94 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] SamSs C:\WINDOWS\system32\lsass.exe
19:35:05.0948 0x0c94 SamSs - ok
19:35:05.0995 0x0c94 [ B467E932FE4E16E201DC7E56870CB559, 6FCE9A2DFC5D222BBEA4AA271A17B830FCF8EAE44B07BEE5FF34AE50CABCBB6A ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
19:35:06.0011 0x0c94 sbp2port - ok
19:35:06.0073 0x0c94 [ 3E115C63649402D321D396F8D606C9B0, F4BA7FE0E89D563A57B6865E4CF1334998987D11A0D70FF7491726A507B40DF4 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
19:35:06.0183 0x0c94 SCardSvr - ok
19:35:06.0214 0x0c94 [ 67EFFD3D1BB6D2B67DF7F8FDCB1A51FC, DE41539FAC730F5CFF6C8754ECFF1253AFDC1C86743AE71B61D716B7A84E85FD ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
19:35:06.0277 0x0c94 ScDeviceEnum - ok
19:35:06.0308 0x0c94 [ 31DDA0716EC265CA57DAF9D2295FD76F, E6F39C1B3CF81918277DB8C6E3DF9A82812E1C9063DEB1FB85FE433DC9A16CBA ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
19:35:06.0355 0x0c94 scfilter - ok
19:35:06.0480 0x0c94 [ 1BFAC03B6422E878EFCDA934BF4C4823, 0BA537A4B9E8020E6B709A44F1382DB3B41CEF631B847201F812152FEB303CD3 ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:35:06.0573 0x0c94 Schedule - ok
19:35:06.0605 0x0c94 [ 320E7A02D81A468E8C1FEEFDB856AFAE, E65127D3D6B628F9D19EA509FEBD9E4DC1BF20D0C62C3C9E1D7087DF972B2AA7 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
19:35:06.0636 0x0c94 SCPolicySvc - ok
19:35:06.0667 0x0c94 [ CC41D16FB823F9BE167BE773F225CD1F, 97020D419CFC161A4EEF238F8580ADC2D026221217BF41728C54F52ACDBB9FCB ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
19:35:06.0698 0x0c94 sdbus - ok
19:35:06.0745 0x0c94 [ A906C527B838A4922611C63EBD250F91, 6BB0054A9C2408138BDF49D834FF99B5B9764E7747ABC15016F54FBA1D28394F ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
19:35:06.0823 0x0c94 SDRSVC - ok
19:35:06.0855 0x0c94 [ F4BF50A7D16A97A887BFA0F193693C42, EEBF5AAC149C72F490BAC954B25BB6882B10FC38F93CA4F4829A06702B1ECEF9 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
19:35:06.0870 0x0c94 sdstor - ok
19:35:06.0917 0x0c94 [ 648A299839E8F48A946C41DE270D28F5, EEC9A5FCBE3FF78FB5E0452FF1932A8B0C7399688041E22555703CB1977A4428 ] seclogon C:\WINDOWS\system32\seclogon.dll
19:35:06.0964 0x0c94 seclogon - ok
19:35:06.0980 0x0c94 [ 29452A9DA3E3482F0C2963312F979053, E1782D36C336C4B4C261AD665C1E9051905AA86020E08FC94069972AF4C4DB4B ] SENS C:\WINDOWS\System32\sens.dll
19:35:07.0011 0x0c94 SENS - ok
19:35:07.0089 0x0c94 [ 919BA7E3054E4F1D61A3524ADCE6A970, 3C382673DF5AF2F38A5AE4A268F5856B0CC9E65D52213DE6D2C06E252753B73C ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
19:35:07.0198 0x0c94 SensorDataService - ok
19:35:07.0261 0x0c94 [ 01C2EEA7870FE26A4A6CCBA5421CC7E5, 9E643AB6BCBECE4F2A5FD4C96547A4E3F2BDFEFC5FE24B802467718EC69929F8 ] SensorService C:\WINDOWS\system32\SensorService.dll
19:35:07.0323 0x0c94 SensorService - ok
19:35:07.0386 0x0c94 [ D2FEE824B4AA0BE377F1353E5F915BF4, 00D754C62F3482BBD0EA72C896139C39D15192B2D9FCC7B755D1FB9DF9FCFD9B ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
19:35:07.0433 0x0c94 SensrSvc - ok
19:35:07.0464 0x0c94 [ 9DB0BBE3ABE1F49651AE51EC5BCABE58, 0B46C1F231F41766AB73EE7E9834D3CDACA602D12E702D9277E28B47417D9CA4 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
19:35:07.0480 0x0c94 SerCx - ok
19:35:07.0511 0x0c94 [ C4AF79C37334D995D95C22C14FDBF7FD, 4D4985921261909F2123467A22EDB102B490710F60AB935624435E5BB808A0E9 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
19:35:07.0542 0x0c94 SerCx2 - ok
19:35:07.0558 0x0c94 [ FC541A272F47BE03E67A9FCB87FA8C3E, 730A3616FD67E9F2832442144B2655A8EF78B9AFCB204113E73E257256491354 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
19:35:07.0573 0x0c94 Serenum - ok
19:35:07.0620 0x0c94 [ 2A5F5F95FCA123DCBF53B5F603B64789, DE5C9E1D88B2C180B137DA7839F3EF6C936A171ABA49F89C10EE9C73A2226F3F ] Serial C:\WINDOWS\System32\drivers\serial.sys
19:35:07.0652 0x0c94 Serial - ok
19:35:07.0683 0x0c94 [ C8738887228B7BFA3B1A906816A8BB12, 328283569201791891D5E9FB3028DB5B9FD93A7BEFC00C7DEBC2CC5731DE64D5 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
19:35:07.0714 0x0c94 sermouse - ok
19:35:07.0777 0x0c94 [ B1CB58853153397DFFA2D13A81451D09, CC9B3B064711E9B5CB38DC1C84DC410033939848BD31BB0D12F990E8154F357E ] SessionEnv C:\WINDOWS\system32\sessenv.dll
19:35:07.0823 0x0c94 SessionEnv - ok
19:35:07.0855 0x0c94 [ 67832B68752CDF7FDE56949E4A2E70BF, A72320EA8575A751DF86A1EE7969AD9D548D6185F2520197262E11B79FF8222B ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
19:35:07.0870 0x0c94 sfloppy - ok
19:35:07.0933 0x0c94 [ F10E5536E1C753E01CF19FA4F466CE90, C9897F22B176D84CA233F864078895E3DAD4DAD090FACBB01BD6E59EE337B47C ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:35:07.0980 0x0c94 SharedAccess - ok
19:35:08.0058 0x0c94 [ 4AC12D495B3CB4275F74C68A7A017561, DC53EBD606ECCD8BCF6D618C0EB58B03F5C20F09E0F0AEDE9B8082D6B208B19A ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:35:08.0120 0x0c94 ShellHWDetection - ok
19:35:08.0152 0x0c94 [ ED058030296CF9B79C8D48BF43724323, 01DC7C2590DF48116CD1A126F207FE5DE439A53286BAE3736E22EE3D1CA80BE3 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
19:35:08.0167 0x0c94 SiSRaid2 - ok
19:35:08.0214 0x0c94 [ 633D3D1581E9DCCD5A2D8F039104C9A5, C44B5097016C2AEC8B41F77425FE44413562F9DCF0C0C11CA69D8178970B4706 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
19:35:08.0230 0x0c94 SiSRaid4 - ok
19:35:08.0308 0x0c94 [ 35B8FC714C2E7F07F7DC7C64452153F8, 6D45EB01B5F972ED0E5520E771F007FFEE892054FABDB3DD00D3E9915D3A0A31 ] smphost C:\WINDOWS\System32\smphost.dll
19:35:08.0339 0x0c94 smphost - ok
19:35:08.0417 0x0c94 [ DE3A5C27EC842A113F68A2705FF63B00, B134EF63708A892B673B539F544F7980FF72838D822E8E4CCDDB359B22CB8805 ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
19:35:08.0464 0x0c94 SmsRouter - ok
19:35:08.0511 0x0c94 [ CD1056818A6FCEF4D32BD1D6E34070D5, F5BFB61ACB220A73B0DC4487B049F52E9F9FA2D4188C001E7A5838D47CEA6343 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
19:35:08.0542 0x0c94 SNMPTRAP - ok
19:35:08.0589 0x0c94 [ 187B4AD4446C59F8FCC4A10F473EE3D1, 0AAD961B3D7B3484DC89CB86F3EC96CEBFABB7224A5BFB48083DE8F1805EA7B4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
19:35:08.0620 0x0c94 spaceport - ok
19:35:08.0652 0x0c94 [ 2799FCA215919FDC9A87C5FCAB530828, BDE968BF26693AA4D70AB669896BCA49C6F533EA226386B35B0EA589A55227B5 ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
19:35:08.0667 0x0c94 SpbCx - ok
19:35:08.0730 0x0c94 [ 58C17D92AD61EC7A98B05F4FAD0D205A, B881134A1BD9194145A9D18BDB34D57E2C167F06C2A9368459D0C33E6E0D6501 ] Spooler C:\WINDOWS\System32\spoolsv.exe
19:35:08.0808 0x0c94 Spooler - ok
19:35:09.0089 0x0c94 [ 5C31E109943E67CFC801810C00AB63EE, 9A80D7CDA1135EBCE10E753986A59CFA3D8D49F9B0BE38FDF99880B1DD88C41D ] sppsvc C:\WINDOWS\system32\sppsvc.exe
19:35:09.0323 0x0c94 sppsvc - ok
19:35:09.0464 0x0c94 [ AA1F23501511EFE9CF9771F6B20E8D45, E786852D9877CCFD35444F8FC694467132F868D87A8C344FD1016FFDE74695A5 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:35:09.0511 0x0c94 srv - ok
19:35:09.0558 0x0c94 [ F5B169EDF9D5E3C7200D89D30E065D13, 12BAF3A3CB76F0900FA53681C9AD16F40308F493BA22C0F60E1E268D0D6AF825 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
19:35:09.0605 0x0c94 srv2 - ok
19:35:09.0620 0x0c94 [ 2E142E027F0AA698BA4DCE49CBDB43CD, A21027BBBC75A55A8B302D028113A0683016E4C72790A8C561DDB1AE7FDB4289 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
19:35:09.0652 0x0c94 srvnet - ok
19:35:09.0714 0x0c94 [ BF71B3FB5B7557CB740CDB09C5FB50D9, D6F9E65FDC9C4ADAFE82D94F71A1F5960DB3BEEBF4FE5B2D087515C4FAA5F287 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:35:09.0745 0x0c94 SSDPSRV - ok
19:35:09.0777 0x0c94 [ EF1BC04215C201ADA3F7F5A2F034EA21, E1A7A0FA2032B9E7D3951100E74C04D93CD848C88D23D57FBA0BFA2816B29C61 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
19:35:09.0823 0x0c94 SstpSvc - ok
19:35:09.0948 0x0c94 [ C26E2C89EFB4BB39CD135B5DED804B78, 99288C6023DC6AC6554521EA671AB387ACE2AE2BCDE145C7012202842FF40841 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
19:35:10.0120 0x0c94 StateRepository - ok
19:35:10.0152 0x0c94 [ DDE064A4298FD1FBF804D3ED691E7EDB, B0D117B1FC0DA2CB76F5F63699E2F108930B6C6721AC443111D48215ED624278 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
19:35:10.0167 0x0c94 stexstor - ok
19:35:10.0230 0x0c94 [ 60F04DF1AB55D6D4BDA02052DD20537E, 52996EDF2C06968DADC9BDF24E4039929B81643493C7193B8CC4A6BD1A3AE761 ] stisvc C:\WINDOWS\System32\wiaservc.dll
19:35:10.0292 0x0c94 stisvc - ok
19:35:10.0323 0x0c94 [ 32C95F44108C3E7DB58F773346E3C9D0, F852D8ECA06080EA6DE1A90509071965A750D9CFC9627F0D4DB8ECC57133B0B5 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
19:35:10.0339 0x0c94 storahci - ok
19:35:10.0386 0x0c94 [ 8883C8CE4942A99B84E1CC6EFA19738E, 60C1CDA4382F8EE70D810DBB1BCAF5F389433563FF23EEB84859612F396D8CE6 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
19:35:10.0402 0x0c94 storflt - ok
19:35:10.0448 0x0c94 [ AE7B7E1E95BFB9340B1956C98CA52C81, 3E0214A0C486C1CD05D9BC57E58A998A3CEADDC1D24AE2A75098F56B37069160 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
19:35:10.0464 0x0c94 stornvme - ok
19:35:10.0511 0x0c94 [ 63513EF3121689B3A59BD217618A2E42, DE9B89732801DEC60BD116D58CFB427F7E37F093BE8A9F6E0CAC729B5346B314 ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
19:35:10.0558 0x0c94 storqosflt - ok
19:35:10.0620 0x0c94 [ CC96FF061C772340F2ED89ABBA567ADC, 028CD44405B7FAFC7BF331DD729E44E0594A63386F48CF39D7725A58B3DE22D6 ] StorSvc C:\WINDOWS\system32\storsvc.dll
19:35:10.0683 0x0c94 StorSvc - ok
19:35:10.0714 0x0c94 [ 000F5CFCEF0F06DC8FD1D2F568E48AE4, C1FE485E57A1B912CE79556E0EFF03CC11362E7966D250E3AA4962DCCB8F8EE6 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
19:35:10.0730 0x0c94 storufs - ok
19:35:10.0761 0x0c94 [ 7415087F9006D6818F85F3CBD79B1A50, C768EBB2263375D285D689FEEF546147D42D7376977424A4D6FD655CC78EA7CD ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
19:35:10.0777 0x0c94 storvsc - ok
19:35:10.0808 0x0c94 [ E49858EA5865A015EB78B7F7C1C07DE2, 1ADBBAC2D2E2E3C40AB0BDDE068001E76A8DAB79C54F06479F7A4567DAD7A7A8 ] svsvc C:\WINDOWS\system32\svsvc.dll
19:35:10.0839 0x0c94 svsvc - ok
19:35:10.0917 0x0c94 [ 802278EE4ACCE9EA1F1481DF20EB1667, E78F0DA2CA0B2C2DF3B7E3B2A22C03380FE649813EE6EB31067C5FB6727DB7BD ] swenum C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys
19:35:10.0933 0x0c94 swenum - ok
19:35:10.0964 0x0c94 [ 313D2C0DBA0B23A8302254FD317D2EC8, 20B98D6F33FEC7ACBCEED9757A3FEAD837FA7BA378BA25575A33EA45E076FC6B ] swprv C:\WINDOWS\System32\swprv.dll
19:35:11.0042 0x0c94 swprv - ok
19:35:11.0073 0x0c94 [ 12D0CB1DCAE6725B6CA54CC2038C4C8C, 7D224298E440B8C5FDD99A52485A6245DE5109C9A02E65AD38F1EC6DBF4AEEF2 ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
19:35:11.0120 0x0c94 Synth3dVsc - ok
19:35:11.0152 0x0c94 [ 1C3F9491A1880C43F95A6F675736BF85, 15B47D3583400B8F8A10483B0E0B0228723F8E95750FADE0CACA64BAB48D8C97 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:35:11.0198 0x0c94 SynTP - ok
19:35:11.0292 0x0c94 [ E1415A51EFD0FB87649954C76BEE32D9, F65B35DE88351CEA4A0DD9CC76EB50EE777F323C4D15EEFCA43321CA4C525FBC ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
19:35:11.0511 0x0c94 SynTPEnhService - ok
19:35:11.0589 0x0c94 [ D5B31B2F14848015C211F1D674A82F3A, 58C18254C817693DB727090D1CC518032B3A67C5B3FC7F2F8CE4613A33790CFA ] SysMain C:\WINDOWS\system32\sysmain.dll
19:35:11.0683 0x0c94 SysMain - ok
19:35:11.0730 0x0c94 [ 8863F06F520C1C76254B7DB45057BADA, EE8DA20185FBE37F64E8FE2A6FB477D602159AD6B63FFDD807981E6D28629888 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
19:35:11.0761 0x0c94 SystemEventsBroker - ok
19:35:11.0808 0x0c94 [ 95875059929EF91B55EA612D7967DD3D, 5F734209C8C9725376F7C146ED84999CC6D019C4C10B1795F53E72BE8853E2DD ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
19:35:11.0855 0x0c94 TabletInputService - ok
19:35:11.0917 0x0c94 [ FE33F417DFD9847CB571D3C7EE5FA7E3, B3C7BE7998B9B093DD969A2588EE8CEBD9771331A63D4B1D86A188317B5EE71C ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:35:11.0964 0x0c94 TapiSrv - ok
19:35:12.0120 0x0c94 [ BA8CDF0FC9469005A84453A128EEB6AE, 5E037452DAB8B9004BCB761FD2161477E1D22D6F398CE97665F95FD0D6DD26B5 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
19:35:12.0277 0x0c94 Tcpip - ok
19:35:12.0386 0x0c94 [ BA8CDF0FC9469005A84453A128EEB6AE, 5E037452DAB8B9004BCB761FD2161477E1D22D6F398CE97665F95FD0D6DD26B5 ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
19:35:12.0480 0x0c94 Tcpip6 - ok
19:35:12.0527 0x0c94 [ D378A1AF58AFA84BB6AC753F2C1BE9F4, 8BBA623193D51E6A8DD0627FA08C93B918EF1BA2EEBA46CDBB86FE6A1007FDEE ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
19:35:12.0558 0x0c94 tcpipreg - ok
19:35:12.0605 0x0c94 [ 28E1E63A1AC65E17B3194238FA2CF3BF, 9A52D6DD14BEBB7B407B2703A111D1B302F1B84AA40A14D21FCA554F395E935D ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
19:35:12.0620 0x0c94 tdx - ok
19:35:12.0652 0x0c94 [ CCDBD2817C10A4F631280CBB3AE44FFB, A022DEF4D3CF75F41FA26275347F4BA38A513AD32FF18385C2E756DECB61D404 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
19:35:12.0667 0x0c94 terminpt - ok
19:35:12.0745 0x0c94 [ A0608264209A836821D6AB8C67B108AB, 7912C75F72BCAB7426A2E00C597C8D94C185B5DD31BD6C4BE5D56FECD5B0D9EA ] TermService C:\WINDOWS\System32\termsrv.dll
19:35:12.0839 0x0c94 TermService - ok
19:35:12.0855 0x0c94 [ 261830B1E3650E4471E1F98850B929B7, D281B8A93315E64C7AF5002E5BFBE6AFF8B35FD6AA747AE07D7AA96F4AFAA613 ] Themes C:\WINDOWS\system32\themeservice.dll
19:35:12.0902 0x0c94 Themes - ok
19:35:12.0933 0x0c94 [ 04F4382FF6CF40F4DB99EF01448AAAF5, 96C26B1703964FAFAB9ABC8F4337C28AAEC3198138145644C50B47EC4DEB4F9E ] Thotkey C:\WINDOWS\System32\drivers\Thotkey.sys
19:35:12.0948 0x0c94 Thotkey - ok
19:35:13.0027 0x0c94 [ 79431E9EEAE85C3E579D28265D2E3F21, 4C4A5CCCA8754D15737EC6E838E9F8A2B0D044F1FEB435B332EC70BB0CFA7DE1 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
19:35:13.0136 0x0c94 tiledatamodelsvc - ok
19:35:13.0183 0x0c94 [ 354DAA630928CD4DA2BC84A0DA4ADA9D, AFAE4948EA4F899267DC52DF9A06450FC3E77083B563E541581DA90685C7E98C ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
19:35:13.0214 0x0c94 TimeBroker - ok
19:35:13.0245 0x0c94 [ F4AEDABC8F3A9D632F8206D0C7F8CA09, 6E76749CD4B857B4D930267E3CF448AF4D14FAC851873C5E71572E62CAD2FA36 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
19:35:13.0277 0x0c94 TPM - ok
19:35:13.0308 0x0c94 [ 2D0338A3009075FCCB119CB7F3280F82, F42F3B8DA0F8B2C99892E66CDEF471A1CD30A30CF437ADFF464A2C786A6B87A6 ] TrkWks C:\WINDOWS\System32\trkwks.dll
19:35:13.0339 0x0c94 TrkWks - ok
19:35:13.0433 0x0c94 [ 62D6A900C5DFF2ECF131384E5A5C85AB, 1AF1FB868C59DFF452E3351EE5070B2C746DE606B9E2F1834CE2256F41ABE7A9 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
19:35:13.0480 0x0c94 TrustedInstaller - ok
19:35:13.0527 0x0c94 [ 676C801CAA61AADD0C918CC536A74B78, DB5DEC9445272E46D32DC2A9A99A9AE45729E424E61C679ECFD973AA88457BE6 ] TsUsbFlt C:\WINDOWS\system32\drivers\TsUsbFlt.sys
19:35:13.0573 0x0c94 TsUsbFlt - ok
19:35:13.0589 0x0c94 [ 2BB6CC0DD1CEE86330743B56FA9FE91F, EE71E3DEECA7599947AB09E8967FE8066348D82B4C17D8CBE800FCDE9CF4989D ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
19:35:13.0620 0x0c94 TsUsbGD - ok
19:35:13.0667 0x0c94 [ 14B46248612DF1B1A695040FFFBCFAFC, 8C373A3C416FC9AB3872A187E64AC7A6E69FF605BD8784E8F2B1C28C293A0495 ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys
19:35:13.0698 0x0c94 tunnel - ok
19:35:13.0745 0x0c94 [ 54BDBF3D4DED58DA78B702471C68D4CA, D12F9F09FFE7D38A5EE6BF79DB74D775A9861C3C87E06D7C23259E47247B1782 ] TVALZ C:\WINDOWS\system32\drivers\TVALZ_O.SYS
19:35:13.0761 0x0c94 TVALZ - ok
19:35:13.0792 0x0c94 [ D0BE5EA1652D55029C9A898FB8ACFCE0, 80C4BC30B967C79B3457F43EB9B530CA2571C6158958879AC55E5A81F71CFF15 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
19:35:13.0808 0x0c94 uagp35 - ok
19:35:13.0823 0x0c94 [ 13C15E4B238895FE4731DB1D612EEB5F, 211E4B05AA09F7FBE2487C3241A98D1F970FEE5B9B1BAED2788B57233BFC4104 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
19:35:13.0839 0x0c94 UASPStor - ok
19:35:13.0870 0x0c94 [ BEBB8B55C5F99B69EEE39A9D7BADB21E, 08A094EA38AB58CC70108A3BDFDD3251897DC4B13FDDAD54C1B063137836EF34 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
19:35:13.0917 0x0c94 UcmCx0101 - ok
19:35:13.0948 0x0c94 [ DE3EDAF609D00EA2E54986E6459796A6, 61A9AB51869F38300CC5CC5D302B962FB966F54CBB2E393954F36372B3A479FE ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
19:35:13.0995 0x0c94 UcmUcsi - ok
19:35:14.0042 0x0c94 [ FB1C1D8B96A482F3581338D6752E1D6C, 0FFAEE3E088614B3483C459513BB9D78EB76B574696FD877A3CDF6A11378F46C ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
19:35:14.0058 0x0c94 Ucx01000 - ok
19:35:14.0089 0x0c94 [ 4E1543ACE2F6E2846713E5123D9D4159, 1A6AFC525A80D1F19B14CDAD38790DF7293911C4D0E8301161D92201B934C3D4 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
19:35:14.0136 0x0c94 UdeCx - ok
19:35:14.0167 0x0c94 [ CDCA9CC1D8293E75218D8FF85F2337A4, 173086C08DDC7625E026E425F1E2B5D6C795771BEAE9BFF6093E3592FBEBD323 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
19:35:14.0214 0x0c94 udfs - ok
19:35:14.0245 0x0c94 [ BC683E19307C533C7161DB7A58051347, 5553BE3421986FDD9992EBFD883CDA151F7166C01BBFA3E9183A3C93E41D79B6 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
19:35:14.0261 0x0c94 UEFI - ok
19:35:14.0292 0x0c94 [ D14B42C26DE402F316D49667D15446F0, 61CC9FF03EF78631C800EFD8D587975CB94D53DB80E6F60BD13BA52EC5690D3D ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
19:35:14.0308 0x0c94 Ufx01000 - ok
19:35:14.0355 0x0c94 [ 192470BE4321791FBB25F379D0141D6F, AD120F8F98BD99014471CE60630B5FEE7555AB261C98B7D9819FE23C386655F7 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
19:35:14.0386 0x0c94 UfxChipidea - ok
19:35:14.0402 0x0c94 [ F7BD838E84E6B286DBCE068EFB8C0800, A55188C8F8BDC739A7ED7D29CDCB2A17468BBB158E13D804963B31ED73449520 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
19:35:14.0433 0x0c94 ufxsynopsys - ok
19:35:14.0480 0x0c94 [ C844E39B900FFA46CA8DD2BBA670A077, 0CB6232BCE47C59821DF25D6ED33E85C3E32DDAB101AA8A2C22B5401E73F5D5B ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
19:35:14.0527 0x0c94 UI0Detect - ok
19:35:14.0527 0x0c94 [ A25842AC180F0E8B02380ECB8ADA1AF5, AF22E7559C5EF8DC22A2B9E27FFFFF075B1D1B68A8307266BD9473E0FAF36BEF ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
19:35:14.0542 0x0c94 uliagpkx - ok
19:35:14.0573 0x0c94 [ 21088F43172525C7E02D335A3327F46C, B04AD471A7DFE83AB557DB4540616B7DF4A1904F8BDDCB920D449FCEE6F36FD5 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
19:35:14.0589 0x0c94 umbus - ok
19:35:14.0636 0x0c94 [ 294A291B5D48FE8F38DD94B7272442C5, 66C9139636760C92C1E04FCF440C432FF6C5A94E1577CAFE1D61FCF2D30472ED ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
19:35:14.0667 0x0c94 UmPass - ok
19:35:14.0730 0x0c94 [ 3427889AECC3B6912A0A01D095E32B98, 322AE14B74295ACFC124719BBEF8809201150A184E262EC55E26D2B45787BF9D ] UmRdpService C:\WINDOWS\System32\umrdp.dll
19:35:14.0777 0x0c94 UmRdpService - ok
19:35:14.0886 0x0c94 [ A4A5FF89F65D8D1AA3A769654AD8DBC0, 9C792595F7E90C6074BC0FF5A63C9A19449E2F2E2780087BBF12A72658437EE0 ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
19:35:15.0011 0x0c94 UnistoreSvc - ok
19:35:15.0058 0x0c94 [ BD693208673F40BA21AA70B69F1D439C, E324947C2DD34386A83B09E73668F1CCED127AC91194B8BF7EC4C8E36CF8203E ] upnphost C:\WINDOWS\System32\upnphost.dll
19:35:15.0120 0x0c94 upnphost - ok
19:35:15.0136 0x0c94 [ A7A52EDDC3FAF183D6AC4774690ADF13, 630A0331F2EFA2DC7EFDACD08D8DF5C85BFDA30FF1525050FF54E069AFA45F6C ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
19:35:15.0152 0x0c94 UrsChipidea - ok
19:35:15.0167 0x0c94 [ 2EEA0897DD9E30E958B508D557F0B5E4, BE051A3AA5DFF56310FAB67AD19AC0443A3580542886EF3554EBE18F1323596F ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
19:35:15.0198 0x0c94 UrsCx01000 - ok
19:35:15.0214 0x0c94 [ DC54D775A3A61E4CDE871B4E38A1459A, CC996A9D293201BBD285E7B629B12EE88574702B8AC7BB4149439D6A25A07F7E ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
19:35:15.0230 0x0c94 UrsSynopsys - ok
19:35:15.0261 0x0c94 [ 18B63A0980F4AA1E6D7879B253980E37, 05F96DBE0A3DE2A685DEEBA8B6838A47AEB7CE2EBE8EB6BAD67B36DCF7E73589 ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
19:35:15.0277 0x0c94 usbccgp - ok
19:35:15.0292 0x0c94 [ 1C60A1A3C8E1E819E16F12BAEB1C83F8, E255BD173DBF091C5EA07381862E23C1FD761489EC396E312974FBC124E1F33A ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
19:35:15.0323 0x0c94 usbcir - ok
19:35:15.0355 0x0c94 [ 9A3E39F85DC6E3B9F792F1095ACFF788, 66B8E137A5232E9F717907CFD49FE624AE101F4DE14E2960849DABF7A877E87A ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
19:35:15.0370 0x0c94 usbehci - ok
19:35:15.0417 0x0c94 [ 15FE07A404C8A0CD306661433027FFE4, 250C5B4624EF062C88F49DCFEA00BFF1771EFE8B095EC4F0B51C99BB3F80EC66 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
19:35:15.0448 0x0c94 usbhub - ok
19:35:15.0511 0x0c94 [ 7E51F2AD1D729F5CDBB6BE21CB58FEB7, 4C9CBC7BE52EE80E3734ACF9AA6FC106FBAA9AE15FCDACB7E5100ED5CC041E80 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
19:35:15.0542 0x0c94 USBHUB3 - ok
19:35:15.0605 0x0c94 [ 72EA850B59F40C25A4FEDDA5FE84EFEB, FB4801AA1FB72FC1C41024916368823E88D53E338640E3BEA865B0F0E7B8EE91 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
19:35:15.0636 0x0c94 usbohci - ok
19:35:15.0667 0x0c94 [ 47B2B2DE152E25546944049CA1170BB1, DDA0A806D3108B2475AB13F584EA8CE6F0932C5E394C2C3FA691DFAB8A2BCAC0 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
19:35:15.0698 0x0c94 usbprint - ok
19:35:15.0730 0x0c94 [ 1F72E1A7E1858B7B3FF81522FCEBDE95, 4FAD243DA73C45CD5CA5E50F824F30EF0DC777D83957FD21FF43D8C89EC15AAC ] usbser C:\WINDOWS\System32\drivers\usbser.sys
19:35:15.0777 0x0c94 usbser - ok
19:35:15.0823 0x0c94 [ CD35467670DF1E6FBF36DA308F0C872B, E1F4F9B1EBD476394CBD0C934842AEE2502B030D97351B0A1E751FF23B011B57 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
19:35:15.0839 0x0c94 USBSTOR - ok
19:35:15.0870 0x0c94 [ DFA92EA105DD1073B43FB210EEB03DD4, D940432458F0A04F5013B48197CEA0412C8A909C50605AA21DD08271C90E2FE3 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
19:35:15.0886 0x0c94 usbuhci - ok
19:35:15.0933 0x0c94 [ B1484D4BBC6B7B424F1CD1554B0AFB84, C9432978603360182AAA983248FFA97576B3C59BE5DA45473DFA17E2940479C8 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
19:35:15.0964 0x0c94 usbvideo - ok
19:35:16.0011 0x0c94 [ C67A03F54A1EA683F4880A481EE5FF6C, 346185B378577FF14EFAD01ECB7DFC9AFC0D50F16DF081C3BA99AEFF710A0EE9 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
19:35:16.0042 0x0c94 USBXHCI - ok
19:35:16.0198 0x0c94 [ FD38DDBCC1699BAB0446B93C1245FE17, 0AADBE137FE4372C3FFF2E98CAB4522CBC16CA1CE9564FB3C53A896A1B4E6EC2 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
19:35:16.0308 0x0c94 UserDataSvc - ok
19:35:16.0370 0x0c94 [ E9E2B5FFBEFC2CDF14A6E55DD94CC823, A10C011835A65601B8FE3A30F361C224C60084A78085842ADCDA248047530CD1 ] UserManager C:\WINDOWS\System32\usermgr.dll
19:35:16.0464 0x0c94 UserManager - ok
19:35:16.0542 0x0c94 [ 0CFEA30C0217EE74FF853B2B0CC0BE6D, 1F0856D2D94F46D7B24B7EE18ED868C9EFAE972039D35D1FAA9058A12CF40493 ] UsoSvc C:\WINDOWS\system32\usocore.dll
19:35:16.0620 0x0c94 UsoSvc - ok
19:35:16.0636 0x0c94 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] VaultSvc C:\WINDOWS\system32\lsass.exe
19:35:16.0652 0x0c94 VaultSvc - ok
19:35:16.0683 0x0c94 [ 26223003DDFB347B5CF3EC0B56DB066B, 78848BE1334C05F28FA431B08225EAE8345B2C66E7D677F9936892FC941EA961 ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
19:35:16.0698 0x0c94 vdrvroot - ok
19:35:16.0761 0x0c94 [ 0C3F4E7684C1D72E85A98689E65A98A1, F7928D3EFC1A83125887ADA5F8E008022B58F0DBA8A711B4D60975D8CE82B595 ] vds C:\WINDOWS\System32\vds.exe
19:35:16.0855 0x0c94 vds - ok
19:35:16.0886 0x0c94 [ A417284BC6B5C2EEF63F2C5154473530, 55146660CDDD829630C216038E6500CFAC906E67C82881047B665BFEEB286D10 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
19:35:16.0902 0x0c94 VerifierExt - ok
19:35:16.0964 0x0c94 [ 4C39C05A72EB14C0567501C7E087E564, D3DC122B7E4A5BD345517FE3A9E9E58CD3C78887F9F327AB782BADCAD0F8F2EB ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
19:35:17.0027 0x0c94 vhdmp - ok
19:35:17.0058 0x0c94 [ C42206A15078596FDE8E89BB629DE342, B95F9EC2413ADE658A7CE4A9BB57A0E125C29205C24BBB120153DACAF4CF9482 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
19:35:17.0073 0x0c94 vhf - ok
19:35:17.0120 0x0c94 [ 248D9F911A5C94CF8477125DD0C3A291, 418C7285184BCC9DE4E56175960585867A5DB21FEF761C49FF6F1AF1C07D8088 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
19:35:17.0136 0x0c94 vmbus - ok
19:35:17.0152 0x0c94 [ 3E98DD4E0CBD6B4F9CBD0E9E0EDF541E, 2B5CF364F4D1D3359FBEA8BB2E72A1FCE1277E8D893977B751D9AC10A27DF018 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
19:35:17.0183 0x0c94 VMBusHID - ok
19:35:17.0230 0x0c94 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
19:35:17.0308 0x0c94 vmicguestinterface - ok
19:35:17.0339 0x0c94 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
19:35:17.0370 0x0c94 vmicheartbeat - ok
19:35:17.0402 0x0c94 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
19:35:17.0448 0x0c94 vmickvpexchange - ok
19:35:17.0464 0x0c94 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
19:35:17.0511 0x0c94 vmicrdv - ok
19:35:17.0542 0x0c94 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
19:35:17.0573 0x0c94 vmicshutdown - ok
19:35:17.0605 0x0c94 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
19:35:17.0652 0x0c94 vmictimesync - ok
19:35:17.0667 0x0c94 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicvmsession C:\WINDOWS\System32\ICSvc.dll
19:35:17.0714 0x0c94 vmicvmsession - ok
19:35:17.0730 0x0c94 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
19:35:17.0777 0x0c94 vmicvss - ok
19:35:17.0808 0x0c94 [ 91F165C5D71D9DCB18D4661CF10D1084, 1D55C1FF0F5D860E6DB60EEFE303C0797C98BB0B053ECC255F9B316872288818 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
19:35:17.0823 0x0c94 volmgr - ok
19:35:17.0839 0x0c94 [ 17042748AC05862A0283D32575220080, A85B480CB969CB7678545D2A9EE99CBD2ADFF210FA016A43E092D0711FBB633D ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
19:35:17.0886 0x0c94 volmgrx - ok
19:35:17.0933 0x0c94 [ 823A237D871CD652C6BFD47BECB6810A, 99310521451CB54C29A5DEA54C3A666F95E2A1FF0979D5F9792885A161E90C65 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
19:35:17.0948 0x0c94 volsnap - ok
19:35:17.0980 0x0c94 [ 78727FA284C2095EED660D71CD3C9AEF, 323F0BD5A624DF77973F28C7CF31EC6B3A525496EBF063666623A62B1DB0EA65 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
19:35:17.0995 0x0c94 vpci - ok
19:35:18.0027 0x0c94 [ 2415961D561E02F5E46B7C1C687A6788, 68A54B9595A0D15D410D5F1656B6EBE3B913A4BA5F71C658C9B99420E6ED327A ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
19:35:18.0042 0x0c94 vsmraid - ok
19:35:18.0152 0x0c94 [ 16419CBDB04DB9FF298169AA93413822, 743AD26F08AF5EFF5DD353E75C3D659B10C3FEC2FEDABB76387B87721B5B98F8 ] VSS C:\WINDOWS\system32\vssvc.exe
19:35:18.0277 0x0c94 VSS - ok
19:35:18.0323 0x0c94 [ 6AE9A843AE979F2DCCA5A25C07C7A5F8, 3CEC26DE2EEC97929A0FBBD87FF75F8DC387C0988B2047074C8F069ACBEF2587 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
19:35:18.0355 0x0c94 VSTXRAID - ok
19:35:18.0386 0x0c94 [ BD232C761C59FA8D8EF626CA630E2D2E, E494EFDCE8F6343F49F33F1F03DCD5DEC9CB6F349B1AD302B4D3333B5F6BD8E5 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
19:35:18.0417 0x0c94 vwifibus - ok
19:35:18.0433 0x0c94 [ 3039687AB65CEE26CF478C1F42FFCD7D, 40E140C6F94B6203767A1493DF8CAE6BA1FB67FBD0C13789444F72410D0E6FF1 ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
19:35:18.0495 0x0c94 vwififlt - ok
19:35:18.0527 0x0c94 [ 37C868DDE3103130B00AD1313DAB5ACB, BF9C30817A3502F5C0673FD462B18FE1BF37963B29DF09D84B66BDCBF8ECBA81 ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys
19:35:18.0558 0x0c94 vwifimp - ok
19:35:18.0605 0x0c94 [ EC9B6544C569E8D7FAB91772BD7D23F2, 06CC5F21E9A9DD35099CB3E44C3E2BF2F944CE5B71284E6A85E1B681F12BD31B ] W32Time C:\WINDOWS\system32\w32time.dll
19:35:18.0652 0x0c94 W32Time - ok
19:35:18.0714 0x0c94 [ 9776E4816D92B766F461957FBDA84360, 048F6ADC97767AFAB50582D0AE1E67A15B038A1C02F7982A6AD30B61AC5C7369 ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll
19:35:18.0761 0x0c94 w3logsvc - ok
19:35:18.0823 0x0c94 [ F61FA0EDBE913DFCA0CF012FDD9E99EE, DE8685230D49F940640F400D2EC4F10E677AF6D57B3FAB0342AA98BEA779D6AD ] W3SVC C:\WINDOWS\system32\inetsrv\iisw3adm.dll
19:35:18.0870 0x0c94 W3SVC - ok
19:35:18.0902 0x0c94 [ FC40A7527D39F06D032A6553D22E4BF6, F572FCB5EB3DE16FD6222A5B6A43C81E3A1F838890667D9F0453F82FFCA772FF ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
19:35:18.0933 0x0c94 WacomPen - ok
19:35:18.0995 0x0c94 [ 2CFE8CBE358CC4D5715E010E3B13559F, 54E9BFCE202FA123EB261C226094054950429AAFA304AA714F461B003E070BD9 ] WalletService C:\WINDOWS\system32\WalletService.dll
19:35:19.0058 0x0c94 WalletService - ok
19:35:19.0089 0x0c94 [ E9E22E116F810DAC98C5EC207F24C916, C518DC57CECA5174E7695F5632555FA08571D5F3A7D6B0C295BA4221AEA67C04 ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:35:19.0120 0x0c94 wanarp - ok
19:35:19.0136 0x0c94 [ E9E22E116F810DAC98C5EC207F24C916, C518DC57CECA5174E7695F5632555FA08571D5F3A7D6B0C295BA4221AEA67C04 ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:35:19.0152 0x0c94 wanarpv6 - ok
19:35:19.0198 0x0c94 [ F61FA0EDBE913DFCA0CF012FDD9E99EE, DE8685230D49F940640F400D2EC4F10E677AF6D57B3FAB0342AA98BEA779D6AD ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll
19:35:19.0245 0x0c94 WAS - ok
19:35:19.0355 0x0c94 [ CF9EF65FA66B0F4982FD1FACAB3009B6, 681C1CD5DCAF87EF436B907534E98B0AB4F66BD62E46B8977A7880B854766A27 ] wbengine C:\WINDOWS\system32\wbengine.exe
19:35:19.0464 0x0c94 wbengine - ok
19:35:19.0527 0x0c94 [ 8F2B0ED6FCA72B34BEEA37E32D0EE106, A86C641A13FDF056B7BA13641551582199DDB08E9490003C74D999518B097C00 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
19:35:19.0620 0x0c94 WbioSrvc - ok
19:35:19.0683 0x0c94 [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm C:\WINDOWS\WindowsMobile\wcescomm.dll
19:35:19.0714 0x0c94 WcesComm - ok
19:35:19.0761 0x0c94 [ BB87BF4D17EBB3C05236FDAA048EBE07, 45D3B0C2561E28EDA4460C23768F660AE0F56527F7BDD191ED0DE4F414983AE1 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
19:35:19.0823 0x0c94 Wcmsvc - ok
19:35:19.0902 0x0c94 [ 8E7FD07D2C82ACBCA52C4100C20F6542, FB2CD88557ABB5EBE6555CD4E41BF4BDC6FE6BCF26288338F2FB034B966FCBD3 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
19:35:19.0948 0x0c94 wcncsvc - ok
19:35:19.0964 0x0c94 [ 9C776ED423CD03F8ABD54C2557E34416, 282C1208977070EC0280D5ABA0E03A847AEAEE31F35CDAA3C7A02D8477614EB1 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
19:35:20.0058 0x0c94 WcsPlugInService - ok
19:35:20.0089 0x0c94 [ C8BA574B3BA6AE88741AC86B1FE3C1DC, B2422CDE3A6A27B52D270D24298FF69D91D389C68456EC1805BA30AA59BAB839 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
19:35:20.0105 0x0c94 WdBoot - ok
19:35:20.0167 0x0c94 [ 796D1C95894BC15B3FEF090C107CBA31, 97917C543CBC13288F2194CB09C3A2759012B74F0D72DDB0896EF42C87348C6D ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
19:35:20.0214 0x0c94 Wdf01000 - ok
19:35:20.0230 0x0c94 [ C5BB7C612B4C852836BEA39593BA5F46, 1E2B123F34500C2A8E983AAAF7F14E409B88DC396A655F19F3E7F15D0C51A762 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
19:35:20.0261 0x0c94 WdFilter - ok
19:35:20.0292 0x0c94 [ 9E0442D3880438D006D95C6F63C27274, DB1ED2BCF9986495EFA8A0B3B0156119F2E4F77AE9BDC6377ADF3A6B53C658F6 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
19:35:20.0339 0x0c94 WdiServiceHost - ok
19:35:20.0355 0x0c94 [ 9E0442D3880438D006D95C6F63C27274, DB1ED2BCF9986495EFA8A0B3B0156119F2E4F77AE9BDC6377ADF3A6B53C658F6 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
19:35:20.0386 0x0c94 WdiSystemHost - ok
19:35:20.0433 0x0c94 [ 9B2039C5673EEBF1D4E34ABC0AFB88C7, BBC85546BD86B9027426DAF148194CFE992B80FF89311B28BE0BD82C88630E8C ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
19:35:20.0511 0x0c94 wdiwifi - ok
19:35:20.0558 0x0c94 [ BD193A7BD34B2E829FAF56306FEE3B09, ADD746D198E21242CEFA01840952B792074EFC473113CD3E7F1ABBA6A4E26AF6 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
19:35:20.0573 0x0c94 WdNisDrv - ok
19:35:20.0620 0x0c94 WdNisSvc - ok
19:35:20.0667 0x0c94 [ 6A3B5013D5C7840E8CABD63DD021C112, 371CCEEAC7816CFE79ACA8A218CDA16469D9567CB63CC9D18C55FF047011EF25 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:35:20.0714 0x0c94 WebClient - ok
19:35:20.0761 0x0c94 [ EED4043BC3C2D00067411730EE118354, 5E268DA4DB78C06D8F181E9408B4769F8A12C38DA52C1E986EE0CEE1101E9485 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
19:35:20.0792 0x0c94 Wecsvc - ok
19:35:20.0823 0x0c94 [ 6ECD7A49AFC6533821BEEA1876CEB21D, 2E972245F56F589EF1AB9DABB9214B9DE6E290878735476323A3357D8CDFC71F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
19:35:20.0855 0x0c94 WEPHOSTSVC - ok
19:35:20.0917 0x0c94 [ 09B434867028AF4895A87959EA668686, 26A7DB82E42DCBF3A77092D58AC6392754FD7C538B9EAAEFA88E9AF81DFE8E96 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
19:35:21.0011 0x0c94 wercplsupport - ok
19:35:21.0042 0x0c94 [ DE4E417B867841EE55114E588098B8D5, 878708C93FC1D919E2B9E1C5F94A0EAFC5F28BDAA58D3F29DEEDC8EC3F72D9ED ] WerSvc C:\WINDOWS\System32\WerSvc.dll
19:35:21.0073 0x0c94 WerSvc - ok
19:35:21.0089 0x0c94 wfpcapture - ok
19:35:21.0105 0x0c94 [ DBF5255B759212E5217A2748567A0B5C, 5E81A9289EC39702179038B686A35FADF9974651E74222F3354B4CBE919887B0 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
19:35:21.0136 0x0c94 WFPLWFS - ok
19:35:21.0167 0x0c94 [ 4CD8826BB8320741842A9E53E48AF2BC, 97B22D9DCD0FD31D3A801946173369B0E70B1850576682C8A8180874A61CAD1A ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
19:35:21.0214 0x0c94 WiaRpc - ok
19:35:21.0245 0x0c94 [ 4375BCBA419D19695CF566082CEF27D3, 6F86FA14B41A03F2BA51B8702F3D59B85FD488405601FA177495E4B7C576850D ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
19:35:21.0261 0x0c94 WIMMount - ok
19:35:21.0277 0x0c94 WinDefend - ok
19:35:21.0308 0x0c94 [ 037BC6DE5F58D4A74A5BB0C12DCECDCA, 92921A2615A41C434BADEB33594DABC166FC9418FBD311A3B2022410B14BFDAC ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
19:35:21.0339 0x0c94 WindowsTrustedRT - ok
19:35:21.0355 0x0c94 [ 70BCD70BD53F2FE660ED94B025A043EB, B23B96DCAB30C62CB1651B3A2292155AEE8217CE3120574F5158D5E7DA09DE56 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
19:35:21.0370 0x0c94 WindowsTrustedRTProxy - ok
19:35:21.0433 0x0c94 [ 8921ECEC2C7D1B1333D77325C60D3AEA, 67C6B6A92B34D99165B5591D0730322C31E967E599BA44924249BF5AD505C132 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
19:35:21.0542 0x0c94 WinHttpAutoProxySvc - ok
19:35:21.0573 0x0c94 [ 7792AE5403BF8975B6460DFC3428D129, D88F77E973D58C2CA629CC9249877A34ABF31CA1DC2A570666921A8A0DC8DEC7 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
19:35:21.0589 0x0c94 WinMad - ok
19:35:21.0652 0x0c94 [ 73B5230F03DC7002A70F11EA1B0BAA37, DFE8BBE52B58589686E402ACED51021E298A491F907EBA5689DF9DAFC3002BA5 ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:35:21.0698 0x0c94 Winmgmt - ok
19:35:21.0855 0x0c94 [ 2FE85D6AFF90F56A78743CC93B9CA684, B515765C4EE64E7EC16BD6AF037C084CCA6E81180AEF59E18F260406ABE6DF58 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
19:35:22.0042 0x0c94 WinRM - ok
19:35:22.0089 0x0c94 [ 811F30EB6EE8318C4171CB95AE30B9BD, 765F6BEA3D35D523B5D7ED7356EC0C97A48066A5C4D77C1E6EDAC6F220153385 ] WINUSB C:\WINDOWS\System32\drivers\WinUsb.sys
19:35:22.0120 0x0c94 WINUSB - ok
19:35:22.0152 0x0c94 [ DF00381AB8665D48DE3FF794BC6760AB, 749AC7048601061A34BFF507B574AF028FC662C0A98692E7331E667D105EC09D ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
19:35:22.0167 0x0c94 WinVerbs - ok
19:35:22.0339 0x0c94 [ 1D57DD1A716A1C2C71F0A53BD00B6AFD, 5374CFA453ECE8F70C1A7AC6CB1ABAF64C6BB4366BAD666533C495DD1BADC395 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
19:35:22.0464 0x0c94 WlanSvc - ok
19:35:22.0620 0x0c94 [ 802E5A0B96C1E9FCC0CBFD75F04CE7DF, C689E22141B5FA69438205D824DFCB408429DE9B8612A424E3425717017E9DB3 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
19:35:22.0777 0x0c94 wlidsvc - ok
19:35:22.0792 0x0c94 [ 623ED8E10DFEEAB7AE2CD11A0451DB79, 7DDE15F22FD24556D4765F6CFD0F8E2F27370A89A962919646DE2613B33D43D6 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
19:35:22.0808 0x0c94 WmiAcpi - ok
19:35:22.0870 0x0c94 [ B2BB87531C4127ED4120E9BF5566827F, 1DDC0F00F215D77D3698F81B56D4488F384E9D017267840EDFA4846742B99B6A ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
19:35:22.0902 0x0c94 wmiApSrv - ok
19:35:22.0933 0x0c94 WMPNetworkSvc - ok
19:35:22.0995 0x0c94 [ 78CA1FF6FE37EEFAFF99DD1C956AF60A, 883C7890C83BAB3B846A0C969D7B67031BD2EF65FA58A0620DD0CD1655C5B2C5 ] Wof C:\WINDOWS\system32\drivers\Wof.sys
19:35:23.0027 0x0c94 Wof - ok
19:35:23.0183 0x0c94 [ B2D8EDBBC339D903BF4073FF7A8D251E, 989F3B94F084720A094C89FD5AF02B5D5BCE5FB127F323E1ADA2890B6AAB3535 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
19:35:23.0339 0x0c94 workfolderssvc - ok
19:35:23.0386 0x0c94 [ 388F2A3C771B8BEE76FD1AAF9614D08E, C064EC6136CC20C4EE19C86E91CA071974933BB52C9EF8521DF4AFD060FED4A2 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
19:35:23.0402 0x0c94 wpcfltr - ok
19:35:23.0448 0x0c94 [ A6FCFE1F691B4A4D266F5D487FADB9FE, 2135D0C13C1295A2F76885E380CD72CB71CEB8E0D9F1C183A35935B27737D423 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
19:35:23.0480 0x0c94 WPDBusEnum - ok
19:35:23.0527 0x0c94 [ 37DCE976B3935380F2F6E39ABB6BF40D, B14E875F6D6503DF0DB6D9D2363316073AEEF394D830EA2270A0DCDA56E1CEC4 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
19:35:23.0542 0x0c94 WpdUpFltr - ok
19:35:23.0573 0x0c94 [ 80F0154FD4293E562D54E97811E03499, EDE920F7F95EFBE542FE3CE066B6F7CDE3B9A37DDF3411DC86EACE9EEF294C1D ] WpnService C:\WINDOWS\system32\WpnService.dll
19:35:23.0620 0x0c94 WpnService - ok
19:35:23.0667 0x0c94 [ 3CD22DD5A790CF7C24D65455E565EA83, 49DB06DF6F38940E7F8691C16586A78BB20E702FD48A34E50987C06B08BDF4DB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
19:35:23.0714 0x0c94 ws2ifsl - ok
19:35:23.0745 0x0c94 [ EBA916109A176714E6A7BD152387F13C, 7B38B1708B83271ADA8D1CEC7F5F0A75C7F2572185C0961EFC749D5DF16A03F0 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
19:35:23.0777 0x0c94 wscsvc - ok
19:35:23.0808 0x0c94 [ E392DFAF6D0DEFC812ECC727A61F91C5, C28B6CC8AD034157CE92C7F098A9C12ADED2769E6AF954A9AAD10CC0E811DD2A ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
19:35:23.0823 0x0c94 WSDPrintDevice - ok
19:35:23.0839 0x0c94 [ 0902C63D8C836EA4D0876FCD8D627701, 0173F83CF8DA9C6D40C64CE88BF1A40EB634008D3D48F74E4E3BBBB11F1CA8D1 ] WSDScan C:\WINDOWS\system32\DRIVERS\WSDScan.sys
19:35:23.0855 0x0c94 WSDScan - ok
19:35:23.0870 0x0c94 WSearch - ok
19:35:24.0058 0x0c94 [ 9EB85802AB625970E05879D15DE56335, B7DCE5E1924A5CEE76CC07FF3B8CEDBBD0DDBB4C4ED0A3BFB8D1ABCAD7C0AA23 ] WSService C:\WINDOWS\System32\WSService.dll
19:35:24.0277 0x0c94 WSService - ok
19:35:24.0495 0x0c94 [ 994DB3BD0278B3136FD95F7E1C73A935, 4ECAD55E7ABF24DFB79882E842FE424157C383B0565FF1B222E74A085F05FC28 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
19:35:24.0714 0x0c94 wuauserv - ok
19:35:24.0745 0x0c94 [ 835F60262E7E310080EA05F6752BF248, 3010B731DF3D52B56EA16FD29B66F5D3AB9412E49CA4C547BAAECA3225C5DC40 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
19:35:24.0777 0x0c94 WudfPf - ok
19:35:24.0792 0x0c94 [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
19:35:24.0839 0x0c94 WUDFRd - ok
19:35:24.0870 0x0c94 [ 44CF3130AEC8914705487C4AEF756A19, 30B09E32DEC02141F9B99ED012E441056C1663A72E4130EF4221ECC0ED87BF4B ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
19:35:24.0902 0x0c94 wudfsvc - ok
19:35:24.0933 0x0c94 [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
19:35:24.0964 0x0c94 WUDFWpdFs - ok
19:35:24.0980 0x0c94 [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
19:35:25.0011 0x0c94 WUDFWpdMtp - ok
19:35:25.0120 0x0c94 [ 989EC133AD360CE71F85974B03143D97, 590145B7BD17A25A0848BD5C41AB967ED6C8DADE2BF91C6F4CA6D29CC3D1C79B ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
19:35:25.0245 0x0c94 WwanSvc - ok
19:35:25.0339 0x0c94 [ 9BDC2AFCEF4CF1C630D728DE1DBD495A, 5CE19974380CCEC46C181315B349E9A7CE757E19118EC5978A2293D63268BA66 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
19:35:25.0417 0x0c94 XblAuthManager - ok
19:35:25.0495 0x0c94 [ 3EDB6162310EA223890C2DF44C68358B, 12053291809CA9C38A30EA4B2DE7115F535531F0925220C63B0312979F9CC707 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
19:35:25.0605 0x0c94 XblGameSave - ok
19:35:25.0636 0x0c94 [ 30021D1E0407B71E8D5D4F8DAE4E656A, EE2E366A1CC033C068176C7E9F876FFA0EF86A15A482B6964E170DE863CFF542 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
19:35:25.0730 0x0c94 xboxgip - ok
19:35:25.0808 0x0c94 [ 729B70C81F207541BC6A4ABAE3A8D594, 31F9BC41169D28B397C0D988C367C32FA9A95289E68AB8F38061DA478752A765 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
19:35:25.0902 0x0c94 XboxNetApiSvc - ok
19:35:25.0933 0x0c94 [ 6851673B90D8CB332439E0339F81A6B6, 4E95F1A63E6DD58BB5BD6FC1D9784837D5E6F5BCF870C7ECC92DCA1AF20B6A4C ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
19:35:25.0964 0x0c94 xinputhid - ok
19:35:25.0964 0x0c94 ================ Scan global ===============================
19:35:26.0011 0x0c94 [ C6BC6E49A7F76AA2BBA58CD08196755F, D02B6B285899E966D19323566A4780D51303D00E66674D7FF4B61991430A69A6 ] C:\WINDOWS\system32\basesrv.dll
19:35:26.0058 0x0c94 [ 70EC9717DC3A1CDF79C703A145E0E5B7, D5ABF42063DFF799FD4099D8A347256CC79B89582B987B3DEE240AFA5BA421BE ] C:\WINDOWS\system32\winsrv.dll
19:35:26.0105 0x0c94 [ F435AFA375ACBAEE44324DD464EDCC11, 815DE470439AE5D96348BEBF971A14FBDCA1D36F31CA0D25F69E5F41817D43D5 ] C:\WINDOWS\system32\sxssrv.dll
19:35:26.0152 0x0c94 [ BB3D8E1C108F7244613FF3993291A922, 1642AF23F200D46F54239C3BA743F1D5ADDC6A32D5F6481264D0C1D7F3E9D533 ] C:\WINDOWS\system32\services.exe
19:35:26.0183 0x0c94 [ Global ] - ok
19:35:26.0183 0x0c94 ================ Scan MBR ==================================
19:35:26.0214 0x0c94 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:35:26.0511 0x0c94 \Device\Harddisk0\DR0 - ok
19:35:26.0527 0x0c94 ================ Scan VBR ==================================
19:35:26.0527 0x0c94 [ 06AB9463118ED352D21127A004E48141 ] \Device\Harddisk0\DR0\Partition1
19:35:26.0558 0x0c94 \Device\Harddisk0\DR0\Partition1 - ok
19:35:26.0573 0x0c94 [ 84F2CD753D1374F499F83ABA5EE7B1E9 ] \Device\Harddisk0\DR0\Partition2
19:35:26.0589 0x0c94 \Device\Harddisk0\DR0\Partition2 - ok
19:35:26.0589 0x0c94 ================ Scan generic autorun ======================
19:35:27.0152 0x0c94 [ 65E8545F1297CD83534C354A7BED1848, 19B3F3C17A335837454DC1851C6436D0BB2D8B1595AEB4DC71265FB20868B48F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:35:27.0808 0x0c94 RTHDVCPL - ok
19:35:27.0995 0x0c94 [ 31821EC63BDEDE18E64C11F7248B32AB, 6982AE866F8EC7943FDB3E4B77B03542A2E3E07F080B8D806C4ED903DE3368CE ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
19:35:28.0073 0x0c94 RtHDVBg_Dolby - ok
19:35:28.0073 0x0c94 SynTPEnh - ok
19:35:28.0136 0x0c94 [ 233A10D4B3F6897899112E4EC60F1906, 1F7E768E57064938114DF2EFC5B219EB0D30A7D9E574924E9CED054462505AF0 ] C:\WINDOWS\WindowsMobile\wmdc.exe
19:35:28.0167 0x0c94 Windows Mobile Device Center - ok
19:35:28.0277 0x0c94 [ 38D198A2DD54A67120040566A38103BA, 01604BD91A5B2C0DDC7B52036511F8219952626716E75979D8464F2C56BA0114 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
19:35:28.0308 0x0c94 GrooveMonitor - ok
19:35:28.0714 0x0c94 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
19:35:29.0136 0x0c94 OneDriveSetup - ok
19:35:29.0495 0x0c94 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
19:35:29.0730 0x0c94 OneDriveSetup - ok
19:35:29.0964 0x0c94 [ C2D2FFD27F46815951C9562F0A2EC864, 892A5DC5C3D797E3FD36230710BA9AF43ADA5CDFD19A03268D20D5A9DA3CCB3A ] C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\OneDrive.exe
19:35:29.0995 0x0c94 OneDrive - ok
19:35:30.0058 0x0c94 [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe
19:35:30.0073 0x0c94 Dropbox Update - ok
19:35:30.0261 0x0c94 [ F5164E5D119C2892168B46D4C8FA16A7, D355DC94FF04AEB6160F496F92F5F864A1E5C6B909BFD341B79A358CE72B280E ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
19:35:30.0308 0x0c94 GarminExpressTrayApp - ok
19:35:30.0339 0x0c94 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
19:35:30.0386 0x0c94 Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64 - ok
19:35:30.0417 0x0c94 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
19:35:30.0448 0x0c94 Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 - ok
19:35:30.0448 0x0c94 Waiting for KSN requests completion. In queue: 223
19:35:31.0464 0x0c94 Waiting for KSN requests completion. In queue: 223
19:35:32.0480 0x0c94 Waiting for KSN requests completion. In queue: 223
19:35:33.0573 0x0c94 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x60100 ( disabled : updated )
19:35:33.0573 0x0c94 AV detected via SS2: COMODO Antivirus, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.2.0.4674 ), 0x61000 ( enabled : updated )
19:35:33.0573 0x0c94 FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.2.0.4674 ), 0x61010 ( enabled )
19:35:35.0964 0x0c94 ============================================================
19:35:35.0964 0x0c94 Scan finished
19:35:35.0964 0x0c94 ============================================================
19:35:35.0995 0x1768 Detected object count: 0
19:35:35.0995 0x1768 Actual detected object count: 0
|
|
22.09.2015, 15:52
| #8 |
| /// the machine /// TB-Ausbilder | Unkontrollierter Mailversand von meiner web.de-Adresse Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.09.2015, 18:44
| #9 |
| | Unkontrollierter Mailversand von meiner web.de-Adresse Tablet Code:
ATTFilter # AdwCleaner v5.008 - Bericht erstellt am 22/09/2015 um 18:50:43
# Aktualisiert am 18/09/2015 von Xplode
# Datenbank : 2015-09-22.3 [Server]
# Betriebssystem : Windows 10 Home (x86)
# Benutzername : Melly - BUMBLEBEE
# Gestartet von : C:\Users\Melly\Desktop\AdwCleaner_5.008.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\foxydeal.sqlite
[-] Datei Gelöscht : C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\searchplugins\avira-safesearch.xml
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Internetbrowser ] *****
[-] [C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\prefs.js] [Preference] Gelöscht : user_pref("avira.safe_search.prev_newtab", "hxxps://safesearch.avira.com/#?source=newtab");
[-] [C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\prefs.js] [Preference] Gelöscht : user_pref("browser.newtab.url", "hxxps://safesearch.avira.com/#?source=newtab");
[-] [C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"148f51bc9fa43-0d799002835a698-7f6c1735-0-148f51bc9fb5d\"");
[-] [C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1417551521");
[-] [C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"3a2ac492d6d72cff671219f2b18f7ff8877c4cd1\"");
[-] [C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "4451144920");
[-] [C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"4d1e0ebefc4816d858450a80bbcc37f3afb9c927\"");
[-] [C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.safesearch.install", "1412861512203");
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2591 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 10 Home x86
Ran by Melly on 22.09.2015 at 19:03:04,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Melly\AppData\Roaming\mozilla\firefox\profiles\zxxjq7kq.default\prefs.js
user_pref(avira.safe_search.search_was_active, false);
Emptied folder: C:\Users\Melly\AppData\Roaming\mozilla\firefox\profiles\zxxjq7kq.default\minidumps [8 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.09.2015 at 19:06:26,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:15-09-2015
durchgeführt von Melly (Administrator) auf BUMBLEBEE (22-09-2015 19:07:40)
Gestartet von C:\Users\Melly\Downloads
Geladene Profile: Melly (Verfügbare Profile: Melly & Administrator)
Platform: Microsoft Windows 10 Home (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\Run: [Spotify Web Helper] => C:\Users\Melly\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-06-02] (Spotify Ltd)
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\Run: [Dropbox Update] => C:\Users\Melly\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Melly\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Melly\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Melly\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-06-14]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-06-14]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2014-06-19]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{47e8a5ae-3ba9-44ca-ae35-b23842545b0e}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2014-06-29] (LastPass)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2014-06-29] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2014-06-14] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-18] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Extension: LastPass - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\support@lastpass.com [2015-07-20]
FF Extension: Garmin Communicator - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-06-01]
FF Extension: WOT - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-13]
FF Extension: FireFTP - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-06-01]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: Adblock Plus - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-14]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-07-31]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [461672 2015-08-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-31] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-31] (Avira Operations GmbH & Co. KG)
S2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
S2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
S2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2014-04-19] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1874104 2015-07-14] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290208 2015-07-30] (Intel Corporation)
S2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
S2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [283552 2015-07-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
S3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [116032 2015-08-27] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [104840 2015-08-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [138800 2015-08-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37896 2015-05-20] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [37384 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-19] (Broadcom Corp)
S3 BthA2DP; C:\WINDOWS\system32\drivers\BthA2DP.sys [125440 2015-07-10] (Microsoft Corporation)
S3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [193536 2015-07-10] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23040 2015-07-10] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\System32\drivers\btwampfl.sys [162560 2015-04-09] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\System32\drivers\BtwSerialBus.sys [139520 2015-04-09] (Broadcom Corporation.)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 CM3218x; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
R3 CPLMACPI; C:\WINDOWS\system32\DRIVERS\CPLMACPI.sys [25040 2015-07-08] (Capella Microsystems, Inc.)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [44496 2014-01-22] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17416 2015-05-13] (ASUS)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S3 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35904 2015-06-26] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [263936 2015-05-21] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [31848 2015-06-18] (Avira Operations GmbH & Co. KG)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-22 19:06 - 2015-09-22 19:06 - 00000910 _____ C:\Users\Melly\Desktop\JRT.txt
2015-09-22 19:01 - 2015-09-22 19:02 - 01798976 _____ (Malwarebytes) C:\Users\Melly\Desktop\JRT.exe
2015-09-22 18:58 - 2015-09-22 18:58 - 00016148 _____ C:\WINDOWS\system32\BUMBLEBEE_Melly_HistoryPrediction.bin
2015-09-22 18:49 - 2015-09-22 18:50 - 00000000 ____D C:\AdwCleaner
2015-09-22 18:48 - 2015-09-22 18:48 - 01662976 _____ C:\Users\Melly\Desktop\AdwCleaner_5.008.exe
2015-09-22 18:39 - 2015-09-22 18:39 - 00000000 ___HD C:\OneDriveTemp
2015-09-21 18:16 - 2015-09-21 18:17 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Melly\Desktop\tdsskiller.exe
2015-09-21 17:55 - 2015-09-21 17:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-21 17:54 - 2015-09-21 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-21 17:54 - 2015-09-21 17:54 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-21 17:53 - 2015-09-21 18:09 - 00000000 ____D C:\Users\Melly\Desktop\mbar
2015-09-21 17:53 - 2015-09-21 17:53 - 00094936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-21 17:51 - 2015-09-21 17:53 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Melly\Desktop\mbar-1.09.3.1001.exe
2015-09-20 19:33 - 2015-09-20 19:34 - 00030922 _____ C:\Users\Melly\Downloads\Addition.txt
2015-09-20 19:32 - 2015-09-22 19:07 - 00017240 _____ C:\Users\Melly\Downloads\FRST.txt
2015-09-20 19:32 - 2015-09-22 19:07 - 00000000 ____D C:\FRST
2015-09-20 19:31 - 2015-09-20 19:31 - 01695232 _____ (Farbar) C:\Users\Melly\Downloads\FRST.exe
2015-09-20 19:30 - 2015-09-20 19:31 - 02191360 _____ (Farbar) C:\Users\Melly\Downloads\FRST64.exe
2015-09-18 20:26 - 2015-09-18 20:26 - 00000000 ____D C:\Users\Melly\AppData\Local\NetworkTiles
2015-09-14 21:54 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-14 21:53 - 2015-09-02 04:04 - 00069208 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-14 21:53 - 2015-09-02 02:31 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-14 21:53 - 2015-09-02 02:30 - 01134080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-14 21:53 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-14 21:53 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-14 21:53 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-14 21:53 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-14 21:53 - 2015-08-27 07:19 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-14 21:53 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-14 21:53 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-14 21:53 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-14 21:53 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-14 21:53 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-14 21:53 - 2015-08-27 07:11 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-14 21:53 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-14 21:53 - 2015-08-27 07:10 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-14 21:53 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-14 21:53 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-14 21:53 - 2015-08-20 07:25 - 06265168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-14 21:53 - 2015-08-20 07:22 - 00549160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-14 21:53 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-14 21:53 - 2015-08-20 06:46 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-14 21:53 - 2015-08-20 06:41 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-14 21:53 - 2015-08-20 06:35 - 01829376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-14 21:53 - 2015-08-20 06:30 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-09-14 21:53 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-14 21:53 - 2015-08-18 09:26 - 00284000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-14 21:53 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-14 21:53 - 2015-08-18 09:14 - 00192864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2015-09-14 21:53 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-14 21:53 - 2015-08-18 08:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-14 21:53 - 2015-08-18 08:47 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-14 21:53 - 2015-08-18 08:41 - 01161216 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-14 21:53 - 2015-08-18 08:40 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-14 21:53 - 2015-08-18 08:38 - 01875968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-14 21:53 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-14 21:53 - 2015-08-18 08:35 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-14 21:53 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-14 21:53 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-14 21:53 - 2015-08-18 08:35 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-14 21:53 - 2015-08-18 08:34 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-14 21:53 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-14 21:53 - 2015-08-18 08:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-14 21:53 - 2015-08-18 08:31 - 01917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-14 21:53 - 2015-08-18 08:30 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-14 21:53 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-14 21:53 - 2015-08-18 08:26 - 01499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-14 21:53 - 2015-08-18 08:26 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-14 21:53 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-14 21:53 - 2015-08-18 06:42 - 00006631 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-09-14 21:53 - 2015-08-18 06:42 - 00006313 _____ C:\WINDOWS\system32\ResPriImageList
2015-09-14 21:44 - 2015-08-03 03:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-09-14 21:43 - 2015-08-11 11:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-09-14 21:43 - 2015-08-11 10:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-14 21:43 - 2015-08-11 10:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-09-14 21:43 - 2015-08-08 08:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-09-14 21:43 - 2015-08-08 08:00 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-09-14 21:43 - 2015-08-04 04:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-09-14 21:43 - 2015-08-03 03:57 - 01709920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-09-14 21:43 - 2015-08-03 03:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-09-14 21:43 - 2015-08-03 03:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-09-14 21:43 - 2015-08-03 03:06 - 03025408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-09-14 21:43 - 2015-08-03 03:02 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-09-14 21:43 - 2015-07-30 06:26 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-09-14 21:43 - 2015-07-30 06:26 - 01341920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-09-14 21:43 - 2015-07-30 06:26 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-09-14 21:43 - 2015-07-30 06:25 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-09-14 21:43 - 2015-07-30 06:23 - 01808224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-09-14 21:43 - 2015-07-30 05:15 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-09-14 21:43 - 2015-07-30 05:04 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-09-14 21:43 - 2015-07-30 05:00 - 01125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-09-14 21:43 - 2015-07-26 06:28 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-09-14 21:43 - 2015-07-26 05:38 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-09-14 21:43 - 2015-07-24 04:39 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-09-14 21:43 - 2015-07-22 05:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-09-14 21:43 - 2015-07-18 09:29 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-09-14 21:43 - 2015-07-16 05:47 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-09-14 21:43 - 2015-07-16 05:27 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-14 21:43 - 2015-07-16 05:21 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-09-14 21:43 - 2015-07-15 05:07 - 00987072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-09-14 21:43 - 2015-07-15 04:22 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-09-14 21:43 - 2015-07-15 04:10 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-09-14 21:43 - 2015-07-11 02:51 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-09-14 21:43 - 2015-07-11 02:41 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-09-14 21:43 - 2015-07-11 02:40 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-09-14 21:43 - 2015-07-10 17:51 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-09-14 21:43 - 2015-07-10 12:27 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-09-14 21:43 - 2015-07-10 12:07 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-09-14 21:42 - 2015-08-13 05:55 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-09-14 21:42 - 2015-08-11 11:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-09-14 21:42 - 2015-08-11 11:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-09-14 21:42 - 2015-08-11 11:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-09-14 21:42 - 2015-08-11 11:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-09-14 21:42 - 2015-08-11 11:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-09-14 21:42 - 2015-08-11 11:25 - 01183056 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-14 21:42 - 2015-08-11 10:53 - 00301056 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-09-14 21:42 - 2015-08-11 10:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-09-14 21:42 - 2015-08-11 10:51 - 01823232 _____ C:\WINDOWS\system32\InputService.dll
2015-09-14 21:42 - 2015-08-11 10:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-09-14 21:42 - 2015-08-11 10:47 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-09-14 21:42 - 2015-08-11 10:46 - 00923648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-09-14 21:42 - 2015-08-11 10:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-09-14 21:42 - 2015-08-11 10:43 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-09-14 21:42 - 2015-08-11 10:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-09-14 21:42 - 2015-08-11 10:41 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-09-14 21:42 - 2015-08-11 10:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-09-14 21:42 - 2015-08-11 10:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-09-14 21:42 - 2015-08-08 08:59 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-09-14 21:42 - 2015-08-06 04:50 - 00197472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-09-14 21:42 - 2015-08-06 04:50 - 00173408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-09-14 21:42 - 2015-08-06 04:01 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-09-14 21:42 - 2015-08-05 06:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-09-14 21:42 - 2015-08-05 05:40 - 00995840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-09-14 21:42 - 2015-08-05 05:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-09-14 21:42 - 2015-08-04 05:50 - 00085344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-09-14 21:42 - 2015-08-04 05:10 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-09-14 21:42 - 2015-08-03 04:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-09-14 21:42 - 2015-08-03 03:57 - 00503600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-09-14 21:42 - 2015-08-03 03:57 - 00436064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-09-14 21:42 - 2015-08-03 03:57 - 00415072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-09-14 21:42 - 2015-08-03 03:57 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-09-14 21:42 - 2015-08-03 03:18 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-09-14 21:42 - 2015-08-03 03:18 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-09-14 21:42 - 2015-08-03 03:13 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-09-14 21:42 - 2015-08-03 03:13 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-09-14 21:42 - 2015-08-03 03:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-09-14 21:42 - 2015-08-03 03:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-09-14 21:42 - 2015-08-03 03:11 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-09-14 21:42 - 2015-08-03 03:10 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-09-14 21:42 - 2015-08-03 03:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-09-14 21:42 - 2015-08-03 03:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-09-14 21:42 - 2015-08-03 03:06 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-09-14 21:42 - 2015-08-03 03:05 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-09-14 21:42 - 2015-08-03 03:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-09-14 21:42 - 2015-08-03 03:03 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-09-14 21:42 - 2015-08-03 03:03 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-09-14 21:42 - 2015-08-03 03:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-09-14 21:42 - 2015-08-03 03:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-09-14 21:42 - 2015-08-03 02:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-09-14 21:42 - 2015-07-30 06:25 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-09-14 21:42 - 2015-07-30 06:24 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-09-14 21:42 - 2015-07-30 06:24 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-09-14 21:42 - 2015-07-30 06:24 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-09-14 21:42 - 2015-07-30 06:22 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-09-14 21:42 - 2015-07-30 06:22 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-09-14 21:42 - 2015-07-30 06:09 - 00193888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-09-14 21:42 - 2015-07-30 05:24 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-09-14 21:42 - 2015-07-30 05:24 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-09-14 21:42 - 2015-07-30 05:22 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-09-14 21:42 - 2015-07-30 05:21 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-09-14 21:42 - 2015-07-30 05:17 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-09-14 21:42 - 2015-07-30 05:12 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-09-14 21:42 - 2015-07-30 05:12 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-09-14 21:42 - 2015-07-30 05:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-09-14 21:42 - 2015-07-30 05:06 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-09-14 21:42 - 2015-07-30 05:06 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-09-14 21:42 - 2015-07-30 05:06 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-09-14 21:42 - 2015-07-30 05:04 - 00741376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-09-14 21:42 - 2015-07-30 05:04 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-09-14 21:42 - 2015-07-30 05:04 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-09-14 21:42 - 2015-07-30 04:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-09-14 21:42 - 2015-07-30 04:58 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-09-14 21:42 - 2015-07-26 06:30 - 00868752 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-09-14 21:42 - 2015-07-26 06:30 - 00751520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-09-14 21:42 - 2015-07-26 06:28 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-09-14 21:42 - 2015-07-26 06:28 - 00902320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-09-14 21:42 - 2015-07-26 05:35 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-09-14 21:42 - 2015-07-26 05:34 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-09-14 21:42 - 2015-07-26 05:30 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-09-14 21:42 - 2015-07-26 05:30 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-09-14 21:42 - 2015-07-26 05:29 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-09-14 21:42 - 2015-07-24 05:29 - 00369504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-09-14 21:42 - 2015-07-24 05:12 - 00850784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-09-14 21:42 - 2015-07-24 05:12 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-09-14 21:42 - 2015-07-24 04:55 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-09-14 21:42 - 2015-07-24 04:53 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-09-14 21:42 - 2015-07-24 04:50 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-09-14 21:42 - 2015-07-24 04:37 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-09-14 21:42 - 2015-07-24 04:24 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-09-14 21:42 - 2015-07-24 04:23 - 01153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-09-14 21:42 - 2015-07-22 06:00 - 00469856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-09-14 21:42 - 2015-07-22 05:59 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-09-14 21:42 - 2015-07-22 05:53 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-09-14 21:42 - 2015-07-22 05:14 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-09-14 21:42 - 2015-07-22 05:13 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-14 21:42 - 2015-07-22 05:13 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-09-14 21:42 - 2015-07-22 05:10 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-09-14 21:42 - 2015-07-22 05:03 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-09-14 21:42 - 2015-07-19 05:32 - 00520640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-09-14 21:42 - 2015-07-19 05:27 - 00918880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-09-14 21:42 - 2015-07-19 04:52 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-09-14 21:42 - 2015-07-19 04:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-09-14 21:42 - 2015-07-18 10:29 - 00191144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-09-14 21:42 - 2015-07-18 09:43 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-09-14 21:42 - 2015-07-18 09:37 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-09-14 21:42 - 2015-07-18 09:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-09-14 21:42 - 2015-07-18 09:26 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-09-14 21:42 - 2015-07-18 09:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-09-14 21:42 - 2015-07-17 05:03 - 00351072 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2015-09-14 21:42 - 2015-07-17 05:03 - 00351072 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-09-14 21:42 - 2015-07-17 04:05 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-09-14 21:42 - 2015-07-17 04:00 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-09-14 21:42 - 2015-07-17 03:59 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-09-14 21:42 - 2015-07-17 03:56 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-09-14 21:42 - 2015-07-17 03:53 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-09-14 21:42 - 2015-07-17 03:53 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-09-14 21:42 - 2015-07-17 03:51 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-09-14 21:42 - 2015-07-17 03:50 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-09-14 21:42 - 2015-07-17 03:44 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-09-14 21:42 - 2015-07-16 07:28 - 00054112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-09-14 21:42 - 2015-07-16 05:52 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-09-14 21:42 - 2015-07-16 05:46 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-09-14 21:42 - 2015-07-16 05:32 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-09-14 21:42 - 2015-07-16 05:29 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-14 21:42 - 2015-07-16 05:26 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-09-14 21:42 - 2015-07-16 05:25 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-09-14 21:42 - 2015-07-16 05:19 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-09-14 21:42 - 2015-07-15 05:19 - 00257888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-09-14 21:42 - 2015-07-15 05:18 - 01395568 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-14 21:42 - 2015-07-15 04:32 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-09-14 21:42 - 2015-07-15 04:16 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-09-14 21:42 - 2015-07-14 04:37 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-09-14 21:42 - 2015-07-14 03:44 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-09-14 21:42 - 2015-07-14 03:30 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-09-14 21:42 - 2015-07-14 03:27 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-09-14 21:42 - 2015-07-14 03:20 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-09-14 21:42 - 2015-07-13 01:30 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-09-14 21:42 - 2015-07-12 02:05 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-09-14 21:42 - 2015-07-12 01:52 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-09-14 21:42 - 2015-07-12 01:46 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-09-14 21:42 - 2015-07-11 03:02 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-09-14 21:42 - 2015-07-11 02:43 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-09-14 21:42 - 2015-07-11 02:42 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-09-14 21:42 - 2015-07-11 02:34 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-09-14 21:42 - 2015-07-10 17:47 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-09-14 21:42 - 2015-07-10 13:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-09-14 21:42 - 2015-07-10 12:09 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-09-14 21:42 - 2015-07-10 12:05 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-09-14 21:41 - 2015-08-13 05:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-09-14 21:41 - 2015-08-11 11:40 - 00392032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-09-14 21:41 - 2015-08-11 11:38 - 00066896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-09-14 21:41 - 2015-08-11 10:59 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-09-14 21:41 - 2015-08-11 10:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-09-14 21:41 - 2015-08-11 10:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-09-14 21:41 - 2015-08-11 10:58 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-09-14 21:41 - 2015-08-11 10:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-09-14 21:41 - 2015-08-11 10:53 - 00284672 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-09-14 21:41 - 2015-08-11 10:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-09-14 21:41 - 2015-08-11 10:50 - 00200704 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-09-14 21:41 - 2015-08-11 10:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-09-14 21:41 - 2015-08-11 10:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-14 21:41 - 2015-08-11 10:49 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-09-14 21:41 - 2015-08-11 10:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-09-14 21:41 - 2015-08-11 10:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-09-14 21:41 - 2015-08-11 10:46 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-09-14 21:41 - 2015-08-11 10:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2015-09-14 21:41 - 2015-08-11 10:44 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-09-14 21:41 - 2015-08-11 10:40 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-09-14 21:41 - 2015-08-11 10:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-09-14 21:41 - 2015-08-11 10:38 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-09-14 21:41 - 2015-08-11 10:38 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-09-14 21:41 - 2015-08-11 10:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-09-14 21:41 - 2015-08-11 10:37 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-14 21:41 - 2015-08-03 03:57 - 00042904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-09-14 21:41 - 2015-08-03 03:57 - 00036704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-09-14 21:41 - 2015-07-30 06:22 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-09-14 21:41 - 2015-07-30 05:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-09-14 21:41 - 2015-07-30 05:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-09-14 21:41 - 2015-07-30 05:07 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-09-14 21:41 - 2015-07-30 05:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-09-14 21:41 - 2015-07-30 05:06 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-09-14 21:41 - 2015-07-30 05:06 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-09-14 21:41 - 2015-07-30 05:03 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-09-14 21:41 - 2015-07-30 05:01 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-09-14 21:41 - 2015-07-24 05:11 - 00442720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-09-14 21:41 - 2015-07-24 04:31 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-09-14 21:41 - 2015-07-24 04:30 - 00729088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-09-14 21:41 - 2015-07-22 05:21 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-09-14 21:41 - 2015-07-22 05:09 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-09-14 21:41 - 2015-07-18 10:47 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-09-14 21:41 - 2015-07-18 09:28 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-09-14 21:41 - 2015-07-18 09:26 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-09-14 21:41 - 2015-07-18 09:26 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-09-14 21:41 - 2015-07-18 09:25 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-09-14 21:41 - 2015-07-18 09:24 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-09-14 21:41 - 2015-07-17 05:09 - 00506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-09-14 21:41 - 2015-07-17 04:05 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-09-14 21:41 - 2015-07-17 04:00 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-09-14 21:41 - 2015-07-17 03:45 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-09-14 21:41 - 2015-07-16 05:38 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-09-14 21:41 - 2015-07-16 05:21 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-09-14 21:41 - 2015-07-15 04:41 - 00025088 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-09-14 21:41 - 2015-07-15 04:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-09-14 21:41 - 2015-07-15 04:03 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-09-14 21:41 - 2015-07-11 02:40 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-14 21:41 - 2015-07-11 02:40 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-09-14 21:41 - 2015-07-10 12:42 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-09-14 21:37 - 2015-09-14 21:37 - 00061776 _____ C:\Users\Melly\Downloads\FORTE.TTF
2015-09-14 20:26 - 2015-09-14 20:26 - 00000000 ___RD C:\Users\Melly\3D Objects
2015-09-14 19:47 - 2015-09-14 19:47 - 00000000 ____D C:\Users\Melly\AppData\Local\MicrosoftEdge
2015-09-14 19:37 - 2015-09-14 19:37 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-14 19:29 - 2015-09-15 21:19 - 00002401 _____ C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-14 19:27 - 2015-09-14 19:27 - 00000000 ____D C:\Users\Melly\AppData\Local\Publishers
2015-09-14 19:26 - 2015-09-22 18:58 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-09-14 19:26 - 2015-09-14 22:23 - 00000000 ____D C:\Users\Melly\AppData\Local\Comms
2015-09-14 19:26 - 2015-09-14 19:26 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-09-14 19:26 - 2015-09-14 19:26 - 00000000 ____D C:\Users\Melly\AppData\Local\TileDataLayer
2015-09-14 19:25 - 2015-09-14 19:25 - 00000020 ___SH C:\Users\Melly\ntuser.ini
2015-09-14 19:22 - 2015-09-14 19:22 - 00053352 _____ C:\WINDOWS\system32\ASGCoInstaller_x86.dll
2015-09-14 19:22 - 2015-09-14 19:22 - 00000000 ____D C:\ProgramData\SetupTPDriver
2015-09-14 19:14 - 2015-09-15 21:20 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-14 19:14 - 2015-09-14 18:18 - 00000000 __SHD C:\Recovery
2015-09-14 19:12 - 2015-09-14 19:13 - 00000000 ____D C:\Windows.old
2015-09-14 19:11 - 2015-09-14 19:11 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-09-14 19:10 - 2015-09-14 19:10 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2015-09-14 19:10 - 2015-09-14 19:10 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-09-14 19:10 - 2015-09-14 19:10 - 00000000 ____D C:\Program Files\MSBuild
2015-09-14 19:09 - 2015-05-29 22:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-09-14 19:09 - 2015-05-29 22:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-14 19:09 - 2015-05-29 22:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Programme
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\ProgramData\Startmenü
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\ProgramData\Dokumente
2015-09-14 18:41 - 2015-09-14 18:41 - 00021532 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-09-14 18:38 - 2015-09-22 19:01 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-14 18:31 - 2015-09-14 18:31 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-14 18:24 - 2015-09-14 18:24 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-09-14 18:22 - 2015-09-14 23:06 - 00000000 ____D C:\Users\Melly
2015-09-14 18:22 - 2015-09-14 19:26 - 00000000 ___RD C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-14 18:22 - 2015-09-14 18:34 - 00000000 ____D C:\Users\Administrator
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Startmenü
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Netzwerkumgebung
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Druckumgebung
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Documents\Eigene Musik
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Documents\Eigene Bilder
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\AppData\Local\Verlauf
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 __RSD C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 __RSD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-14 18:17 - 2015-09-14 18:25 - 00000000 ____D C:\Program Files\Intel
2015-09-14 18:17 - 2015-09-14 18:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SdoV2_02_15_00.Wdf
2015-09-14 18:17 - 2015-09-14 18:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_CM3218x_01_11_00.Wdf
2015-09-14 18:17 - 2015-07-30 22:41 - 00069104 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-09-14 18:16 - 2015-09-14 18:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_INVN_MotionApps_01_11_00.Wdf
2015-09-14 18:16 - 2015-09-14 18:16 - 00000000 ____D C:\Program Files\Common Files\Intel
2015-09-14 18:15 - 2015-09-22 18:55 - 00000952 _____ C:\WINDOWS\PFRO.log
2015-09-14 18:15 - 2015-09-21 21:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-09-14 18:15 - 2015-09-14 18:16 - 00026751 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-09-14 17:25 - 2015-09-14 18:44 - 00013338 _____ C:\WINDOWS\diagwrn.xml
2015-09-14 17:25 - 2015-09-14 18:44 - 00013338 _____ C:\WINDOWS\diagerr.xml
2015-09-14 17:25 - 2015-09-14 18:42 - 00006610 _____ C:\WINDOWS\comsetup.log
2015-09-13 22:37 - 2015-09-14 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-13 22:37 - 2015-09-13 22:37 - 00001829 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-13 22:36 - 2015-09-13 22:37 - 00000000 ____D C:\Program Files\QuickTime
2015-09-13 22:35 - 2015-09-14 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-13 22:35 - 2015-09-13 22:35 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-13 22:34 - 2015-09-13 22:35 - 00000000 ____D C:\Program Files\iTunes
2015-09-13 22:34 - 2015-09-13 22:34 - 00000000 ____D C:\Program Files\iPod
2015-09-13 12:49 - 2015-09-13 12:49 - 00001114 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-09-05 23:55 - 2015-09-14 18:32 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-01 23:39 - 2015-09-13 12:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-31 21:32 - 2015-08-31 21:32 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Logitech
2015-08-31 21:32 - 2015-08-31 21:32 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Logishrd
2015-08-31 21:31 - 2015-08-31 21:32 - 02190408 _____ (Logitech Inc.) C:\Users\Melly\Downloads\ConnectUtility.exe
2015-08-31 21:28 - 2015-09-14 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-08-31 21:28 - 2015-08-31 21:28 - 00000000 ____D C:\ProgramData\LogiShrd
2015-08-31 21:28 - 2015-08-31 21:28 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2015-08-31 21:27 - 2015-08-31 21:27 - 04147600 _____ ($Co_Name Inc.) C:\Users\Melly\Downloads\unifying250.exe
2015-08-27 10:29 - 2015-08-27 10:29 - 00862664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr110.dll
2015-08-27 10:29 - 2015-08-27 10:29 - 00534480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110.dll
2015-08-27 10:29 - 2015-08-27 10:29 - 00251864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib110.dll
2015-08-27 10:29 - 2015-08-27 10:29 - 00116032 _____ (ASUS Corporation) C:\WINDOWS\system32\Drivers\AsusSGDrv.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-22 19:04 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-22 19:03 - 2014-06-18 20:39 - 00000000 ___DO C:\Users\Melly\OneDrive
2015-09-22 18:59 - 2014-06-14 17:11 - 00000000 ___RD C:\Users\Melly\Dropbox
2015-09-22 18:59 - 2014-06-14 17:09 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Dropbox
2015-09-22 18:58 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-22 18:58 - 2014-04-19 09:48 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-22 18:57 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-09-22 18:56 - 2015-07-10 11:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-22 18:56 - 2015-07-10 11:53 - 00260416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-22 18:55 - 2015-07-10 08:59 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-22 18:54 - 2015-07-10 15:16 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-22 18:54 - 2015-07-10 15:12 - 00000000 ____D C:\WINDOWS\system32\Drivers\de-DE
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\de-DE
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Provisioning
2015-09-22 18:42 - 2014-06-14 23:12 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-22 18:38 - 2015-07-10 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-21 21:31 - 2015-06-18 17:11 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001UA.job
2015-09-20 22:23 - 2015-06-18 17:11 - 00001192 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001Core.job
2015-09-15 21:20 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\AppCompat
2015-09-14 20:04 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-09-14 19:53 - 2014-06-16 21:09 - 00000000 __SHD C:\aws
2015-09-14 19:53 - 2013-12-13 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-09-14 19:53 - 2013-12-13 22:38 - 00000000 ____D C:\Program Files\Common Files\AWS
2015-09-14 19:53 - 2013-12-13 22:38 - 00000000 ____D C:\Program Files\ASUS
2015-09-14 19:42 - 2014-06-14 14:49 - 00000000 ____D C:\Users\Melly\AppData\Roaming\WebStorage
2015-09-14 19:27 - 2015-01-07 20:27 - 00000000 ____D C:\Users\Melly\AppData\Local\PackageStaging
2015-09-14 19:26 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-09-14 19:26 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-09-14 19:23 - 2014-04-19 10:02 - 00000000 ____D C:\Program Files\DIFX
2015-09-14 19:23 - 2014-04-19 09:56 - 00038112 _____ C:\WINDOWS\DPINST.LOG
2015-09-14 19:14 - 2015-07-10 10:28 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-09-14 19:10 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-09-14 18:45 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Windows NT
2015-09-14 18:45 - 2015-07-10 08:59 - 00000000 __RHD C:\Users\Default
2015-09-14 18:44 - 2015-07-10 11:53 - 00015698 _____ C:\WINDOWS\setupact.log
2015-09-14 18:42 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\rescache
2015-09-14 18:42 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Registration
2015-09-14 18:42 - 2014-06-14 14:48 - 00000000 ____D C:\WINDOWS\system32\NETGEAR
2015-09-14 18:36 - 2015-07-10 10:28 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-14 18:36 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-09-14 18:32 - 2015-07-10 10:29 - 00004362 _____ C:\WINDOWS\DtcInstall.log
2015-09-14 18:32 - 2015-07-10 08:59 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-14 18:32 - 2015-05-12 23:19 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-14 18:32 - 2015-05-12 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-14 18:32 - 2015-01-01 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-09-14 18:32 - 2014-11-22 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-14 18:32 - 2014-11-01 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-14 18:32 - 2014-10-03 20:04 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brettspielwelt
2015-09-14 18:32 - 2014-10-01 13:00 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-09-14 18:32 - 2014-09-09 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-09-14 18:32 - 2014-06-14 19:09 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-09-14 18:32 - 2014-06-14 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-09-14 18:32 - 2014-06-14 17:04 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dasher 4.11
2015-09-14 18:32 - 2014-06-14 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-14 18:32 - 2014-06-14 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-14 18:32 - 2013-08-22 08:21 - 00000000 ____D C:\Users\Default.migrated
2015-09-14 18:26 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-14 18:26 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-09-14 18:26 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-09-14 18:26 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-09-14 18:25 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Public
2015-09-14 18:25 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\InputMethod
2015-09-14 18:25 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Microsoft.NET
2015-09-14 18:25 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-14 18:23 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-09-14 17:25 - 2015-07-10 15:40 - 00000000 ___HD C:\$Windows.~BT
2015-09-13 22:34 - 2015-06-01 21:29 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-09-13 22:34 - 2014-12-13 15:10 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-13 12:49 - 2014-04-19 09:56 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-13 12:43 - 2014-06-14 18:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-09 02:31 - 2014-07-27 20:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-26 18:36 - 2014-07-27 20:53 - 132039072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-23 16:12 - 2014-06-14 16:32 - 00000000 ____D C:\Program Files\Microsoft Office 15
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-06-14 19:09 - 2014-06-14 19:10 - 11211264 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2013-12-13 22:38 - 2012-07-30 08:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2013-12-13 22:38 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-12-13 22:38 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Einige Dateien in TEMP:
====================
C:\Users\Melly\AppData\Local\Temp\avgnt.exe
C:\Users\Melly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu0tini.dll
C:\Users\Melly\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-14 18:15
==================== Ende vom FRST.txt ============================
Code:
ATTFilter # AdwCleaner v5.008 - Bericht erstellt am 22/09/2015 um 18:48:31
# Aktualisiert am 18/09/2015 von Xplode
# Datenbank : 2015-09-22.2 [Server]
# Betriebssystem : Windows 10 Pro (x64)
# Benutzername : Toshiba - TOSHIBA-PC
# Gestartet von : C:\Users\Toshiba\Desktop\AdwCleaner_5.008.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Program Files (x86)\DriverTuner
[-] Ordner Gelöscht : C:\Users\Toshiba\Documents\Updater
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[-] Datei Gelöscht : C:\Users\Public\Desktop\GeekBuddy.lnk
[-] Datei Gelöscht : C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\foxydeal.sqlite
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init
[-] Schlüssel Gelöscht : HKCU\Software\DriverTuner
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\GeekBuddyRSP
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\DriverTuner_Init
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\DriverTuner
***** [ Internetbrowser ] *****
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1414 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 10 Pro x64
Ran by Toshiba on 22.09.2015 at 19:02:19,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Toshiba\AppData\Roaming\mozilla\firefox\profiles\be8kg3a2.default\minidumps [2 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.09.2015 at 19:32:15,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
durchgeführt von Toshiba (Administrator) auf TOSHIBA-PC (22-09-2015 19:41:16)
Gestartet von D:\Downloads_neu
Geladene Profile: Toshiba (Verfügbare Profile: Toshiba)
Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.915.17170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6208.42001.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6208.42001.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2015-08-21] (Microsoft Corporation)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-09-21] (Comodo Security Solutions, Inc.)
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\Run: [Dropbox Update] => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-04-11]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-10-05]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{25efa1fc-4989-49a2-be33-a5d8d70db773}: [NameServer] 156.154.70.25,156.154.71.25
Tcpip\..\Interfaces\{25efa1fc-4989-49a2-be33-a5d8d70db773}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a1be109d-ed3e-4720-abfe-e1d318ca707a}: [NameServer] 156.154.70.25,156.154.71.25
Internet Explorer:
==================
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-16] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\support@lastpass.com [2015-08-26]
FF Extension: Garmin Communicator - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-30]
FF Extension: WOT - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-19]
FF Extension: FireFTP - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-05-30]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\ich@maltegoetz.de.xpi [2015-04-11]
FF Extension: Adblock Plus - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-11]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-04-11] (Adobe Systems) [Datei ist nicht signiert]
S2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1998520 2015-09-21] (Comodo)
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-09-21] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-09-21] (Comodo Security Solutions, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-07-30] (Microsoft Corporation)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-29] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-07-30] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-07-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-09-21] (Malwarebytes)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-07-30] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-07-10] (Realtek Semiconductor Corporation )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-30] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-22 19:41 - 2015-09-22 19:41 - 00002152 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-09-22 19:39 - 2015-09-22 19:39 - 00016148 _____ C:\WINDOWS\system32\TOSHIBA-PC_Toshiba_HistoryPrediction.bin
2015-09-22 19:32 - 2015-09-22 19:32 - 00000732 _____ C:\Users\Toshiba\Desktop\JRT.txt
2015-09-22 19:01 - 2015-09-22 19:01 - 01798976 _____ (Malwarebytes) C:\Users\Toshiba\Desktop\JRT.exe
2015-09-22 18:44 - 2015-09-22 18:48 - 00000000 ____D C:\AdwCleaner
2015-09-22 18:43 - 2015-09-22 18:43 - 01662976 _____ C:\Users\Toshiba\Desktop\AdwCleaner_5.008.exe
2015-09-22 18:38 - 2015-09-22 18:38 - 00000000 ___HD C:\OneDriveTemp
2015-09-21 21:02 - 2015-09-21 21:02 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-09-21 20:48 - 2015-09-21 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo Security Solutions Inc
2015-09-21 20:38 - 2015-09-22 19:42 - 00595569 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-09-21 20:38 - 2015-09-21 20:38 - 00001904 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-09-21 20:38 - 2015-09-21 20:38 - 00000000 ____D C:\ProgramData\Shared Space
2015-09-21 20:36 - 2015-09-21 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-09-21 20:36 - 2015-09-21 20:37 - 00000000 ____D C:\Program Files\COMODO
2015-09-21 20:36 - 2015-09-21 20:36 - 00001205 _____ C:\Users\Public\Desktop\Internet (Chromodo).lnk
2015-09-21 20:36 - 2015-09-21 20:36 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Comodo
2015-09-21 20:32 - 2015-09-21 20:38 - 00000000 ____D C:\ProgramData\Comodo
2015-09-21 20:25 - 2015-09-21 20:25 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2015-09-21 19:33 - 2015-09-21 19:33 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Toshiba\Desktop\tdsskiller.exe
2015-09-21 17:55 - 2015-09-21 20:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-21 17:55 - 2015-09-21 18:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-21 17:55 - 2015-09-21 17:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-21 17:54 - 2015-09-21 17:54 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-21 17:53 - 2015-09-21 19:18 - 00000000 ____D C:\Users\Toshiba\Desktop\mbar
2015-09-20 19:23 - 2015-09-22 19:41 - 00000000 ____D C:\FRST
2015-09-15 08:31 - 2015-09-15 08:31 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-15 08:31 - 2015-09-15 08:31 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-15 08:31 - 2015-09-15 08:31 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-15 08:31 - 2015-09-15 08:31 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-15 08:31 - 2015-09-15 08:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-15 08:30 - 2015-09-15 08:30 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-15 08:30 - 2015-09-15 08:30 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-15 08:30 - 2015-09-15 08:30 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-15 08:30 - 2015-09-15 08:30 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-15 08:30 - 2015-09-15 08:30 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-15 08:30 - 2015-09-15 08:30 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-15 08:30 - 2015-09-15 08:30 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-15 08:30 - 2015-09-15 08:30 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-15 08:30 - 2015-09-15 08:30 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-15 08:30 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-09-15 08:01 - 2015-09-15 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-14 17:57 - 2015-09-21 19:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-14 17:31 - 2015-09-14 17:31 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-03 12:52 - 2015-09-03 12:52 - 00579408 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-09-03 12:52 - 2015-09-03 12:52 - 00445472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-08-27 19:10 - 2015-08-27 19:12 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Garmin_Ltd._or_its_subsid
2015-08-27 19:10 - 2015-08-27 19:10 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\Garmin
2015-08-27 19:10 - 2015-08-27 19:10 - 00000000 ____D C:\ProgramData\Garmin
2015-08-27 19:10 - 2015-08-27 19:10 - 00000000 ____D C:\Program Files\DIFX
2015-08-27 19:09 - 2015-09-15 08:02 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-27 19:09 - 2015-09-15 08:01 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-08-27 19:09 - 2015-09-15 08:01 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-08-27 19:04 - 2015-08-27 19:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-25 18:27 - 2015-08-25 18:27 - 00001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Annotator.lnk
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-22 19:39 - 2015-07-10 14:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-22 19:32 - 2015-06-23 18:22 - 00001232 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000UA.job
2015-09-22 19:28 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-22 19:10 - 2015-04-11 15:09 - 00000000 ____D C:\Users\Toshiba\OneDrive
2015-09-22 18:57 - 2015-04-13 16:14 - 00000000 ___RD C:\Users\Toshiba\Dropbox
2015-09-22 18:57 - 2015-04-13 16:03 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\Dropbox
2015-09-22 18:52 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-22 18:51 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-22 18:45 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-21 22:35 - 2015-07-10 14:20 - 00015720 _____ C:\WINDOWS\setupact.log
2015-09-21 21:40 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-21 20:51 - 2015-07-30 21:19 - 00007906 _____ C:\WINDOWS\PFRO.log
2015-09-21 20:39 - 2015-07-10 18:34 - 02368200 _____ C:\WINDOWS\system32\perfh007.dat
2015-09-21 20:39 - 2015-07-10 18:34 - 00696388 _____ C:\WINDOWS\system32\perfc007.dat
2015-09-21 19:34 - 2015-07-10 13:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-21 19:34 - 2015-07-10 13:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-21 19:22 - 2015-07-10 14:20 - 00339232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-21 19:21 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Resources
2015-09-21 19:21 - 2014-10-05 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-21 19:19 - 2015-07-10 18:44 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-21 19:19 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-21 19:19 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-20 17:01 - 2014-10-05 12:16 - 00089648 _____ C:\Users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-20 15:32 - 2015-06-23 18:21 - 00001180 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000Core.job
2015-09-16 18:27 - 2015-07-30 21:53 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Packages
2015-09-15 20:31 - 2014-10-05 12:55 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Microsoft Help
2015-09-15 19:37 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-15 10:54 - 2014-09-24 00:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-15 10:45 - 2014-09-24 00:18 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-09-15 08:07 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-15 08:07 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-15 08:07 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-14 17:30 - 2015-07-30 22:08 - 00002412 _____ C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-25 18:27 - 2015-06-23 18:56 - 00001169 _____ C:\Users\Public\Desktop\PDF Annotator.lnk
2015-08-25 18:27 - 2015-06-23 18:56 - 00000000 ____D C:\Users\Toshiba\AppData\Local\PDF Annotator
2015-08-25 18:27 - 2015-06-23 18:55 - 00000000 ____D C:\Program Files (x86)\PDF Annotator
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-07-30 21:24 - 2015-07-30 21:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\Toshiba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb996rc.dll
C:\Users\Toshiba\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-21 21:40
==================== Ende von FRST.txt ============================
|
|
22.09.2015, 18:45
| #10 |
| | Unkontrollierter Mailversand von meiner web.de-AdresseCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-09-2015
durchgeführt von Toshiba (2015-09-22 19:42:41)
Gestartet von D:\Downloads_neu
Windows 10 Pro (X64) (2015-07-30 19:51:57)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2801822355-1091776115-2282360880-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2801822355-1091776115-2282360880-503 - Limited - Disabled)
Gast (S-1-5-21-2801822355-1091776115-2282360880-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2801822355-1091776115-2282360880-1002 - Limited - Enabled)
Toshiba (S-1-5-21-2801822355-1091776115-2282360880-1000 - Administrator - Enabled) => C:\Users\Toshiba
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Chromodo (HKLM-x32\...\Chromodo) (Version: 44.5.7.269 - Comodo)
COMODO Internet Security Premium (HKLM\...\{38F898C8-272F-455F-9BD6-71FEBA3E4AF5}) (Version: 8.2.0.4703 - COMODO Security Solutions Inc.)
Dasher 4.11 (HKLM-x32\...\{BD8ECD28-2D32-11DF-8D17-000423472618}) (Version: 4.11 - The Dasher Project)
Dropbox (HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
GeekBuddy (HKLM\...\{A09AEC8C-5054-4E92-93DE-EA0B8C73BCF2}) (Version: 4.21.144 - Comodo Security Solutions Inc)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
PDF Annotator 5.0.0.510 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.510 - GRAHL software design)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {08287FC4-597D-49DC-9CE0-4DF80BC47E27} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {0E2482CB-BFF8-4F24-B75F-3CCC09E1C4A9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {111EA2CE-F859-448B-9ED9-FAF56C32E31C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {11EA62AB-37B6-4F82-A329-5306E660C027} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1556FD00-6F8B-4DF0-9EFB-B8E19BD5DA15} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000UA => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {1C10BD95-F2CD-4381-80E6-20E605875FF5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {2103F928-292F-458B-9B09-3643CC3F9D3D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {45EB3F7F-CFFC-49C1-A18D-96A9095A0CAD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-09-15] (Microsoft Corporation)
Task: {4CB79202-2777-47BF-89E8-B352BF0BD828} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {54D73F89-2F79-47D8-8768-528044CB35A3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {5C3A1012-54C3-498D-A023-95D1D5A63189} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {5C5DBC61-1CC7-4CBD-A55F-DAF786B36AB4} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)
Task: {60E07D6A-8489-4748-B451-DB6384C3375C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {61847A8B-8D98-4667-972C-A14D953B5FCF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {63C3003F-E160-41D1-8B42-03E86AFAD4AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {64FF3EE7-71C3-4CDA-9004-915BB1489C50} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {6C19EACD-BFE3-4010-A7AD-398E120EEA3C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {75A46DE7-3667-4153-99F2-C5AE383D1658} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {7C0004BE-6C72-4348-9D3B-888F95DAA41B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {81CE33A9-C813-4A1C-9992-CB09481B7434} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-19] (Adobe Systems Incorporated)
Task: {84E958F4-6C79-4E3E-B697-D645252DE1CC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {93C9AAF2-F374-4F9D-B8E4-D97348BA4AAF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {96999D0E-1C1E-4AD2-ACB4-228CEDD38265} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {9AD39AE9-03C8-4B8C-B448-EAEC66AB88F1} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {A0FF1C4C-B44D-432C-AFCB-8A38CAAB8ADC} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> Keine Datei <==== ACHTUNG
Task: {A1D2109E-AD43-4A83-B17C-E99DC539FC6E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {A7EC3CFE-3CF3-411C-86CD-4AC7730D20ED} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {AA05C488-2E79-4381-B379-AC2E3A33DDA1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {AB1AF363-146B-4DA2-BA03-124C90920086} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C4351641-3822-48E7-A73D-FAE74B7ABBBA} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)
Task: {C6D393DE-0343-436A-A56A-A0C5D179F86B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {C732980D-55DB-4BA9-8EB2-1F6AE0906CDC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {C797185C-1CF2-4D34-8F0A-3F855F26C417} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {C8699267-9955-45B1-9916-6CCD099BAF7F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {D0EAFBC6-0D10-4CAF-8CD8-62C3F1C52E6C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {DA9E374E-0F90-4978-89D9-5AC824DCF5CA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {E1C0F344-E15E-40DE-82F8-59090A871A64} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {E5261A67-4ED1-4597-A919-581648F89B7F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E6B8BAF0-787F-488D-BCA5-45DAA9063407} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {E8985E9B-C403-4371-A010-218F5C0E4582} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {F0C3B15F-ECF0-44FC-AB58-362ACBA481AA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F8EA873F-16B3-40D1-B532-1720139FA890} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {F98CD2F3-64FA-48E3-B91F-60550D67CCE9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FBD43E5A-FDF6-4D02-9092-B93E8A5F3014} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000Core => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {FCB2BB03-7BBF-49A1-B508-61106E5CB1C8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {FFB50075-3CCF-4563-8E78-922F2DCBF12E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000Core.job => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000UA.job => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-10 13:00 - 2015-07-10 13:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-07-30 22:10 - 2015-07-30 22:10 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:43 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-20 11:46 - 2015-09-20 11:46 - 00012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.915.17170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-09-20 11:46 - 2015-09-20 11:46 - 10712576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.915.17170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-09-20 11:46 - 2015-09-20 11:46 - 00500224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.915.17170.0_x64__8wekyb3d8bbwe\Lumia.SequencePlayer.UAP.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2015-08-25 18:18 - 2015-08-25 18:18 - 01020928 _____ () C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ceutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\configmanager2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coredpus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack_win.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack_wininternal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\directmanipulation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fwpolicyiomgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkcoiC611.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkinsC611.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkstsC611LM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerShellext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationFrameworkInternalPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationGeofences.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationPermissions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NotificationControllerPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NotificationObjFactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\novamiv7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\novamnv7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prm0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rapiproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsNativeApi.V2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Notifications.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModelShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syncutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tetheringclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tetheringservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tileobjserver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VEDataLayerHelpers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VEEventDispatcher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VoiceActivationManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcescommproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.PicturePassword.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmcoinst-070531-0952.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuautoappupdate.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ceutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\directmanipulation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NotificationObjFactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rapiproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tetheringclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VEEventDispatcher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VoiceActivationManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcescommproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msgpiowin32.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdyboost.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Thotkey.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tunnel.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wof.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\Users\Toshiba\Desktop\AdwCleaner_5.008.exe:$CmdTcID
AlternateDataStreams: C:\Users\Toshiba\Desktop\AdwCleaner_5.008.exe:$CmdZnID
AlternateDataStreams: C:\Users\Toshiba\Desktop\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Toshiba\Desktop\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Toshiba\Desktop\tdsskiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Toshiba\Desktop\tdsskiller.exe:$CmdZnID
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Toshiba\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop-hintergrund.bmp
DNS Servers: 156.154.70.25 - 156.154.71.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{807475DA-0205-4113-AEEE-5AF566EA7A6E}] => (Allow) C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{907C6B85-1989-4C3C-8514-B458F462847C}] => (Allow) C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{68BA6026-2831-45B8-93A2-089D7C57695E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{272776C8-4FCE-4428-8C5C-A0760AD5115F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7455D731-38E3-4242-85C7-6ADC69F39E59}] => (Allow) C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\OneDrive.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/22/2015 07:12:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOSHIBA-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2147024865. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/22/2015 07:12:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOSHIBA-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/22/2015 07:00:39 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4780) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/22/2015 07:00:39 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (4780) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/22/2015 07:00:29 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4780) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/22/2015 07:00:29 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (4780) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/22/2015 07:00:18 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4780) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/22/2015 07:00:18 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (4780) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/22/2015 07:00:08 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4780) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/22/2015 07:00:08 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (4780) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Systemfehler:
=============
Error: (09/22/2015 07:12:11 PM) (Source: DCOM) (EventID: 10001) (User: TOSHIBA-PC)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXr0dtzccx33hvam1xwfz3c1354p6222qd.mcaNicht verfügbarNicht verfügbar
Error: (09/22/2015 07:12:11 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA-PC)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca
Error: (09/22/2015 07:09:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "GeekBuddyRSP Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/22/2015 07:09:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SynTPEnh Caller Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/22/2015 07:09:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Message Queuing" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/22/2015 07:09:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "GeekBuddyRSP Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/22/2015 07:09:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/22/2015 07:09:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "COMODO Chromodo Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/22/2015 07:09:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/22/2015 07:09:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "COMODO LPS Launcher" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2015-09-22 19:39:49.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-22 19:01:20.646
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-22 18:53:46.401
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-22 18:43:45.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-22 18:36:50.330
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-21 22:50:19.943
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-21 22:35:54.246
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-21 22:24:17.373
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-21 22:12:01.728
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-09-21 22:12:01.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD V140 Processor
Prozentuale Nutzung des RAM: 41%
Installierter physikalischer RAM: 3835.69 MB
Verfügbarer physikalischer RAM: 2238.95 MB
Summe virtueller Speicher: 7675.69 MB
Verfügbarer virtueller Speicher: 5932.37 MB
==================== Laufwerke ================================
Drive c: (SYSTEM) (Fixed) (Total:97.66 GB) (Free:40.72 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (DATA) (Fixed) (Total:135.23 GB) (Free:133.32 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 441A53E7)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135.2 GB) - (Type=OF Extended)
==================== Ende von Addition.txt ============================
|
|
23.09.2015, 09:32
| #11 |
| /// the machine /// TB-Ausbilder | Unkontrollierter Mailversand von meiner web.de-AdresseESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.09.2015, 18:57
| #12 |
| | Unkontrollierter Mailversand von meiner web.de-Adresse Tablet Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=46c41a71545aff488dcd8e9718428941
# end=init
# utc_time=2015-09-23 04:18:56
# local_time=2015-09-23 06:18:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 25907
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=46c41a71545aff488dcd8e9718428941
# end=updated
# utc_time=2015-09-23 04:20:42
# local_time=2015-09-23 06:20:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=46c41a71545aff488dcd8e9718428941
# engine=25907
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-23 05:35:11
# local_time=2015-09-23 07:35:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 6495769 44128664 0 0
# scanned=181510
# found=12
# cleaned=0
# scan_time=4468
sh=AD77B82DF7DB83A0DAD3A93E37AC6CE9407956F5 ft=0 fh=0000000000000000 vn="Variante von Win32/Injector.CHPM Trojaner" ac=I fn="C:\Users\Melly\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\34cbafe85d71f1d6\120712-0049\Att\2000adf2\flash_update.zip"
sh=2D96860125935658A7E03C3ABFAC2AAD802E9820 ft=0 fh=0000000000000000 vn="Variante von Win32/Injector.CHPM Trojaner" ac=I fn="C:\Users\Melly\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\34cbafe85d71f1d6\120712-0049\Att\2000ae03\payment.zip"
sh=779CBDACC0D72A8AD6A0BC198939ED71B98627CB ft=1 fh=54642e892d7bd86f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Melly\Downloads\Font Pack Top 50 Free Font - CHIP-Installer.exe"
sh=25339464076D28A9946D7146884F6F15A280E6E7 ft=1 fh=e8d5cb02c26c051b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Melly\Downloads\MyRouter Virtual WiFi Router - CHIP-Installer.exe"
sh=866C250EE4468E94AC6EC8DD8B49AA243E2BD89E ft=1 fh=c0b9df66188b338d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Melly\Downloads\WiFi HotSpot Creator - CHIP-Installer.exe"
sh=8373E5B467E3626514C5FCAAD0D5B5689B7CC356 ft=1 fh=ab44db0284d70efd vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Melly\AppData\Local\Microsoft\Windows\INetCache\IE\54ZRUB0K\setup[1].exe"
sh=40CE0A58E99858007E5DCD0BB5BF6A122686A917 ft=1 fh=f92770b35775886c vn="Win32/Somoto.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Melly\AppData\Local\Microsoft\Windows\INetCache\IE\AWD3NO1R\BiTool[1].dll"
sh=40CE0A58E99858007E5DCD0BB5BF6A122686A917 ft=1 fh=f92770b35775886c vn="Win32/Somoto.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Melly\AppData\Local\Temp\bitool.dll"
sh=8373E5B467E3626514C5FCAAD0D5B5689B7CC356 ft=1 fh=ab44db0284d70efd vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Melly\AppData\Local\Temp\nsjA354.tmp"
sh=8373E5B467E3626514C5FCAAD0D5B5689B7CC356 ft=1 fh=ab44db0284d70efd vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Melly\AppData\Local\Temp\nspA2E2.tmp"
sh=4E5E8B54DDA603D7E83F3EDE2BCDD8064D4EDF22 ft=1 fh=895bb0fee970ac49 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Melly\AppData\Local\Temp\DMR\dmr_72.exe"
sh=7548B13AED673BDDE58E132757F6392B9F748EB0 ft=1 fh=0a660e57763a0718 vn="Win32/WebDevAZ.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Melly\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\bc9b72314b6cb552cdad7a6314a1f980\WiFi20HotSpotCreatorSetup.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.008
x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Flash Player 19.0.0.185
Mozilla Firefox (40.0.3)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015
durchgeführt von Melly (Administrator) auf BUMBLEBEE (23-09-2015 19:53:15)
Gestartet von C:\Users\Melly\Downloads
Geladene Profile: Melly (Verfügbare Profile: Melly & Administrator)
Platform: Microsoft Windows 10 Home (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(ASUSTek Computer INC.) C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Dropbox, Inc.) C:\Users\Melly\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6208.42001.0_x86__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6208.42001.0_x86__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.9.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2904064 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\Run: [Spotify Web Helper] => C:\Users\Melly\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-06-02] (Spotify Ltd)
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\Run: [Dropbox Update] => C:\Users\Melly\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Melly\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Melly\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Melly\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-06-14]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-06-14]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2014-06-19]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{47e8a5ae-3ba9-44ca-ae35-b23842545b0e}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2014-06-29] (LastPass)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2014-06-29] (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2014-06-14] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-18] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Extension: LastPass - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\support@lastpass.com [2015-07-20]
FF Extension: Garmin Communicator - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-06-01]
FF Extension: WOT - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-13]
FF Extension: FireFTP - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-06-01]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: Adblock Plus - C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-14]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-07-31]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [461672 2015-08-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-31] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-31] (Avira Operations GmbH & Co. KG)
S2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
S2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [111416 2013-09-09] (ASUSTek Computer Inc.)
S2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2014-04-19] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1874104 2015-07-14] (Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290208 2015-07-30] (Intel Corporation)
S2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
S2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [283552 2015-07-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
S3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [68376 2014-02-13] (ASUS Corporation)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [116032 2015-08-27] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [104840 2015-08-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [138800 2015-08-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [37896 2015-05-20] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [37384 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [304344 2014-04-19] (Broadcom Corp)
S3 BthA2DP; C:\WINDOWS\system32\drivers\BthA2DP.sys [125440 2015-07-10] (Microsoft Corporation)
S3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [193536 2015-07-10] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23040 2015-07-10] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\System32\drivers\btwampfl.sys [162560 2015-04-09] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\System32\drivers\BtwSerialBus.sys [139520 2015-04-09] (Broadcom Corporation.)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 CM3218x; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
R3 CPLMACPI; C:\WINDOWS\system32\DRIVERS\CPLMACPI.sys [25040 2015-07-08] (Capella Microsystems, Inc.)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [44496 2014-01-22] (Intel Corporation)
R3 DptfDevDBPT; C:\WINDOWS\System32\drivers\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\System32\drivers\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\System32\drivers\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\System32\drivers\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 eapihdrv; C:\Users\Melly\AppData\Local\Temp\ehdrv.sys [135760 2015-09-23] (ESET)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17416 2015-05-13] (ASUS)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S3 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [505192 2013-08-09] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32664 2014-01-22] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35904 2015-06-26] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [263936 2015-05-21] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [31848 2015-06-18] (Avira Operations GmbH & Co. KG)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-23 19:53 - 2015-09-23 19:53 - 00018855 _____ C:\Users\Melly\Downloads\FRST.txt
2015-09-23 19:53 - 2015-09-23 19:53 - 00000000 ____D C:\Users\Melly\Downloads\FRST-OlderVersion
2015-09-23 19:46 - 2015-09-23 19:46 - 00852704 _____ C:\Users\Melly\Desktop\SecurityCheck.exe
2015-09-23 19:31 - 2015-09-23 19:31 - 00016148 _____ C:\WINDOWS\system32\BUMBLEBEE_Melly_HistoryPrediction.bin
2015-09-23 18:18 - 2015-09-23 18:18 - 02870984 _____ (ESET) C:\Users\Melly\Desktop\esetsmartinstaller_deu.exe
2015-09-22 19:06 - 2015-09-22 19:06 - 00000910 _____ C:\Users\Melly\Desktop\JRT.txt
2015-09-22 19:01 - 2015-09-22 19:02 - 01798976 _____ (Malwarebytes) C:\Users\Melly\Desktop\JRT.exe
2015-09-22 18:49 - 2015-09-22 18:50 - 00000000 ____D C:\AdwCleaner
2015-09-22 18:48 - 2015-09-22 18:48 - 01662976 _____ C:\Users\Melly\Desktop\AdwCleaner_5.008.exe
2015-09-22 18:39 - 2015-09-22 18:39 - 00000000 ___HD C:\OneDriveTemp
2015-09-21 18:16 - 2015-09-21 18:17 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Melly\Desktop\tdsskiller.exe
2015-09-21 17:55 - 2015-09-21 17:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-21 17:54 - 2015-09-21 18:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-21 17:54 - 2015-09-21 17:54 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-21 17:53 - 2015-09-21 18:09 - 00000000 ____D C:\Users\Melly\Desktop\mbar
2015-09-21 17:53 - 2015-09-21 17:53 - 00094936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-21 17:51 - 2015-09-21 17:53 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Melly\Desktop\mbar-1.09.3.1001.exe
2015-09-20 19:32 - 2015-09-23 19:53 - 00000000 ____D C:\FRST
2015-09-20 19:31 - 2015-09-23 19:53 - 01695744 _____ (Farbar) C:\Users\Melly\Downloads\FRST.exe
2015-09-18 20:26 - 2015-09-18 20:26 - 00000000 ____D C:\Users\Melly\AppData\Local\NetworkTiles
2015-09-14 21:54 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-14 21:53 - 2015-09-02 04:04 - 00069208 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-14 21:53 - 2015-09-02 02:31 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-14 21:53 - 2015-09-02 02:30 - 01134080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-14 21:53 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-14 21:53 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-14 21:53 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-14 21:53 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-14 21:53 - 2015-08-27 07:19 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-14 21:53 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-14 21:53 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-14 21:53 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-14 21:53 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-14 21:53 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-14 21:53 - 2015-08-27 07:11 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-14 21:53 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-14 21:53 - 2015-08-27 07:10 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-14 21:53 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-14 21:53 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-14 21:53 - 2015-08-20 07:25 - 06265168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-14 21:53 - 2015-08-20 07:22 - 00549160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-14 21:53 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-14 21:53 - 2015-08-20 06:46 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-14 21:53 - 2015-08-20 06:41 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-14 21:53 - 2015-08-20 06:35 - 01829376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-14 21:53 - 2015-08-20 06:30 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-09-14 21:53 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-14 21:53 - 2015-08-18 09:26 - 00284000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-14 21:53 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-14 21:53 - 2015-08-18 09:14 - 00192864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2015-09-14 21:53 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-14 21:53 - 2015-08-18 08:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-14 21:53 - 2015-08-18 08:47 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-14 21:53 - 2015-08-18 08:41 - 01161216 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-14 21:53 - 2015-08-18 08:40 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-14 21:53 - 2015-08-18 08:38 - 01875968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-14 21:53 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-14 21:53 - 2015-08-18 08:35 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-14 21:53 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-14 21:53 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-14 21:53 - 2015-08-18 08:35 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-14 21:53 - 2015-08-18 08:34 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-14 21:53 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-14 21:53 - 2015-08-18 08:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-14 21:53 - 2015-08-18 08:31 - 01917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-14 21:53 - 2015-08-18 08:30 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-14 21:53 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-14 21:53 - 2015-08-18 08:26 - 01499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-14 21:53 - 2015-08-18 08:26 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-14 21:53 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-14 21:53 - 2015-08-18 06:42 - 00006631 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-09-14 21:53 - 2015-08-18 06:42 - 00006313 _____ C:\WINDOWS\system32\ResPriImageList
2015-09-14 21:44 - 2015-08-03 03:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-09-14 21:43 - 2015-08-11 11:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-09-14 21:43 - 2015-08-11 10:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-14 21:43 - 2015-08-11 10:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-09-14 21:43 - 2015-08-08 08:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-09-14 21:43 - 2015-08-08 08:00 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-09-14 21:43 - 2015-08-04 04:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-09-14 21:43 - 2015-08-03 03:57 - 01709920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-09-14 21:43 - 2015-08-03 03:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-09-14 21:43 - 2015-08-03 03:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-09-14 21:43 - 2015-08-03 03:06 - 03025408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-09-14 21:43 - 2015-08-03 03:02 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-09-14 21:43 - 2015-07-30 06:26 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-09-14 21:43 - 2015-07-30 06:26 - 01341920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-09-14 21:43 - 2015-07-30 06:26 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-09-14 21:43 - 2015-07-30 06:25 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-09-14 21:43 - 2015-07-30 06:23 - 01808224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-09-14 21:43 - 2015-07-30 05:15 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-09-14 21:43 - 2015-07-30 05:04 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-09-14 21:43 - 2015-07-30 05:00 - 01125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-09-14 21:43 - 2015-07-26 06:28 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-09-14 21:43 - 2015-07-26 05:38 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-09-14 21:43 - 2015-07-24 04:39 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-09-14 21:43 - 2015-07-22 05:11 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-09-14 21:43 - 2015-07-18 09:29 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-09-14 21:43 - 2015-07-16 05:47 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-09-14 21:43 - 2015-07-16 05:27 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-14 21:43 - 2015-07-16 05:21 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-09-14 21:43 - 2015-07-15 05:07 - 00987072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-09-14 21:43 - 2015-07-15 04:22 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-09-14 21:43 - 2015-07-15 04:10 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-09-14 21:43 - 2015-07-11 02:51 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-09-14 21:43 - 2015-07-11 02:41 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-09-14 21:43 - 2015-07-11 02:40 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-09-14 21:43 - 2015-07-10 17:51 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-09-14 21:43 - 2015-07-10 12:27 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-09-14 21:43 - 2015-07-10 12:07 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-09-14 21:42 - 2015-08-13 05:55 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-09-14 21:42 - 2015-08-11 11:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-09-14 21:42 - 2015-08-11 11:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-09-14 21:42 - 2015-08-11 11:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-09-14 21:42 - 2015-08-11 11:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-09-14 21:42 - 2015-08-11 11:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-09-14 21:42 - 2015-08-11 11:25 - 01183056 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-14 21:42 - 2015-08-11 10:53 - 00301056 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-09-14 21:42 - 2015-08-11 10:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-09-14 21:42 - 2015-08-11 10:51 - 01823232 _____ C:\WINDOWS\system32\InputService.dll
2015-09-14 21:42 - 2015-08-11 10:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-09-14 21:42 - 2015-08-11 10:47 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-09-14 21:42 - 2015-08-11 10:46 - 00923648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-09-14 21:42 - 2015-08-11 10:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-09-14 21:42 - 2015-08-11 10:43 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-09-14 21:42 - 2015-08-11 10:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-09-14 21:42 - 2015-08-11 10:41 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-09-14 21:42 - 2015-08-11 10:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-09-14 21:42 - 2015-08-11 10:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-09-14 21:42 - 2015-08-08 08:59 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-09-14 21:42 - 2015-08-06 04:50 - 00197472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-09-14 21:42 - 2015-08-06 04:50 - 00173408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-09-14 21:42 - 2015-08-06 04:01 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-09-14 21:42 - 2015-08-05 06:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-09-14 21:42 - 2015-08-05 05:40 - 00995840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-09-14 21:42 - 2015-08-05 05:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-09-14 21:42 - 2015-08-04 05:50 - 00085344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-09-14 21:42 - 2015-08-04 05:10 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-09-14 21:42 - 2015-08-03 04:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-09-14 21:42 - 2015-08-03 03:57 - 00503600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-09-14 21:42 - 2015-08-03 03:57 - 00436064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-09-14 21:42 - 2015-08-03 03:57 - 00415072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-09-14 21:42 - 2015-08-03 03:57 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-09-14 21:42 - 2015-08-03 03:18 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-09-14 21:42 - 2015-08-03 03:18 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-09-14 21:42 - 2015-08-03 03:13 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-09-14 21:42 - 2015-08-03 03:13 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-09-14 21:42 - 2015-08-03 03:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-09-14 21:42 - 2015-08-03 03:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-09-14 21:42 - 2015-08-03 03:11 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-09-14 21:42 - 2015-08-03 03:10 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-09-14 21:42 - 2015-08-03 03:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-09-14 21:42 - 2015-08-03 03:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-09-14 21:42 - 2015-08-03 03:06 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-09-14 21:42 - 2015-08-03 03:05 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-09-14 21:42 - 2015-08-03 03:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-09-14 21:42 - 2015-08-03 03:03 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-09-14 21:42 - 2015-08-03 03:03 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-09-14 21:42 - 2015-08-03 03:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-09-14 21:42 - 2015-08-03 03:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-09-14 21:42 - 2015-08-03 02:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-09-14 21:42 - 2015-07-30 06:25 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-09-14 21:42 - 2015-07-30 06:24 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-09-14 21:42 - 2015-07-30 06:24 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-09-14 21:42 - 2015-07-30 06:24 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-09-14 21:42 - 2015-07-30 06:22 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-09-14 21:42 - 2015-07-30 06:22 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-09-14 21:42 - 2015-07-30 06:09 - 00193888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-09-14 21:42 - 2015-07-30 05:24 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-09-14 21:42 - 2015-07-30 05:24 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-09-14 21:42 - 2015-07-30 05:22 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-09-14 21:42 - 2015-07-30 05:21 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-09-14 21:42 - 2015-07-30 05:17 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-09-14 21:42 - 2015-07-30 05:12 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-09-14 21:42 - 2015-07-30 05:12 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-09-14 21:42 - 2015-07-30 05:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-09-14 21:42 - 2015-07-30 05:06 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-09-14 21:42 - 2015-07-30 05:06 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-09-14 21:42 - 2015-07-30 05:06 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-09-14 21:42 - 2015-07-30 05:04 - 00741376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-09-14 21:42 - 2015-07-30 05:04 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-09-14 21:42 - 2015-07-30 05:04 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-09-14 21:42 - 2015-07-30 04:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-09-14 21:42 - 2015-07-30 04:58 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-09-14 21:42 - 2015-07-26 06:30 - 00868752 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-09-14 21:42 - 2015-07-26 06:30 - 00751520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-09-14 21:42 - 2015-07-26 06:28 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-09-14 21:42 - 2015-07-26 06:28 - 00902320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-09-14 21:42 - 2015-07-26 05:35 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-09-14 21:42 - 2015-07-26 05:34 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-09-14 21:42 - 2015-07-26 05:30 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-09-14 21:42 - 2015-07-26 05:30 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-09-14 21:42 - 2015-07-26 05:29 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-09-14 21:42 - 2015-07-24 05:29 - 00369504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-09-14 21:42 - 2015-07-24 05:12 - 00850784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-09-14 21:42 - 2015-07-24 05:12 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-09-14 21:42 - 2015-07-24 04:55 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-09-14 21:42 - 2015-07-24 04:53 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-09-14 21:42 - 2015-07-24 04:50 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-09-14 21:42 - 2015-07-24 04:37 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-09-14 21:42 - 2015-07-24 04:24 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-09-14 21:42 - 2015-07-24 04:23 - 01153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-09-14 21:42 - 2015-07-22 06:00 - 00469856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-09-14 21:42 - 2015-07-22 05:59 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-09-14 21:42 - 2015-07-22 05:53 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-09-14 21:42 - 2015-07-22 05:14 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-09-14 21:42 - 2015-07-22 05:13 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-14 21:42 - 2015-07-22 05:13 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-09-14 21:42 - 2015-07-22 05:10 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-09-14 21:42 - 2015-07-22 05:03 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-09-14 21:42 - 2015-07-19 05:32 - 00520640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-09-14 21:42 - 2015-07-19 05:27 - 00918880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-09-14 21:42 - 2015-07-19 04:52 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-09-14 21:42 - 2015-07-19 04:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-09-14 21:42 - 2015-07-18 10:29 - 00191144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-09-14 21:42 - 2015-07-18 09:43 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-09-14 21:42 - 2015-07-18 09:37 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-09-14 21:42 - 2015-07-18 09:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-09-14 21:42 - 2015-07-18 09:26 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-09-14 21:42 - 2015-07-18 09:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-09-14 21:42 - 2015-07-17 05:03 - 00351072 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2015-09-14 21:42 - 2015-07-17 05:03 - 00351072 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-09-14 21:42 - 2015-07-17 04:05 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-09-14 21:42 - 2015-07-17 04:00 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-09-14 21:42 - 2015-07-17 03:59 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-09-14 21:42 - 2015-07-17 03:56 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-09-14 21:42 - 2015-07-17 03:53 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-09-14 21:42 - 2015-07-17 03:53 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-09-14 21:42 - 2015-07-17 03:51 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-09-14 21:42 - 2015-07-17 03:50 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-09-14 21:42 - 2015-07-17 03:44 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-09-14 21:42 - 2015-07-16 07:28 - 00054112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-09-14 21:42 - 2015-07-16 05:52 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-09-14 21:42 - 2015-07-16 05:46 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-09-14 21:42 - 2015-07-16 05:32 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-09-14 21:42 - 2015-07-16 05:29 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-14 21:42 - 2015-07-16 05:26 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-09-14 21:42 - 2015-07-16 05:25 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-09-14 21:42 - 2015-07-16 05:19 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-09-14 21:42 - 2015-07-15 05:19 - 00257888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-09-14 21:42 - 2015-07-15 05:18 - 01395568 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-14 21:42 - 2015-07-15 04:32 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-09-14 21:42 - 2015-07-15 04:16 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-09-14 21:42 - 2015-07-14 04:37 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-09-14 21:42 - 2015-07-14 03:44 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-09-14 21:42 - 2015-07-14 03:30 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-09-14 21:42 - 2015-07-14 03:27 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-09-14 21:42 - 2015-07-14 03:20 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-09-14 21:42 - 2015-07-13 01:30 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-09-14 21:42 - 2015-07-12 02:05 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-09-14 21:42 - 2015-07-12 01:52 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-09-14 21:42 - 2015-07-12 01:46 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-09-14 21:42 - 2015-07-11 03:02 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-09-14 21:42 - 2015-07-11 02:43 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-09-14 21:42 - 2015-07-11 02:42 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-09-14 21:42 - 2015-07-11 02:34 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-09-14 21:42 - 2015-07-10 17:47 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-09-14 21:42 - 2015-07-10 13:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-09-14 21:42 - 2015-07-10 12:09 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-09-14 21:42 - 2015-07-10 12:05 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-09-14 21:41 - 2015-08-13 05:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-09-14 21:41 - 2015-08-11 11:40 - 00392032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-09-14 21:41 - 2015-08-11 11:38 - 00066896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-09-14 21:41 - 2015-08-11 10:59 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-09-14 21:41 - 2015-08-11 10:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-09-14 21:41 - 2015-08-11 10:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-09-14 21:41 - 2015-08-11 10:58 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-09-14 21:41 - 2015-08-11 10:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-09-14 21:41 - 2015-08-11 10:53 - 00284672 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-09-14 21:41 - 2015-08-11 10:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-09-14 21:41 - 2015-08-11 10:50 - 00200704 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-09-14 21:41 - 2015-08-11 10:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-09-14 21:41 - 2015-08-11 10:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-14 21:41 - 2015-08-11 10:49 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-09-14 21:41 - 2015-08-11 10:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-09-14 21:41 - 2015-08-11 10:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-09-14 21:41 - 2015-08-11 10:46 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-09-14 21:41 - 2015-08-11 10:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2015-09-14 21:41 - 2015-08-11 10:44 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-09-14 21:41 - 2015-08-11 10:40 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-09-14 21:41 - 2015-08-11 10:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-09-14 21:41 - 2015-08-11 10:38 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-09-14 21:41 - 2015-08-11 10:38 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-09-14 21:41 - 2015-08-11 10:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-09-14 21:41 - 2015-08-11 10:37 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-14 21:41 - 2015-08-03 03:57 - 00042904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-09-14 21:41 - 2015-08-03 03:57 - 00036704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-09-14 21:41 - 2015-07-30 06:22 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-09-14 21:41 - 2015-07-30 05:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-09-14 21:41 - 2015-07-30 05:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-09-14 21:41 - 2015-07-30 05:07 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-09-14 21:41 - 2015-07-30 05:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-09-14 21:41 - 2015-07-30 05:06 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-09-14 21:41 - 2015-07-30 05:06 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-09-14 21:41 - 2015-07-30 05:03 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-09-14 21:41 - 2015-07-30 05:01 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-09-14 21:41 - 2015-07-24 05:11 - 00442720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-09-14 21:41 - 2015-07-24 04:31 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-09-14 21:41 - 2015-07-24 04:30 - 00729088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-09-14 21:41 - 2015-07-22 05:21 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-09-14 21:41 - 2015-07-22 05:09 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-09-14 21:41 - 2015-07-18 10:47 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-09-14 21:41 - 2015-07-18 09:28 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-09-14 21:41 - 2015-07-18 09:26 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-09-14 21:41 - 2015-07-18 09:26 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-09-14 21:41 - 2015-07-18 09:25 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-09-14 21:41 - 2015-07-18 09:24 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-09-14 21:41 - 2015-07-17 05:09 - 00506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-09-14 21:41 - 2015-07-17 04:05 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-09-14 21:41 - 2015-07-17 04:00 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-09-14 21:41 - 2015-07-17 03:45 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-09-14 21:41 - 2015-07-16 05:38 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-09-14 21:41 - 2015-07-16 05:21 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-09-14 21:41 - 2015-07-15 04:41 - 00025088 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-09-14 21:41 - 2015-07-15 04:13 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-09-14 21:41 - 2015-07-15 04:03 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-09-14 21:41 - 2015-07-11 02:40 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-14 21:41 - 2015-07-11 02:40 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-09-14 21:41 - 2015-07-10 12:42 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-09-14 21:37 - 2015-09-14 21:37 - 00061776 _____ C:\Users\Melly\Downloads\FORTE.TTF
2015-09-14 20:26 - 2015-09-14 20:26 - 00000000 ___RD C:\Users\Melly\3D Objects
2015-09-14 19:47 - 2015-09-14 19:47 - 00000000 ____D C:\Users\Melly\AppData\Local\MicrosoftEdge
2015-09-14 19:37 - 2015-09-14 19:37 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-14 19:29 - 2015-09-15 21:19 - 00002401 _____ C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-14 19:27 - 2015-09-14 19:27 - 00000000 ____D C:\Users\Melly\AppData\Local\Publishers
2015-09-14 19:26 - 2015-09-23 18:08 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-09-14 19:26 - 2015-09-14 22:23 - 00000000 ____D C:\Users\Melly\AppData\Local\Comms
2015-09-14 19:26 - 2015-09-14 19:26 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-09-14 19:26 - 2015-09-14 19:26 - 00000000 ____D C:\Users\Melly\AppData\Local\TileDataLayer
2015-09-14 19:25 - 2015-09-14 19:25 - 00000020 ___SH C:\Users\Melly\ntuser.ini
2015-09-14 19:22 - 2015-09-14 19:22 - 00053352 _____ C:\WINDOWS\system32\ASGCoInstaller_x86.dll
2015-09-14 19:22 - 2015-09-14 19:22 - 00000000 ____D C:\ProgramData\SetupTPDriver
2015-09-14 19:14 - 2015-09-15 21:20 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-14 19:14 - 2015-09-14 18:18 - 00000000 __SHD C:\Recovery
2015-09-14 19:12 - 2015-09-14 19:13 - 00000000 ____D C:\Windows.old
2015-09-14 19:11 - 2015-09-14 19:11 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-09-14 19:10 - 2015-09-14 19:10 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2015-09-14 19:10 - 2015-09-14 19:10 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-09-14 19:10 - 2015-09-14 19:10 - 00000000 ____D C:\Program Files\MSBuild
2015-09-14 19:09 - 2015-05-29 22:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-09-14 19:09 - 2015-05-29 22:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-14 19:09 - 2015-05-29 22:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\Programme
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\ProgramData\Startmenü
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:45 - 2015-09-14 18:45 - 00000000 _SHDL C:\ProgramData\Dokumente
2015-09-14 18:41 - 2015-09-14 18:41 - 00021532 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-09-14 18:38 - 2015-09-22 19:01 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-14 18:31 - 2015-09-14 18:31 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-14 18:24 - 2015-09-14 18:24 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-09-14 18:22 - 2015-09-14 23:06 - 00000000 ____D C:\Users\Melly
2015-09-14 18:22 - 2015-09-14 19:26 - 00000000 ___RD C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-14 18:22 - 2015-09-14 18:34 - 00000000 ____D C:\Users\Administrator
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Startmenü
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Netzwerkumgebung
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Druckumgebung
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Documents\Eigene Musik
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\Documents\Eigene Bilder
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Melly\AppData\Local\Verlauf
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-14 18:22 - 2015-09-14 18:22 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 __RSD C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 __RSD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-14 18:22 - 2015-07-10 10:28 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-14 18:17 - 2015-09-14 18:25 - 00000000 ____D C:\Program Files\Intel
2015-09-14 18:17 - 2015-09-14 18:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SdoV2_02_15_00.Wdf
2015-09-14 18:17 - 2015-09-14 18:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_CM3218x_01_11_00.Wdf
2015-09-14 18:17 - 2015-07-30 22:41 - 00069104 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-09-14 18:16 - 2015-09-14 18:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_INVN_MotionApps_01_11_00.Wdf
2015-09-14 18:16 - 2015-09-14 18:16 - 00000000 ____D C:\Program Files\Common Files\Intel
2015-09-14 18:15 - 2015-09-22 22:17 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-09-14 18:15 - 2015-09-22 18:55 - 00000952 _____ C:\WINDOWS\PFRO.log
2015-09-14 18:15 - 2015-09-14 18:16 - 00026751 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-09-14 17:25 - 2015-09-14 18:44 - 00013338 _____ C:\WINDOWS\diagwrn.xml
2015-09-14 17:25 - 2015-09-14 18:44 - 00013338 _____ C:\WINDOWS\diagerr.xml
2015-09-14 17:25 - 2015-09-14 18:42 - 00006610 _____ C:\WINDOWS\comsetup.log
2015-09-13 22:37 - 2015-09-14 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-13 22:37 - 2015-09-13 22:37 - 00001829 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-13 22:36 - 2015-09-13 22:37 - 00000000 ____D C:\Program Files\QuickTime
2015-09-13 22:35 - 2015-09-14 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-13 22:35 - 2015-09-13 22:35 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-13 22:34 - 2015-09-13 22:35 - 00000000 ____D C:\Program Files\iTunes
2015-09-13 22:34 - 2015-09-13 22:34 - 00000000 ____D C:\Program Files\iPod
2015-09-13 12:49 - 2015-09-13 12:49 - 00001114 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-09-05 23:55 - 2015-09-14 18:32 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-01 23:39 - 2015-09-13 12:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-31 21:32 - 2015-08-31 21:32 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Logitech
2015-08-31 21:32 - 2015-08-31 21:32 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Logishrd
2015-08-31 21:31 - 2015-08-31 21:32 - 02190408 _____ (Logitech Inc.) C:\Users\Melly\Downloads\ConnectUtility.exe
2015-08-31 21:28 - 2015-09-14 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-08-31 21:28 - 2015-08-31 21:28 - 00000000 ____D C:\ProgramData\LogiShrd
2015-08-31 21:28 - 2015-08-31 21:28 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2015-08-31 21:27 - 2015-08-31 21:27 - 04147600 _____ ($Co_Name Inc.) C:\Users\Melly\Downloads\unifying250.exe
2015-08-27 10:29 - 2015-08-27 10:29 - 00862664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr110.dll
2015-08-27 10:29 - 2015-08-27 10:29 - 00534480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110.dll
2015-08-27 10:29 - 2015-08-27 10:29 - 00251864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib110.dll
2015-08-27 10:29 - 2015-08-27 10:29 - 00116032 _____ (ASUS Corporation) C:\WINDOWS\system32\Drivers\AsusSGDrv.sys
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-23 19:42 - 2014-06-14 23:12 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-23 19:40 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-23 19:22 - 2015-06-18 17:11 - 00001244 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001UA.job
2015-09-23 19:08 - 2014-04-19 09:48 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-23 18:09 - 2014-06-18 20:39 - 00000000 ___DO C:\Users\Melly\OneDrive
2015-09-23 18:09 - 2014-06-14 17:11 - 00000000 ___RD C:\Users\Melly\Dropbox
2015-09-23 18:09 - 2014-06-14 17:09 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Dropbox
2015-09-22 19:24 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-09-22 18:58 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-22 18:56 - 2015-07-10 11:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-22 18:56 - 2015-07-10 11:53 - 00260416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-22 18:55 - 2015-07-10 08:59 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-22 18:54 - 2015-07-10 15:16 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-22 18:54 - 2015-07-10 15:12 - 00000000 ____D C:\WINDOWS\system32\Drivers\de-DE
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\de-DE
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-22 18:54 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Provisioning
2015-09-22 18:38 - 2015-07-10 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-20 22:23 - 2015-06-18 17:11 - 00001192 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001Core.job
2015-09-15 21:20 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\AppCompat
2015-09-14 20:04 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-09-14 19:53 - 2014-06-16 21:09 - 00000000 __SHD C:\aws
2015-09-14 19:53 - 2013-12-13 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-09-14 19:53 - 2013-12-13 22:38 - 00000000 ____D C:\Program Files\Common Files\AWS
2015-09-14 19:53 - 2013-12-13 22:38 - 00000000 ____D C:\Program Files\ASUS
2015-09-14 19:42 - 2014-06-14 14:49 - 00000000 ____D C:\Users\Melly\AppData\Roaming\WebStorage
2015-09-14 19:27 - 2015-01-07 20:27 - 00000000 ____D C:\Users\Melly\AppData\Local\PackageStaging
2015-09-14 19:26 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-09-14 19:26 - 2015-07-10 10:28 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-09-14 19:23 - 2014-04-19 10:02 - 00000000 ____D C:\Program Files\DIFX
2015-09-14 19:23 - 2014-04-19 09:56 - 00038112 _____ C:\WINDOWS\DPINST.LOG
2015-09-14 19:14 - 2015-07-10 10:28 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-09-14 19:10 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-09-14 18:45 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Windows NT
2015-09-14 18:45 - 2015-07-10 08:59 - 00000000 __RHD C:\Users\Default
2015-09-14 18:44 - 2015-07-10 11:53 - 00015698 _____ C:\WINDOWS\setupact.log
2015-09-14 18:42 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\rescache
2015-09-14 18:42 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\Registration
2015-09-14 18:42 - 2014-06-14 14:48 - 00000000 ____D C:\WINDOWS\system32\NETGEAR
2015-09-14 18:36 - 2015-07-10 10:28 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-14 18:36 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-09-14 18:32 - 2015-07-10 10:29 - 00004362 _____ C:\WINDOWS\DtcInstall.log
2015-09-14 18:32 - 2015-07-10 08:59 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-14 18:32 - 2015-05-12 23:19 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-14 18:32 - 2015-05-12 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-09-14 18:32 - 2015-01-01 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-09-14 18:32 - 2014-11-22 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-14 18:32 - 2014-11-01 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-14 18:32 - 2014-10-03 20:04 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brettspielwelt
2015-09-14 18:32 - 2014-10-01 13:00 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-09-14 18:32 - 2014-09-09 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-09-14 18:32 - 2014-06-14 19:09 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-09-14 18:32 - 2014-06-14 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-09-14 18:32 - 2014-06-14 17:04 - 00000000 ____D C:\Users\Melly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dasher 4.11
2015-09-14 18:32 - 2014-06-14 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-14 18:32 - 2014-06-14 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-14 18:32 - 2013-08-22 08:21 - 00000000 ____D C:\Users\Default.migrated
2015-09-14 18:26 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-14 18:26 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-09-14 18:26 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-09-14 18:26 - 2013-08-22 10:17 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-09-14 18:25 - 2015-07-10 10:28 - 00000000 ___RD C:\Users\Public
2015-09-14 18:25 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\InputMethod
2015-09-14 18:25 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Microsoft.NET
2015-09-14 18:25 - 2015-07-10 10:28 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-14 18:23 - 2015-07-10 10:28 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-09-14 17:25 - 2015-07-10 15:40 - 00000000 ___HD C:\$Windows.~BT
2015-09-13 22:34 - 2015-06-01 21:29 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-09-13 22:34 - 2014-12-13 15:10 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-13 12:49 - 2014-04-19 09:56 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-13 12:43 - 2014-06-14 18:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-09 02:31 - 2014-07-27 20:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-26 18:36 - 2014-07-27 20:53 - 132039072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-06-14 19:09 - 2014-06-14 19:10 - 11211264 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2013-12-13 22:38 - 2012-07-30 08:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2013-12-13 22:38 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-12-13 22:38 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Einige Dateien in TEMP:
====================
C:\Users\Melly\AppData\Local\Temp\avgnt.exe
C:\Users\Melly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyobet6.dll
C:\Users\Melly\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-14 18:15
==================== Ende vom FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:23-09-2015
durchgeführt von Melly (2015-09-23 19:54:32)
Gestartet von C:\Users\Melly\Downloads
Microsoft Windows 10 Home (X86) (2015-09-14 17:18:13)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1758828274-3236195225-1443054956-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1758828274-3236195225-1443054956-503 - Limited - Disabled)
Gast (S-1-5-21-1758828274-3236195225-1443054956-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1758828274-3236195225-1443054956-1003 - Limited - Enabled)
Melly (S-1-5-21-1758828274-3236195225-1443054956-1001 - Administrator - Enabled) => C:\Users\Melly
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AC Reminder (HKLM\...\{B002B54C-FFE8-4331-8F9B-90CC9366362A}) (Version: 2.0.0 - ASUS)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.6 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BrettspielWelt (HKLM\...\BrettspielWelt) (Version: 1.0 - BrettspielWelt GmbH)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
Dasher 4.11 (HKLM\...\{BD8ECD28-2D32-11DF-8D17-000423472618}) (Version: 4.11 - The Dasher Project)
Dropbox (HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LastPass (Nur deinstallieren) (HKLM\...\LastPass) (Version: - LastPass)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4055 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - ASUS (AsusSGDrv) Mouse (07/07/2015 8.0.0.17) (HKLM\...\957A3BFBBA16065613E677D24C64785D717C6B05) (Version: 07/07/2015 8.0.0.17 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Melly\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1758828274-3236195225-1443054956-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Melly\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0254D69E-5E89-464C-8558-D59592DD2168} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {1B8B1182-214B-4036-B1C7-C6E4A26B8AEF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1BF6668A-E645-4941-98CE-19B3E6A33AF9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {232DFFC8-D233-4805-A993-F591FF224DF3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {3FEED5D4-8318-47FC-87E7-3A11CC43EE21} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {50FAE778-2887-4E3A-970D-42A212D6C034} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001UA => C:\Users\Melly\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {59D7B8CD-B25A-4513-94AD-65B032FD0ACB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {5A9DC0BD-FF6D-4E77-9CB4-D1920D97BD23} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001Core => C:\Users\Melly\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {5C6E24CC-AF35-4752-8669-3D0AED353FD3} - System32\Tasks\ASUS AC Reminder => C:\Program Files\ASUS\ASUS AC Reminder\ACReminderSrv.exe [2013-12-23] (ASUSTek Computer INC.)
Task: {8833A671-7E38-4171-94F4-948C96820AE4} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2015-08-27] (AsusTek)
Task: {933B03FD-D4D0-42F4-9F06-F66D59448E66} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1758828274-3236195225-1443054956-1001
Task: {947EDF4A-F306-4323-805E-A734BBB521EB} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {9E8448A2-2678-4138-8A60-D8890F1D3F58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23] (Adobe Systems Incorporated)
Task: {A628B384-7A03-4C9A-A452-F56563357621} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {CA427B08-9C27-460D-8213-05580A8AF116} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {CDA93F53-569E-4938-AD8A-EB6CE7FFF484} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {D2DE74CF-97B3-4F6B-8D7E-0766E00F97CF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {DAEF647E-C29D-4BA3-BC8A-9970572D6825} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {DF3D13C6-9815-49A0-ACB9-C2EEA6D4BF81} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {E2B266E1-D92F-4D61-A030-E472F258397B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {E61DF71D-AF38-42F2-9A25-662C5B1A6B07} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {EA8A500E-4AAA-4319-8458-C864031E397F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {EBA1F9FC-A53C-4C60-8BD8-AE4E816E20FA} - System32\Tasks\ASUS Live Update1 => C:\Program Files [2015-09-23] ()
Task: {F4E21E3A-FD64-4217-AA2D-2D7D2D7991C9} - System32\Tasks\ASUS Live Update2 => C:\Program Files [2015-09-23] ()
Task: {F51A26E6-87B2-4E54-9966-A2EAEBF967B4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001Core.job => C:\Users\Melly\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1758828274-3236195225-1443054956-1001UA.job => C:\Users\Melly\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-09-14 21:41 - 2015-07-15 04:41 - 00025088 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-10 10:25 - 2015-07-10 10:25 - 00007680 _____ () C:\Windows\System32\WppRecorderUM.dll
2015-09-14 21:42 - 2015-08-11 10:53 - 00301056 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-06-23 20:49 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-14 21:53 - 2015-08-18 09:27 - 01771592 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-14 21:53 - 2015-08-18 09:27 - 01771592 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 10:24 - 2015-07-10 10:24 - 00288768 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-09-14 21:43 - 2015-08-03 02:57 - 04317696 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 10:25 - 2015-07-10 15:16 - 00377856 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-14 21:42 - 2015-08-11 10:35 - 01183232 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-14 21:43 - 2015-08-03 02:55 - 01425920 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 10:25 - 2015-07-10 15:16 - 00107520 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-09-23 18:09 - 2015-09-23 18:09 - 00071168 _____ () c:\users\melly\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyobet6.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00012800 _____ () C:\Users\Melly\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00779776 _____ () C:\Users\Melly\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-01 09:21 - 2015-08-05 07:26 - 00056320 _____ () C:\Users\Melly\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00012288 _____ () C:\Users\Melly\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-11-20 22:16 - 2014-11-20 22:16 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-09-14 21:41 - 2015-08-11 10:50 - 00200704 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2015-09-14 20:08 - 2015-09-14 20:09 - 05131776 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.9.0_x86__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-09-14 20:08 - 2015-09-14 20:09 - 01398784 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.9.0_x86__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2015-07-18 16:48 - 2015-07-18 16:48 - 01020928 _____ () C:\Users\Melly\AppData\Roaming\Mozilla\Firefox\Profiles\zxxjq7kq.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Melly\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Melly\SkyDrive:ms-properties
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Melly\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop-hintergrund.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "PDFPrint"
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1758828274-3236195225-1443054956-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D91BE2CC-2443-4109-9F7C-A1442BA736F9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{9389C989-21ED-426D-B034-F77359997D7C}C:\program files\danusoft\wifi hotspot creator\wifi hotspot creator.exe] => (Allow) C:\program files\danusoft\wifi hotspot creator\wifi hotspot creator.exe
FirewallRules: [TCP Query User{4172DC57-8D0A-4A24-ADE6-5DC0EF65C6F3}C:\program files\danusoft\wifi hotspot creator\wifi hotspot creator.exe] => (Allow) C:\program files\danusoft\wifi hotspot creator\wifi hotspot creator.exe
FirewallRules: [{A064BC24-600E-4CCE-8896-E3888F36A18E}] => (Allow) C:\Program Files\DanuSoft\WiFi HotSpot Creator\WiFi HotSpot Creator.exe
FirewallRules: [{7622EF65-3A0F-4D97-B380-4D770FB0ACC2}] => (Allow) C:\Program Files\DanuSoft\WiFi HotSpot Creator\WiFi HotSpot Creator.exe
FirewallRules: [UDP Query User{13802BFB-4126-4595-A9A9-D1A384270915}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [TCP Query User{F7778C84-05B2-4E90-830C-6C2D5F2ABFE2}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [UDP Query User{56FB906E-BDC6-450B-B2F6-8DDD39B5AD20}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{9A7D3958-DB12-4CD8-85A3-E161CCA575F1}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{570F83BC-3F5C-41BC-B92A-94C854019E40}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D26E8E3B-6250-4112-9D9A-2429F7A9298F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{FE06066F-9F23-43C9-9DBD-1DC71C47E3C2}C:\users\melly\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melly\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D391D3FA-D6E2-44E0-9F8C-9FAF477E4178}C:\users\melly\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melly\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BCA58C55-323D-48F0-AC6D-31A9033C6E08}C:\users\melly\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melly\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{CC19BD34-4611-4F1B-B406-50E80439588C}C:\users\melly\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melly\appdata\roaming\spotify\spotify.exe
FirewallRules: [{15D5CD1E-0245-4D4C-B0C6-D6D50A040D4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4CCE1B45-9F49-41A1-9651-87C11C0A14D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A94941F2-A997-4F31-9CFE-C0E14605D3EA}] => (Allow) C:\Users\Melly\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{71C0D762-EFA4-4856-AB88-B27F17E7A43B}] => (Allow) C:\Users\Melly\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{97346E65-83B0-43C7-802A-558641B62881}] => (Allow) C:\Users\Melly\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/23/2015 06:08:53 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.
Error: (09/23/2015 06:08:53 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]
Error: (09/22/2015 06:58:54 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceMainThread: App specific mode was turned off, but timer was not running.
Error: (09/21/2015 09:47:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BUMBLEBEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/20/2015 10:51:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BUMBLEBEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/20/2015 07:28:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BUMBLEBEE)
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023169. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/18/2015 08:26:52 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1708) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/18/2015 08:26:52 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1708) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/18/2015 08:26:42 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1708) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/18/2015 08:26:42 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1708) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Systemfehler:
=============
Error: (09/23/2015 07:24:04 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (09/23/2015 06:54:00 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (09/23/2015 06:11:41 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (09/23/2015 06:08:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\bcmihvsrv.dll
Error: (09/23/2015 06:04:53 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (09/23/2015 06:02:53 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (09/22/2015 10:17:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\bcmihvsrv.dll
Error: (09/22/2015 10:17:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\bcmihvsrv.dll
Error: (09/22/2015 10:17:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\bcmihvsrv.dll
Error: (09/22/2015 10:17:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\bcmihvsrv.dll
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU Z3740 @ 1.33GHz
Prozentuale Nutzung des RAM: 72%
Installierter physikalischer RAM: 1933.15 MB
Verfügbarer physikalischer RAM: 529 MB
Summe virtueller Speicher: 3149.15 MB
Verfügbarer virtueller Speicher: 1055.16 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:27.78 GB) (Free:2.14 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 7B9D6AF3)
Partition: GPT.
==================== Ende vom Addition.txt ============================
|
|
23.09.2015, 20:06
| #13 |
| | Unkontrollierter Mailversand von meiner web.de-Adresse Laptop (man, hat das lange gedauert...) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e946ba1ea53a1048b2e1f26329f5cdae
# end=init
# utc_time=2015-09-23 04:13:31
# local_time=2015-09-23 06:13:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 25907
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e946ba1ea53a1048b2e1f26329f5cdae
# end=updated
# utc_time=2015-09-23 04:19:40
# local_time=2015-09-23 06:19:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e946ba1ea53a1048b2e1f26329f5cdae
# engine=25907
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-23 06:31:38
# local_time=2015-09-23 08:31:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3085 16777213 100 92 172324 22285732 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 172584 6507110 0 0
# scanned=239521
# found=175
# cleaned=0
# scan_time=7917
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R2GZCP3\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R2GZCP3\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R2GZCP3\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R2GZCP3\Wallpaper\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R2GZCP3\Wallpaper\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R2GZCP3\Wallpaper\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R56PV82\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R56PV82\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R56PV82\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R94YELL\UserMode\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R94YELL\UserMode\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R94YELL\UserMode\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R9M3RR6\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R9M3RR6\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R9M3RR6\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R9M3RR6\spuninst\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R9M3RR6\spuninst\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R9M3RR6\spuninst\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R9WBNSB\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R9WBNSB\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R9WBNSB\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R9WBNSB\spuninst\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R9WBNSB\spuninst\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$R9WBNSB\spuninst\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RAX4GZQ\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RAX4GZQ\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RAX4GZQ\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RAX4GZQ\spuninst\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RAX4GZQ\spuninst\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RAX4GZQ\spuninst\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RFFMNWY\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RFFMNWY\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RFFMNWY\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RFFMNWY\spuninst\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RFFMNWY\spuninst\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RFFMNWY\spuninst\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$ROYKK36\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$ROYKK36\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$ROYKK36\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$ROYKK36\spuninst\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$ROYKK36\spuninst\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$ROYKK36\spuninst\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB898461\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB898461\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB898461\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB898461\update\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB898461\update\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB898461\update\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB923561\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB923561\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB923561\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB923561\update\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB923561\update\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB923561\update\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB973346\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB973346\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB973346\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB973346\update\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB973346\update\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB973346\update\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB973525\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB973525\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB973525\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB973525\update\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB973525\update\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RRFFHGF\KB973525\update\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\00004109110000000000000000F01FEC\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\00004109110000000000000000F01FEC\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\00004109110000000000000000F01FEC\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\00004109A10070400000000000F01FEC\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\00004109A10070400000000000F01FEC\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\00004109A10070400000000000F01FEC\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\00004109F10070400000000000F01FEC\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\00004109F10070400000000000F01FEC\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\00004109F10070400000000000F01FEC\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RU5EJ5I\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RUCSXHM\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RUCSXHM\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RUCSXHM\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RUCSXHM\spuninst\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RUCSXHM\spuninst\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RUCSXHM\spuninst\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RY1R27D\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RY1R27D\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RY1R27D\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RY1R27D\spuninst\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RY1R27D\spuninst\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2801822355-1091776115-2282360880-1000\$RY1R27D\spuninst\DECRYPT_INSTRUCTION.URL"
sh=E94AFED79A7FA9FCD88A7784A224EEA3299D355D ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\DECRYPT_INSTRUCTION.HTML"
sh=9E8DB4D4328C0AD9F52D7031F731A0FEE9FD1394 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\DECRYPT_INSTRUCTION.TXT"
sh=2DADA46C46694A6D162D3A682D2E6578C6CEA204 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\DECRYPT_INSTRUCTION.URL"
sh=E94AFED79A7FA9FCD88A7784A224EEA3299D355D ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DECRYPT_INSTRUCTION.HTML"
sh=9E8DB4D4328C0AD9F52D7031F731A0FEE9FD1394 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DECRYPT_INSTRUCTION.TXT"
sh=2DADA46C46694A6D162D3A682D2E6578C6CEA204 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DECRYPT_INSTRUCTION.URL"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc9100.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc9101.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc9102.TXT"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc118\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc118\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc118\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc201\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc201\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc201\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Grafiken\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Grafiken\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Grafiken\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Prüfungsergebnisse Eilert\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Prüfungsergebnisse Eilert\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Prüfungsergebnisse Eilert\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Tabellen\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Tabellen\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Tabellen\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Texte\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Texte\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Texte\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Texte\Andere Texte\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Texte\Andere Texte\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Texte\Andere Texte\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Texte\Gesetzesauszüge\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Texte\Gesetzesauszüge\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Texte\Gesetzesauszüge\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Vorlagendateien Informationsverarbeitung\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Vorlagendateien Informationsverarbeitung\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc213\Vorlagendateien Informationsverarbeitung\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc9096\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc9096\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\RECYCLER\S-1-5-21-1844237615-1993962763-725345543-1003\Dc9096\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\11.0\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\11.0\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\11.0\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Vorlagen\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Vorlagen\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\WINXP\system32\config\systemprofile\Vorlagen\DECRYPT_INSTRUCTION.URL"
sh=16D58A21F8D494FC61CB7CB0EB45870A0B524A17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\ias\DECRYPT_INSTRUCTION.HTML"
sh=58539BC8794BE857F2A62400B61952F09D8045CD ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\WINXP\system32\ias\DECRYPT_INSTRUCTION.TXT"
sh=CB44B6D66CBEFD9E16F817EBFAAC30D9C78A0831 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR.Gen Trojaner" ac=I fn="C:\WINXP\system32\ias\DECRYPT_INSTRUCTION.URL"
sh=CFC7A9949B86985C7CBC72416E5322C7DB97FFED ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung" ac=I fn="D:\NCH WavePad Sound Editor Master's Edition 4.40 + Keys [RH]\NCH.WPSEME.4.40_[RH].rar"
Code:
ATTFilter Results of screen317's Security Check version 1.008
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
COMODO Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 18.0.0.232
Mozilla Firefox (40.0.3)
Mozilla Thunderbird 31.1.2 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
durchgeführt von Toshiba (Administrator) auf TOSHIBA-PC (23-09-2015 21:03:58)
Gestartet von D:\Downloads_neu
Geladene Profile: Toshiba (Verfügbare Profile: Toshiba)
Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Dropbox, Inc.) C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.915.17170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Inference Group, Cavendish Laboratory, University of Cambridge) C:\Program Files (x86)\Dasher\Dasher 4.11\Dasher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-07-29] (Synaptics Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2015-08-21] (Microsoft Corporation)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-09-21] (Comodo Security Solutions, Inc.)
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\Run: [Dropbox Update] => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-04-11]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2014-10-05]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{25efa1fc-4989-49a2-be33-a5d8d70db773}: [NameServer] 156.154.70.25,156.154.71.25
Tcpip\..\Interfaces\{25efa1fc-4989-49a2-be33-a5d8d70db773}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a1be109d-ed3e-4720-abfe-e1d318ca707a}: [NameServer] 156.154.70.25,156.154.71.25
Internet Explorer:
==================
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-16] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\support@lastpass.com [2015-08-26]
FF Extension: Garmin Communicator - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-30]
FF Extension: WOT - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-19]
FF Extension: FireFTP - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-05-30]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\ich@maltegoetz.de.xpi [2015-04-11]
FF Extension: Adblock Plus - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-11]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-04-11] (Adobe Systems) [Datei ist nicht signiert]
S2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1998520 2015-09-21] (Comodo)
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-09-21] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-09-21] (Comodo Security Solutions, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-07-30] (Microsoft Corporation)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-29] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-07-30] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-07-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-09-21] (Malwarebytes)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-07-30] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-07-10] (Realtek Semiconductor Corporation )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-30] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-23 20:52 - 2015-09-23 20:52 - 00852704 _____ C:\Users\Toshiba\Desktop\SecurityCheck.exe
2015-09-23 20:52 - 2015-09-23 20:52 - 00000000 ___HD C:\VTRoot
2015-09-23 20:46 - 2015-09-23 20:46 - 00016148 _____ C:\WINDOWS\system32\TOSHIBA-PC_Toshiba_HistoryPrediction.bin
2015-09-23 18:13 - 2015-09-23 18:13 - 02870984 _____ (ESET) C:\Users\Toshiba\Desktop\esetsmartinstaller_deu.exe
2015-09-22 19:41 - 2015-09-23 20:52 - 00003066 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-09-22 19:32 - 2015-09-22 19:32 - 00000732 _____ C:\Users\Toshiba\Desktop\JRT.txt
2015-09-22 19:01 - 2015-09-22 19:01 - 01798976 _____ (Malwarebytes) C:\Users\Toshiba\Desktop\JRT.exe
2015-09-22 18:44 - 2015-09-22 18:48 - 00000000 ____D C:\AdwCleaner
2015-09-22 18:43 - 2015-09-22 18:43 - 01662976 _____ C:\Users\Toshiba\Desktop\AdwCleaner_5.008.exe
2015-09-22 18:38 - 2015-09-22 18:38 - 00000000 ___HD C:\OneDriveTemp
2015-09-21 21:02 - 2015-09-21 21:02 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-09-21 20:48 - 2015-09-21 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo Security Solutions Inc
2015-09-21 20:38 - 2015-09-23 21:04 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-09-21 20:38 - 2015-09-21 20:38 - 00001904 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-09-21 20:38 - 2015-09-21 20:38 - 00000000 ____D C:\ProgramData\Shared Space
2015-09-21 20:36 - 2015-09-21 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-09-21 20:36 - 2015-09-21 20:37 - 00000000 ____D C:\Program Files\COMODO
2015-09-21 20:36 - 2015-09-21 20:36 - 00001205 _____ C:\Users\Public\Desktop\Internet (Chromodo).lnk
2015-09-21 20:36 - 2015-09-21 20:36 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Comodo
2015-09-21 20:32 - 2015-09-21 20:38 - 00000000 ____D C:\ProgramData\Comodo
2015-09-21 20:25 - 2015-09-21 20:25 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2015-09-21 19:33 - 2015-09-21 19:33 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Toshiba\Desktop\tdsskiller.exe
2015-09-21 17:55 - 2015-09-21 20:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-21 17:55 - 2015-09-21 18:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-21 17:55 - 2015-09-21 17:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-21 17:54 - 2015-09-21 17:54 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-21 17:53 - 2015-09-21 19:18 - 00000000 ____D C:\Users\Toshiba\Desktop\mbar
2015-09-20 19:23 - 2015-09-23 21:04 - 00000000 ____D C:\FRST
2015-09-15 08:31 - 2015-09-15 08:31 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-15 08:31 - 2015-09-15 08:31 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-15 08:31 - 2015-09-15 08:31 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-15 08:31 - 2015-09-15 08:31 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-15 08:31 - 2015-09-15 08:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-15 08:30 - 2015-09-15 08:30 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-15 08:30 - 2015-09-15 08:30 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-15 08:30 - 2015-09-15 08:30 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-15 08:30 - 2015-09-15 08:30 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-15 08:30 - 2015-09-15 08:30 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-15 08:30 - 2015-09-15 08:30 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-15 08:30 - 2015-09-15 08:30 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-15 08:30 - 2015-09-15 08:30 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-15 08:30 - 2015-09-15 08:30 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-15 08:30 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-09-15 08:01 - 2015-09-15 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-14 17:57 - 2015-09-21 19:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-14 17:31 - 2015-09-14 17:31 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-03 12:52 - 2015-09-03 12:52 - 00579408 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-09-03 12:52 - 2015-09-03 12:52 - 00445472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-08-27 19:10 - 2015-08-27 19:12 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Garmin_Ltd._or_its_subsid
2015-08-27 19:10 - 2015-08-27 19:10 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\Garmin
2015-08-27 19:10 - 2015-08-27 19:10 - 00000000 ____D C:\ProgramData\Garmin
2015-08-27 19:10 - 2015-08-27 19:10 - 00000000 ____D C:\Program Files\DIFX
2015-08-27 19:09 - 2015-09-15 08:02 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-27 19:09 - 2015-09-15 08:01 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-08-27 19:09 - 2015-09-15 08:01 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-08-27 19:04 - 2015-08-27 19:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-25 18:27 - 2015-08-25 18:27 - 00001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Annotator.lnk
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-23 21:02 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-23 20:52 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-23 20:38 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-23 20:37 - 2015-07-10 14:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-23 20:32 - 2015-06-23 18:22 - 00001232 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000UA.job
2015-09-23 18:07 - 2015-04-13 16:14 - 00000000 ___RD C:\Users\Toshiba\Dropbox
2015-09-23 18:07 - 2015-04-13 16:03 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\Dropbox
2015-09-23 18:07 - 2015-04-11 15:09 - 00000000 ____D C:\Users\Toshiba\OneDrive
2015-09-22 18:52 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-22 18:51 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-21 22:35 - 2015-07-10 14:20 - 00015720 _____ C:\WINDOWS\setupact.log
2015-09-21 21:40 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-21 20:51 - 2015-07-30 21:19 - 00007906 _____ C:\WINDOWS\PFRO.log
2015-09-21 20:39 - 2015-07-10 18:34 - 02368200 _____ C:\WINDOWS\system32\perfh007.dat
2015-09-21 20:39 - 2015-07-10 18:34 - 00696388 _____ C:\WINDOWS\system32\perfc007.dat
2015-09-21 19:34 - 2015-07-10 13:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-21 19:34 - 2015-07-10 13:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-21 19:22 - 2015-07-10 14:20 - 00339232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-21 19:21 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Resources
2015-09-21 19:21 - 2014-10-05 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-21 19:19 - 2015-07-10 18:44 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-21 19:19 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-21 19:19 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-20 17:01 - 2014-10-05 12:16 - 00089648 _____ C:\Users\Toshiba\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-20 15:32 - 2015-06-23 18:21 - 00001180 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000Core.job
2015-09-16 18:27 - 2015-07-30 21:53 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Packages
2015-09-15 20:31 - 2014-10-05 12:55 - 00000000 ____D C:\Users\Toshiba\AppData\Local\Microsoft Help
2015-09-15 10:54 - 2014-09-24 00:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-15 10:45 - 2014-09-24 00:18 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-09-15 08:07 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-15 08:07 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-15 08:07 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-14 17:30 - 2015-07-30 22:08 - 00002412 _____ C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-25 18:27 - 2015-06-23 18:56 - 00001169 _____ C:\Users\Public\Desktop\PDF Annotator.lnk
2015-08-25 18:27 - 2015-06-23 18:56 - 00000000 ____D C:\Users\Toshiba\AppData\Local\PDF Annotator
2015-08-25 18:27 - 2015-06-23 18:55 - 00000000 ____D C:\Program Files (x86)\PDF Annotator
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-07-30 21:24 - 2015-07-30 21:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\Toshiba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphcodvm.dll
C:\Users\Toshiba\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-21 21:40
==================== Ende von FRST.txt ============================
|
|
24.09.2015, 18:44
| #14 |
| | Unkontrollierter Mailversand von meiner web.de-AdresseCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015
durchgeführt von Toshiba (2015-09-23 21:05:35)
Gestartet von D:\Downloads_neu
Windows 10 Pro (X64) (2015-07-30 19:51:57)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2801822355-1091776115-2282360880-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2801822355-1091776115-2282360880-503 - Limited - Disabled)
Gast (S-1-5-21-2801822355-1091776115-2282360880-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2801822355-1091776115-2282360880-1002 - Limited - Enabled)
Toshiba (S-1-5-21-2801822355-1091776115-2282360880-1000 - Administrator - Enabled) => C:\Users\Toshiba
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Chromodo (HKLM-x32\...\Chromodo) (Version: 44.5.7.269 - Comodo)
COMODO Internet Security Premium (HKLM\...\{38F898C8-272F-455F-9BD6-71FEBA3E4AF5}) (Version: 8.2.0.4703 - COMODO Security Solutions Inc.)
Dasher 4.11 (HKLM-x32\...\{BD8ECD28-2D32-11DF-8D17-000423472618}) (Version: 4.11 - The Dasher Project)
Dropbox (HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Drucken in PDF Annotator (novaPDF OEM 7.7 printer) (HKLM\...\Drucken in PDF Annotator_is1) (Version: 7.7.400 - Softland)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
GeekBuddy (HKLM\...\{A09AEC8C-5054-4E92-93DE-EA0B8C73BCF2}) (Version: 4.21.144 - Comodo Security Solutions Inc)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
PDF Annotator 5.0.0.510 (HKLM-x32\...\PDFAnnotator_is1) (Version: 5.0.0.510 - GRAHL software design)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2801822355-1091776115-2282360880-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {08287FC4-597D-49DC-9CE0-4DF80BC47E27} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {0E2482CB-BFF8-4F24-B75F-3CCC09E1C4A9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {111EA2CE-F859-448B-9ED9-FAF56C32E31C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {11EA62AB-37B6-4F82-A329-5306E660C027} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1556FD00-6F8B-4DF0-9EFB-B8E19BD5DA15} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000UA => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {1C10BD95-F2CD-4381-80E6-20E605875FF5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {2103F928-292F-458B-9B09-3643CC3F9D3D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {3C1D1AE7-AA25-4777-8434-430061037C60} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-09-15] (Microsoft Corporation)
Task: {4CB79202-2777-47BF-89E8-B352BF0BD828} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {54D73F89-2F79-47D8-8768-528044CB35A3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {5C3A1012-54C3-498D-A023-95D1D5A63189} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {5C5DBC61-1CC7-4CBD-A55F-DAF786B36AB4} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)
Task: {60E07D6A-8489-4748-B451-DB6384C3375C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {61847A8B-8D98-4667-972C-A14D953B5FCF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {63C3003F-E160-41D1-8B42-03E86AFAD4AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {64FF3EE7-71C3-4CDA-9004-915BB1489C50} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {6C19EACD-BFE3-4010-A7AD-398E120EEA3C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {75A46DE7-3667-4153-99F2-C5AE383D1658} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {7C0004BE-6C72-4348-9D3B-888F95DAA41B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {81CE33A9-C813-4A1C-9992-CB09481B7434} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-19] (Adobe Systems Incorporated)
Task: {84E958F4-6C79-4E3E-B697-D645252DE1CC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {93C9AAF2-F374-4F9D-B8E4-D97348BA4AAF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {96999D0E-1C1E-4AD2-ACB4-228CEDD38265} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {9AD39AE9-03C8-4B8C-B448-EAEC66AB88F1} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {A0FF1C4C-B44D-432C-AFCB-8A38CAAB8ADC} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> Keine Datei <==== ACHTUNG
Task: {A1D2109E-AD43-4A83-B17C-E99DC539FC6E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {A7EC3CFE-3CF3-411C-86CD-4AC7730D20ED} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {AA05C488-2E79-4381-B379-AC2E3A33DDA1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {AB1AF363-146B-4DA2-BA03-124C90920086} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C4351641-3822-48E7-A73D-FAE74B7ABBBA} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)
Task: {C6D393DE-0343-436A-A56A-A0C5D179F86B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {C732980D-55DB-4BA9-8EB2-1F6AE0906CDC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {C797185C-1CF2-4D34-8F0A-3F855F26C417} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {C8699267-9955-45B1-9916-6CCD099BAF7F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {D0EAFBC6-0D10-4CAF-8CD8-62C3F1C52E6C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {DA9E374E-0F90-4978-89D9-5AC824DCF5CA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {E1C0F344-E15E-40DE-82F8-59090A871A64} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {E5261A67-4ED1-4597-A919-581648F89B7F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E6B8BAF0-787F-488D-BCA5-45DAA9063407} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {E8985E9B-C403-4371-A010-218F5C0E4582} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {F0C3B15F-ECF0-44FC-AB58-362ACBA481AA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F8EA873F-16B3-40D1-B532-1720139FA890} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {F98CD2F3-64FA-48E3-B91F-60550D67CCE9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FBD43E5A-FDF6-4D02-9092-B93E8A5F3014} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000Core => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {FCB2BB03-7BBF-49A1-B508-61106E5CB1C8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {FFB50075-3CCF-4563-8E78-922F2DCBF12E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000Core.job => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2801822355-1091776115-2282360880-1000UA.job => C:\Users\Toshiba\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-10 13:00 - 2015-07-10 13:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-07-30 22:10 - 2015-07-30 22:10 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-15 08:30 - 2015-09-15 08:30 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:43 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-19 12:32 - 2015-08-19 12:32 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 18:43 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-09-20 11:46 - 2015-09-20 11:46 - 00012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.915.17170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-09-20 11:46 - 2015-09-20 11:46 - 10712576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.915.17170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-09-20 11:46 - 2015-09-20 11:46 - 00500224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.915.17170.0_x64__8wekyb3d8bbwe\Lumia.SequencePlayer.UAP.dll
2015-09-23 18:07 - 2015-09-23 18:07 - 00071168 _____ () c:\users\toshiba\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphcodvm.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00012800 _____ () C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00779776 _____ () C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 20:39 - 2015-08-05 07:26 - 00056320 _____ () C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 23:45 - 2015-08-05 07:26 - 00012288 _____ () C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-08-25 18:18 - 2015-08-25 18:18 - 01020928 _____ () C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\be8kg3a2.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2007-06-05 14:23 - 2007-06-05 14:23 - 00151552 _____ () C:\Program Files (x86)\Dasher\Dasher 4.11\libexpat.dll
2015-07-10 13:00 - 2015-07-10 13:00 - 01021792 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll
2015-07-10 13:00 - 2015-07-10 13:00 - 00528384 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ceutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\configmanager2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coredpus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack_win.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagtrack_wininternal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\directmanipulation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fwpolicyiomgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkcoiC611.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkinsC611.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hpinkstsC611LM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerShellext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationFrameworkInternalPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationGeofences.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationPermissions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NotificationControllerPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NotificationObjFactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\novamiv7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\novamnv7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prm0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rapiproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsNativeApi.V2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Notifications.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModelShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syncutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tetheringclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tetheringservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tileobjserver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VEDataLayerHelpers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VEEventDispatcher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VoiceActivationManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcescommproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.PicturePassword.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmcoinst-070531-0952.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuautoappupdate.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ceutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\directmanipulation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmlmedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NotificationObjFactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rapiproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tetheringclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VEEventDispatcher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VoiceActivationManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcescommproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msgpiowin32.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdyboost.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Thotkey.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tunnel.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wof.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\Users\Toshiba\Desktop\AdwCleaner_5.008.exe:$CmdTcID
AlternateDataStreams: C:\Users\Toshiba\Desktop\AdwCleaner_5.008.exe:$CmdZnID
AlternateDataStreams: C:\Users\Toshiba\Desktop\esetsmartinstaller_deu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Toshiba\Desktop\esetsmartinstaller_deu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Toshiba\Desktop\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Toshiba\Desktop\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Toshiba\Desktop\SecurityCheck.exe:$CmdTcID
AlternateDataStreams: C:\Users\Toshiba\Desktop\SecurityCheck.exe:$CmdZnID
AlternateDataStreams: C:\Users\Toshiba\Desktop\tdsskiller.exe:$CmdTcID
AlternateDataStreams: C:\Users\Toshiba\Desktop\tdsskiller.exe:$CmdZnID
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2801822355-1091776115-2282360880-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Toshiba\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop-hintergrund.bmp
DNS Servers: 156.154.70.25 - 156.154.71.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{807475DA-0205-4113-AEEE-5AF566EA7A6E}] => (Allow) C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{907C6B85-1989-4C3C-8514-B458F462847C}] => (Allow) C:\Users\Toshiba\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{68BA6026-2831-45B8-93A2-089D7C57695E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{272776C8-4FCE-4428-8C5C-A0760AD5115F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7455D731-38E3-4242-85C7-6ADC69F39E59}] => (Allow) C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\OneDrive.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/23/2015 09:03:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (09/23/2015 08:49:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (09/23/2015 08:36:17 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1100) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/23/2015 08:36:17 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1100) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/23/2015 08:36:07 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1100) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/23/2015 08:36:07 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1100) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/23/2015 08:35:57 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1100) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/23/2015 08:35:57 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1100) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/23/2015 08:35:46 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1100) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/23/2015 08:35:46 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1100) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Systemfehler:
=============
Error: (09/23/2015 06:19:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/23/2015 06:19:36 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Toshiba\AppData\Local\Temp\ehdrv.sys
Error: (09/23/2015 06:19:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/23/2015 06:19:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Toshiba\AppData\Local\Temp\ehdrv.sys
Error: (09/23/2015 06:19:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/23/2015 06:19:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Toshiba\AppData\Local\Temp\ehdrv.sys
Error: (09/23/2015 06:14:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/23/2015 06:14:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Toshiba\AppData\Local\Temp\ehdrv.sys
Error: (09/23/2015 06:14:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (09/23/2015 06:14:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Toshiba\AppData\Local\Temp\ehdrv.sys
CodeIntegrity:
===================================
Date: 2015-09-23 20:58:58.379
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-23 20:49:18.524
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-23 18:13:22.949
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-23 18:06:50.257
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-22 21:46:25.423
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-22 19:39:49.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-22 19:01:20.646
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-22 18:53:46.401
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-22 18:43:45.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-22 18:36:50.330
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: AMD V140 Processor
Prozentuale Nutzung des RAM: 52%
Installierter physikalischer RAM: 3835.69 MB
Verfügbarer physikalischer RAM: 1821 MB
Summe virtueller Speicher: 7675.69 MB
Verfügbarer virtueller Speicher: 5365.62 MB
==================== Laufwerke ================================
Drive c: (SYSTEM) (Fixed) (Total:97.66 GB) (Free:40.89 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (DATA) (Fixed) (Total:135.23 GB) (Free:133.32 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 441A53E7)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135.2 GB) - (Type=OF Extended)
==================== Ende von Addition.txt ============================
Trotz Mail-Versand gestern, keine weitere Spam-Welle Geändert von Nessarose (23.09.2015 um 20:33 Uhr) |
|
25.09.2015, 17:58
| #15 |
| /// the machine /// TB-Ausbilder | Unkontrollierter Mailversand von meiner web.de-Adresse Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$Recycle.Bin
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
C:\RECYCLER
C:\WINXP\system32\config\systemprofile\DECRYPT_INSTRUCTION.HTML
C:\WINXP\system32\config\systemprofile\DECRYPT_INSTRUCTION.TXT
C:\WINXP\system32\config\systemprofile\DECRYPT_INSTRUCTION.URL
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\DECRYPT_INSTRUCTION.HTML
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\DECRYPT_INSTRUCTION.TXT
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\DECRYPT_INSTRUCTION.URL
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\DECRYPT_INSTRUCTION.HTML
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\DECRYPT_INSTRUCTION.TXT
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\DECRYPT_INSTRUCTION.URL
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\DECRYPT_INSTRUCTION.HTML
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\DECRYPT_INSTRUCTION.TXT
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\DECRYPT_INSTRUCTION.URL
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.URL
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\DECRYPT_INSTRUCTION.HTML
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\DECRYPT_INSTRUCTION.TXT
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\DECRYPT_INSTRUCTION.URL
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\11.0\DECRYPT_INSTRUCTION.HTML
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\11.0\DECRYPT_INSTRUCTION.TXT
C:\WINXP\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\11.0\DECRYPT_INSTRUCTION.URL
C:\WINXP\system32\config\systemprofile\Vorlagen\DECRYPT_INSTRUCTION.HTML
C:\WINXP\system32\config\systemprofile\Vorlagen\DECRYPT_INSTRUCTION.TXT
C:\WINXP\system32\config\systemprofile\Vorlagen\DECRYPT_INSTRUCTION.URL
C:\WINXP\system32\ias\DECRYPT_INSTRUCTION.HTML
C:\WINXP\system32\ias\DECRYPT_INSTRUCTION.TXT
C:\WINXP\system32\ias\DECRYPT_INSTRUCTION.URL
D:\NCH WavePad Sound Editor Master's Edition 4.40 + Keys [RH]\NCH.WPSEME.4.40_[RH].rar
Task: {4CB79202-2777-47BF-89E8-B352BF0BD828} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {54D73F89-2F79-47D8-8768-528044CB35A3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {61847A8B-8D98-4667-972C-A14D953B5FCF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {63C3003F-E160-41D1-8B42-03E86AFAD4AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {84E958F4-6C79-4E3E-B697-D645252DE1CC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {96999D0E-1C1E-4AD2-ACB4-228CEDD38265} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {A0FF1C4C-B44D-432C-AFCB-8A38CAAB8ADC} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> Keine Datei <==== ACHTUNG
Task: {A1D2109E-AD43-4A83-B17C-E99DC539FC6E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {A7EC3CFE-3CF3-411C-86CD-4AC7730D20ED} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {AA05C488-2E79-4381-B379-AC2E3A33DDA1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {C8699267-9955-45B1-9916-6CCD099BAF7F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {D0EAFBC6-0D10-4CAF-8CD8-62C3F1C52E6C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung:Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Unkontrollierter Mailversand von meiner web.de-Adresse |
| avira, checken, community, direkt, erneut, gen, gestern, geändert, heute, kontrollierter, laptop, mails, nachrichten, neue, papierkorb, passwort, posteingang, problem, spam, unbekannte, unkontrollierter, urlaub, win, woche, wochen |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
