|
Log-Analyse und Auswertung: Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung PopupWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.11.2015, 19:46 | #1 |
| Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung Popup Hi, mein kleiner Bruder hat mir seinen Laptop gebracht "weil er ziemlich langsam geworden ist" Boot dauert etwa 2Minuten, es sind viele Seltsame prozesse , die nur aus Random Buchstaben bestehen im Taskmanager zu finden und allgemein läuft alles sehr langsam. ich Hoffe ihr könnt mir helfen, die Probleme zu beseitigen Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:05 on 25/11/2015 (tokoma) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-11-2015 durchgeführt von tokoma (Administrator) auf TOKO (25-11-2015 19:09:34) Gestartet von C:\Users\tokoma\Desktop Geladene Profile: tokoma (Verfügbare Profile: tokoma) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\tokoma\Desktop\Defogger.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-15] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\MountPoints2: {02627817-285f-11e4-8252-806e6f6e6963} - "E:\autorun.exe" ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) ProxyEnable: [.DEFAULT] => Proxy ist aktiviert. ProxyServer: [.DEFAULT] => http=127.0.0.1:62992;https=127.0.0.1:62992 Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{5C8B1A66-6F46-4E47-B6CF-280D94F05E04}: [DhcpNameServer] 192.13.128.24 Tcpip\..\Interfaces\{E72CCE24-6189-43F5-9E5E-5EC6FB4BB621}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKLM -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-655055617-1888823773-2012408708-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-09-21] (IObit) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-14] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-14] (Oracle Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-14] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-03] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () Chrome: ======= CHR dev: Chrome dev build erkannt! <======= ACHTUNG CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1442258229&z=5d3e89d9d390ba01647ea52g6zdzfo3o0w3b3e7z1e&from=cmi&uid=ST1000LM024XHN-M101MBB_S32XJ9EF641803 CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1442258229&z=5d3e89d9d390ba01647ea52g6zdzfo3o0w3b3e7z1e&from=cmi&uid=ST1000LM024XHN-M101MBB_S32XJ9EF641803" CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M93C99B2A-59AF-4A63-99D7-DBDCE7398FC8&SearchSource=58&CUI=&UM=8&UP=SPC44D3508-E3BA-45F6-ADE2-52DC81727624&D=080415&q={searchTerms}&SSPV=SP3010TB_sp_ch CHR DefaultSearchKeyword: Default -> trovi.search CHR DefaultNewTabURL: Default -> hxxps://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M93C99B2A-59AF-4A63-99D7-DBDCE7398FC8&SearchSource=69&CUI=&SSPV=SP3010TB_sp_ch&lay=5&p=cnts&UM=8&UP=SPC44D3508-E3BA-45F6-ADE2-52DC81727624&SAT=CNTS&D=080415 CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}&SSPV=SP3010TB_sp_ch CHR Profile: C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-28] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ACHTUNG CHR Extension: (Google Drive) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25] CHR Extension: (YouTube) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25] CHR Extension: (Google-Suche) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-28] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ACHTUNG CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ACHTUNG CHR Extension: (Google Mail) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [Datei ist nicht signiert] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-05-27] (Elex do Brasil Participações Ltda) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-25] (Atheros) [Datei ist nicht signiert] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.) R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34712 2015-08-04] () S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [108616 2015-05-27] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [50944 2015-05-27] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [102416 2015-05-27] (Elex do Brasil Participações Ltda) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-28] (Intel Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-28 14:20 - 2016-07-28 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-07-28 14:20 - 2015-11-24 22:48 - 00002423 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-07-28 14:18 - 2015-11-25 01:25 - 00000000 ____D C:\Program Files (x86)\BrowserPro App 2016-07-28 14:15 - 2016-07-28 14:20 - 00000000 ____D C:\Program Files (x86)\Google 2016-07-28 14:15 - 2015-11-24 23:53 - 00000000 ____D C:\Users\tokoma\AppData\Local\Google 2016-07-24 15:31 - 2015-11-25 00:34 - 00000000 ____D C:\Program Files\Common Files\AV 2016-07-02 14:47 - 2016-07-02 14:47 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\OneSafe PC Cleaner 2016-07-02 14:47 - 2015-11-25 18:33 - 00000000 ____D C:\Users\tokoma\Documents\OneSafe PC Cleaner 2016-07-02 14:47 - 2015-11-25 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSafe PC Cleaner 2016-06-19 14:45 - 2016-07-28 13:29 - 00000000 ____D C:\Windows\Minidump 2016-06-19 14:45 - 2016-07-27 15:16 - 640785184 _____ C:\Windows\MEMORY.DMP 2016-06-18 17:52 - 2015-08-01 06:52 - 00000226 _____ C:\Users\tokoma\AppData\Roaming\WB.CFG 2016-06-18 15:53 - 2016-06-18 15:54 - 00000000 ____D C:\Users\tokoma\AppData\Local\Chromium 2015-11-25 19:09 - 2015-11-25 19:10 - 00018302 _____ C:\Users\tokoma\Desktop\FRST.txt 2015-11-25 19:09 - 2015-11-25 19:09 - 00000000 ____D C:\FRST 2015-11-25 19:08 - 2015-11-25 19:08 - 00380416 _____ C:\Users\tokoma\Desktop\Gmer-19357.exe 2015-11-25 19:06 - 2015-11-25 19:06 - 02348032 _____ (Farbar) C:\Users\tokoma\Desktop\FRST64.exe 2015-11-25 19:05 - 2015-11-25 19:05 - 00000000 _____ C:\Users\tokoma\defogger_reenable 2015-11-25 19:03 - 2015-11-25 19:03 - 00050477 _____ C:\Users\tokoma\Desktop\Defogger.exe 2015-11-25 18:44 - 2015-11-25 18:44 - 00000000 ____D C:\Users\tokoma\AppData\Local\TeamViewer 2015-11-25 18:43 - 2015-11-25 18:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-11-25 18:43 - 2015-11-25 18:43 - 00001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-11-25 18:43 - 2015-11-25 18:43 - 00001045 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-11-25 18:42 - 2015-11-25 18:43 - 08202040 _____ (TeamViewer GmbH) C:\Users\tokoma\Downloads\TeamViewer_Setup_de.exe 2015-11-25 00:35 - 2015-11-25 00:35 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\AVG 2015-11-25 00:34 - 2015-11-25 00:34 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\TuneUp Software 2015-11-25 00:34 - 2015-11-25 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-11-25 00:31 - 2015-11-25 00:31 - 00000000 ___HD C:\$AVG 2015-11-25 00:24 - 2015-11-25 18:52 - 00000000 ____D C:\ProgramData\MFAData 2015-11-25 00:24 - 2015-11-25 00:24 - 00000954 _____ C:\Users\Public\Desktop\AVG.lnk 2015-11-25 00:24 - 2015-11-25 00:24 - 00000000 ____D C:\Users\tokoma\AppData\Local\MFAData 2015-11-25 00:24 - 2015-11-25 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-11-25 00:21 - 2015-11-25 00:31 - 00000000 ____D C:\ProgramData\Avg 2015-11-25 00:21 - 2015-11-25 00:28 - 00000000 ____D C:\Program Files (x86)\AVG 2015-11-25 00:20 - 2015-11-25 00:35 - 00000000 ____D C:\Users\tokoma\AppData\Local\Avg 2015-11-25 00:20 - 2015-11-25 00:23 - 00000000 ____D C:\Users\tokoma\AppData\Local\AvgSetupLog 2015-11-25 00:19 - 2015-11-25 00:19 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-25 00:12 - 2015-11-25 01:24 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV25.10 2015-11-25 00:11 - 2015-11-25 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBrowser 2015-11-25 00:10 - 2015-11-25 00:10 - 00000000 ____D C:\Program Files (x86)\MyBrowser 2015-11-25 00:04 - 2015-11-25 00:04 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\ProductData 2015-11-25 00:03 - 2015-11-25 00:25 - 00002392 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_tokoma 2015-11-25 00:03 - 2015-11-25 00:25 - 00000290 _____ C:\Windows\Tasks\Uninstaller_SkipUac_tokoma.job 2015-11-25 00:03 - 2015-11-25 00:03 - 00001384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk 2015-11-25 00:03 - 2015-11-25 00:03 - 00001372 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\LocalLow\IObit 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\Local\DesktopSearch 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\ProgramData\ProductData 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\ProgramData\IObit 2015-11-25 00:02 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\IObit 2015-11-25 00:02 - 2015-11-25 00:03 - 00000000 ____D C:\Program Files (x86)\IObit 2015-11-24 23:48 - 2015-11-25 18:48 - 00000081 _____ C:\Users\tokoma\AppData\Roaming\sp_data.sys 2015-11-24 23:46 - 2015-11-24 23:46 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Elex-tech 2015-11-24 23:35 - 2015-11-24 23:35 - 00009493 _____ C:\Users\tokoma\Desktop\JRT.txt 2015-11-24 23:31 - 2015-11-24 23:31 - 00000000 _____ C:\Recovery.txt 2015-11-24 22:54 - 2015-11-24 23:41 - 00000000 ____D C:\AdwCleaner 2015-11-24 22:37 - 2015-11-24 22:37 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\kingsoft 2015-10-30 19:06 - 2015-11-04 16:46 - 00001125 _____ C:\Users\tokoma\Desktop\nativelog.txt 2015-10-30 18:52 - 2015-10-30 18:52 - 00001142 _____ C:\Users\tokoma\Desktop\Willkommen zur ASUS Produktregistrierung.lnk 2015-10-30 17:00 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-10-30 17:00 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-10-30 16:58 - 2015-09-10 19:02 - 25851392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-10-30 16:58 - 2015-09-10 18:19 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-10-30 16:58 - 2015-09-10 18:18 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-10-30 16:58 - 2015-09-10 18:14 - 05990400 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-10-30 16:58 - 2015-09-10 18:09 - 20358144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-10-30 16:58 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-10-30 16:58 - 2015-09-10 18:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-10-30 16:58 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-10-30 16:58 - 2015-09-10 17:39 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-10-30 16:58 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-10-30 16:58 - 2015-09-10 17:33 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-10-30 16:58 - 2015-09-10 17:28 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-10-30 16:58 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-10-30 16:58 - 2015-09-10 17:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-10-30 16:58 - 2015-09-10 17:24 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-10-30 16:58 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-10-30 16:58 - 2015-09-10 17:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-10-30 16:58 - 2015-09-10 17:19 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-10-30 16:58 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-10-30 16:58 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-10-30 16:58 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-10-30 16:58 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-10-30 16:58 - 2015-09-10 17:02 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-10-30 16:58 - 2015-09-10 17:01 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-10-30 16:58 - 2015-09-10 17:00 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-10-30 16:58 - 2015-09-10 16:57 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-10-30 16:58 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-10-30 16:58 - 2015-09-10 16:55 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-10-30 16:58 - 2015-09-10 16:45 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-10-30 16:58 - 2015-09-10 16:34 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-10-30 16:58 - 2015-09-10 16:31 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-10-30 16:58 - 2015-09-10 16:27 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-10-30 16:58 - 2015-09-10 16:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-10-30 16:58 - 2015-07-16 21:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-10-30 16:58 - 2015-07-16 20:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-10-30 16:58 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-10-30 16:58 - 2015-07-16 20:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-10-30 16:58 - 2015-07-16 19:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-10-30 16:57 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-10-30 16:57 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-10-30 16:57 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-10-30 16:57 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-10-30 16:57 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-10-30 16:57 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-10-30 16:56 - 2015-10-30 16:58 - 00000044 _____ C:\Users\tokoma\Desktop\Fuc! U Virus.txt 2015-10-30 16:54 - 2015-10-30 16:54 - 00000000 ____D C:\ProgramData\kingsoft 2015-10-30 16:54 - 2015-09-29 13:29 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-10-30 16:54 - 2015-09-28 19:45 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-10-30 16:54 - 2015-09-28 19:26 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-10-30 16:54 - 2015-09-28 19:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-10-30 16:54 - 2015-09-28 19:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-10-30 16:54 - 2015-09-28 19:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-10-30 16:54 - 2015-09-28 19:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-10-30 16:54 - 2015-09-28 19:22 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-10-30 16:54 - 2015-09-28 19:22 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-10-30 16:54 - 2015-09-28 19:15 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-10-30 16:54 - 2015-09-28 19:13 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-10-30 16:54 - 2015-09-28 19:12 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-10-30 16:54 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-10-30 16:42 - 2015-07-14 04:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-10-30 16:42 - 2015-07-14 04:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-10-30 16:42 - 2015-07-10 18:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-10-30 16:42 - 2015-07-10 17:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-10-30 16:42 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-10-30 16:42 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-10-30 16:42 - 2015-07-09 17:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-28 12:47 - 2014-09-30 16:23 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{165E99F4-4F00-4F10-8F2D-DEE576ACF2BD} 2016-07-28 12:46 - 2015-05-13 16:19 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1 2016-07-28 12:46 - 2015-05-13 16:19 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2 2016-07-19 19:29 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports 2016-07-17 17:32 - 2014-10-30 14:52 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2015 2016-07-02 14:23 - 2015-01-19 15:16 - 00000000 ____D C:\Program Files (x86)\Steam 2015-11-25 19:09 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-11-25 19:06 - 2014-09-30 16:12 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-655055617-1888823773-2012408708-1001 2015-11-25 19:05 - 2014-09-30 16:06 - 00000000 ____D C:\Users\tokoma 2015-11-25 19:02 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-11-25 19:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2015-11-25 19:01 - 2014-09-30 16:06 - 00000000 ____D C:\Users\tokoma\AppData\Local\Packages 2015-11-25 18:53 - 2014-05-16 00:45 - 00765582 _____ C:\Windows\system32\perfh007.dat 2015-11-25 18:53 - 2014-05-16 00:45 - 00159366 _____ C:\Windows\system32\perfc007.dat 2015-11-25 18:53 - 2014-03-18 16:26 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-25 18:53 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2015-11-25 18:48 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-25 18:47 - 2013-08-22 15:44 - 00338072 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-25 18:46 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-11-25 18:42 - 2015-05-01 14:13 - 00206848 ___SH C:\Users\tokoma\Desktop\Thumbs.db 2015-11-25 18:40 - 2014-12-09 20:51 - 00000000 ____D C:\Users\tokoma\AppData\Local\CrashDumps 2015-11-25 13:25 - 2015-08-05 12:25 - 00000374 _____ C:\Windows\Tasks\DocControl.job 2015-11-25 02:36 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2015-11-25 01:25 - 2015-08-05 12:32 - 00000000 ____D C:\Program Files (x86)\Ghostery 2015-11-25 00:40 - 2015-08-04 10:54 - 00000000 ____D C:\ProgramData\RcMxTslM 2015-11-25 00:38 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-11-25 00:33 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-11-25 00:15 - 2014-08-20 13:12 - 00000000 ____D C:\Program Files\Common Files\mcafee 2015-11-25 00:15 - 2014-08-20 13:12 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-11-25 00:15 - 2014-08-20 13:11 - 00000000 ____D C:\ProgramData\McAfee 2015-11-24 23:43 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System 2015-11-24 23:42 - 2015-08-04 10:53 - 00000000 ____D C:\Program Files\shopperz22072015 2015-11-24 23:22 - 2015-05-29 13:11 - 00000000 ____D C:\Windows\system32\log 2015-10-30 19:08 - 2015-01-31 18:05 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\.minecraft 2015-10-30 18:01 - 2015-01-28 19:53 - 00000000 ____D C:\Windows\system32\appraiser 2015-10-30 18:01 - 2014-10-22 19:15 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-10-30 18:01 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-10-30 17:09 - 2014-10-22 19:10 - 00000000 ____D C:\Windows\system32\MRT 2015-10-30 16:55 - 2015-02-07 18:49 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\TS3Client 2015-10-30 16:53 - 2015-02-07 18:49 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2015-10-30 16:32 - 2015-02-18 13:48 - 00000000 ____D C:\Program Files (x86)\Minecraft ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-11-24 23:48 - 2015-11-25 18:48 - 0000081 _____ () C:\Users\tokoma\AppData\Roaming\sp_data.sys 2016-06-18 17:52 - 2015-08-01 06:52 - 0000226 _____ () C:\Users\tokoma\AppData\Roaming\WB.CFG 2014-08-20 12:58 - 2014-08-20 12:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-05-15 16:58 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2014-05-15 16:58 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-05-15 16:58 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS 2015-09-14 20:18 - 2015-09-14 20:18 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Einige Dateien in TEMP: ==================== C:\Users\tokoma\AppData\Local\Temp\atdl.exe C:\Users\tokoma\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\tokoma\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe C:\Users\tokoma\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881517_Silence.exe C:\Users\tokoma\AppData\Local\Temp\Quarantine.exe C:\Users\tokoma\AppData\Local\Temp\SpOrder.dll C:\Users\tokoma\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-08-04 17:57 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-11-2015 durchgeführt von tokoma (2015-11-25 19:11:09) Gestartet von C:\Users\tokoma\Desktop Windows 8.1 (X64) (2014-09-30 15:06:34) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-655055617-1888823773-2012408708-500 - Administrator - Disabled) Gast (S-1-5-21-655055617-1888823773-2012408708-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-655055617-1888823773-2012408708-1003 - Limited - Enabled) tokoma (S-1-5-21-655055617-1888823773-2012408708-1001 - Administrator - Enabled) => C:\Users\tokoma ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Air Traffic Control (HKLM-x32\...\Air Traffic Control_is1) (Version: - Nemesys Team Studio) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS) ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS) AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies) AVG (Version: 16.7.7227 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4477 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies) AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden BrowserV28.07 (HKLM-x32\...\BrowserV28.07) (Version: 1.36.01.22 - BrowserV28.07) <==== ACHTUNG CinePlus-1.44V30.10 (HKLM-x32\...\CinePlus-1.44V30.10) (Version: 1.36.01.22 - CinePlus-1.44V30.10) <==== ACHTUNG FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.) Geländewagen-Simulator 2012 (Nur entfernen) (HKLM-x32\...\{50747054-5F94-4BBC-B189-4D3F4D22C094}_is1) (Version: 1.1.1.0 - Rondomedia Marketing & Vertriebs GmbH) GIANTS Editor 6.0.2 32-bit (HKLM-x32\...\giants_editor_6.0.2_win32_is1) (Version: 6.0.2 - GIANTS Software GmbH) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.1.0.7 - IObit) Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation) Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.2.0.0 - GIANTS Software) Let's go 2 Sprachtrainer (HKLM-x32\...\{33DA5B25-479B-431E-9691-650D7293B31F}) (Version: 1.00.000 - Klett) MediaPlayerVid2.4 (HKLM-x32\...\MediaPlayerVid2.4) (Version: 1.36.01.22 - NewPlayerVideo+) <==== ACHTUNG Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Phonetik (HKLM-x32\...\{626B7EA2-B7C2-4277-AE30-A8B452A92B6C}) (Version: 1.0.0 - Ernst Klett Verlag) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent) Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ACHTUNG ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-655055617-1888823773-2012408708-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Wiederherstellungspunkte ========================= ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {1F0CFFF0-5B0F-4D02-9C88-D3E666FD98E7} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS) Task: {3127E45C-11ED-4158-8F22-DAF2A204E9D2} - System32\Tasks\Uninstaller_SkipUac_tokoma => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-10-20] (IObit) Task: {331B6CFB-7982-46B4-99B9-43AFDFEDB8EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-02] (Microsoft Corporation) Task: {40DEE9C9-64DA-4D89-82E8-7B52375748BA} - \Crossbrowse -> Keine Datei <==== ACHTUNG Task: {7BEEB586-4055-4005-ACD4-3741E7307D83} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] () Task: {A75A6BF7-3D66-49C0-8EA5-BA7084B338A1} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {AB15EBB1-52E2-495B-9D6E-F6939F7D96B8} - System32\Tasks\DocControl => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: {B740C971-DDB5-4ECF-B4E3-B9F4026B1D7C} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.) Task: {BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD} - \Papuir -> Keine Datei <==== ACHTUNG Task: {CB808FC9-7655-4728-A744-E4FA33F32F7C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.) Task: {D1403659-1623-4CAE-8D62-2ACEDCB42A2A} - \cfr3011 -> Keine Datei <==== ACHTUNG Task: {ECF238FA-98A6-4D1A-A33C-EEB7D1318599} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek) Task: {F59FBF87-D889-4982-A23A-97410AB1FA03} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {FB1C8FF6-2F5A-4E80-B1B8-EA4E448A7476} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor) Task: {FFF22234-81DA-49C7-AC22-3EEA6ECAA36E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\DocControl.job => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: C:\Windows\Tasks\Uninstaller_SkipUac_tokoma.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2014-02-24 11:59 - 2014-02-24 11:59 - 00109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll 2015-11-25 19:03 - 2015-11-25 19:03 - 00050477 _____ () C:\Users\tokoma\Desktop\Defogger.exe 2015-05-29 13:11 - 2015-05-27 10:58 - 00065696 ____N () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll 2015-05-29 13:11 - 2015-04-17 03:43 - 00176976 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll 2015-05-29 13:11 - 2015-04-17 03:43 - 00087744 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll 2015-05-29 13:11 - 2015-05-27 10:59 - 00179200 ____N () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll 2015-11-25 00:03 - 2015-09-21 10:49 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2015-11-25 00:21 - 2015-11-25 00:21 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll 2015-11-25 00:02 - 2015-09-21 10:49 - 00348960 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2015-11-25 00:02 - 2015-09-21 10:49 - 00183584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2015-11-25 00:02 - 2015-09-21 10:49 - 00050976 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2015-08-03 12:50 - 2015-07-25 09:46 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libglesv2.dll 2015-08-03 12:50 - 2015-07-25 09:46 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libegl.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "3D BubbleSound" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "rec_de_70" HKLM\...\StartupApproved\Run32: => "YTDownloader" HKLM\...\StartupApproved\Run32: => "rec_de_74" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\StartupFolder: => "crossbrowse.lnk" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_98557E2CC4C9D57801F5B3619084BEF7" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "Gameo" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_EC762B715C225D87E1C23535A3EDCE73" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "SPDriver" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "YTDownloader" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{192477CF-8B53-4A83-B511-06315D696FA8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{A46D567D-5F9A-45CE-8BD6-890EC3EB6BC7}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{DF697040-F386-4FF9-B8B3-78333930FC9E}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{68136F48-6499-49A1-B039-D32581004614}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{2F937C3E-8AFD-44AD-AB66-AE5762095737}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{3CD82484-EE38-472E-9304-DAC40B574B8D}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [{53D0D9B3-2293-428B-881D-FD2BA123DB9B}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [{5E0942ED-7728-4D3C-B997-F4DC8F76EF73}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{23E7DC91-7F7C-444F-BF78-4833B471F527}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8BE086D3-3024-49A0-8651-9AEE792804DE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{69A2C892-1AFE-40E8-91D8-E0DAB77503C0}] => (Allow) C:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe FirewallRules: [{55F25D8D-8DC3-47AB-9370-5B9593DCCC26}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{4071443B-2F56-4F46-86CD-B1B1FC0429F0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{F3F8E757-1B34-4FE5-82E2-9C3701D6C78B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{4215CA2E-7145-4E56-AD68-0032B44420D8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{7B88681B-E215-46FD-BF11-263AB3B8CB12}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F0E6401B-A50B-4641-B255-86120DCB97ED}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F016DAB6-D3AF-4775-A4A9-7CB3A3E73ECC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{27EFDCE1-6AA4-4DEA-90A0-FA328EE8F9AC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{9D2D8176-4985-4084-8A95-9349EA4C6A05}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{C45A982F-8F22-4BE1-A437-95EA71638B02}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E5885FF4-72C1-4601-89DC-52B6F373EF7A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{8BFCF986-C7C4-4C7E-A779-7F32051419D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (11/25/2015 06:34:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xfa8 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Vollständiger Name des fehlerhaften Pakets: mbam.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5 Error: (11/25/2015 02:39:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.8.0, Zeitstempel: 0x53f64d6c Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.8.0, Zeitstempel: 0x53f64d6c Ausnahmecode: 0x40000015 Fehleroffset: 0x0008f746 ID des fehlerhaften Prozesses: 0x1340 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5 Error: (11/25/2015 00:11:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_Schedule, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: iSafeSrvMon64.dll, Version: 6.1.45.23411, Zeitstempel: 0x5500213f Ausnahmecode: 0xc0000409 Fehleroffset: 0x0000000000005ceb ID des fehlerhaften Prozesses: 0x358 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Schedule0 Pfad der fehlerhaften Anwendung: svchost.exe_Schedule1 Pfad des fehlerhaften Moduls: svchost.exe_Schedule2 Berichtskennung: svchost.exe_Schedule3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_Schedule4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Schedule5 Error: (11/24/2015 11:57:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (11/24/2015 11:45:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336 Ausnahmecode: 0xc000000d Fehleroffset: 0x0000000000101e60 ID des fehlerhaften Prozesses: 0x62c Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0 Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1 Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2 Berichtskennung: svchost.exe_DiagTrack3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_DiagTrack4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_DiagTrack5 Error: (11/24/2015 11:43:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_Schedule, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: iSafeSrvMon64.dll, Version: 6.1.45.23411, Zeitstempel: 0x5500213f Ausnahmecode: 0xc0000409 Fehleroffset: 0x0000000000005ceb ID des fehlerhaften Prozesses: 0x1bc8 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Schedule0 Pfad der fehlerhaften Anwendung: svchost.exe_Schedule1 Pfad des fehlerhaften Moduls: svchost.exe_Schedule2 Berichtskennung: svchost.exe_Schedule3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_Schedule4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Schedule5 Error: (11/24/2015 11:37:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (11/24/2015 11:31:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_Schedule, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: iSafeSrvMon64.dll, Version: 6.1.45.23411, Zeitstempel: 0x5500213f Ausnahmecode: 0xc0000409 Fehleroffset: 0x0000000000005ceb ID des fehlerhaften Prozesses: 0x3a8 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Schedule0 Pfad der fehlerhaften Anwendung: svchost.exe_Schedule1 Pfad des fehlerhaften Moduls: svchost.exe_Schedule2 Berichtskennung: svchost.exe_Schedule3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_Schedule4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Schedule5 Error: (11/24/2015 11:25:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (11/24/2015 10:56:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: BrowserHelper.exe, Version: 1.7.0.0, Zeitstempel: 0x55c1de0f Name des fehlerhaften Moduls: BrowserHelper.exe, Version: 1.7.0.0, Zeitstempel: 0x55c1de0f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00026115 ID des fehlerhaften Prozesses: 0x1004 Startzeit der fehlerhaften Anwendung: 0xBrowserHelper.exe0 Pfad der fehlerhaften Anwendung: BrowserHelper.exe1 Pfad des fehlerhaften Moduls: BrowserHelper.exe2 Berichtskennung: BrowserHelper.exe3 Vollständiger Name des fehlerhaften Pakets: BrowserHelper.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BrowserHelper.exe5 Systemfehler: ============= Error: (11/25/2015 06:52:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/25/2015 06:46:37 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst AVG WatchDog konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (11/25/2015 02:44:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/25/2015 02:32:56 AM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (11/25/2015 00:39:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "WZjHote" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/25/2015 00:19:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/25/2015 00:19:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/25/2015 00:19:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AppX-Bereitstellungsdienst (AppXSVC) erreicht. Error: (11/25/2015 00:19:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "AppX-Bereitstellungsdienst (AppXSVC)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/25/2015 00:19:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AppX-Bereitstellungsdienst (AppXSVC) erreicht. CodeIntegrity: =================================== Date: 2015-11-25 18:52:42.069 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 18:52:41.131 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 18:52:21.505 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 18:52:18.896 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 18:52:17.865 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 18:52:16.786 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 18:52:14.346 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 18:50:35.670 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 18:50:34.498 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 18:50:33.482 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz Prozentuale Nutzung des RAM: 26% Installierter physikalischer RAM: 8078.54 MB Verfügbarer physikalischer RAM: 5928.64 MB Summe virtueller Speicher: 10766.54 MB Verfügbarer virtueller Speicher: 8395.23 MB ==================== Laufwerke ================================ Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:307.27 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.5 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 61ECA0B9) Partition: GPT. ==================== Ende von Addition.txt ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-11-25 19:26:38 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000024 ST1000LM024_HN-M101MBB rev.2BA30001 931,51GB Running: Gmer-19357.exe; Driver: C:\Users\tokoma\AppData\Local\Temp\fxldipog.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\AUDIODG.EXE[6028] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff9aaf61440 5 bytes JMP 00007ffa8c421ae0 .text C:\Windows\system32\AUDIODG.EXE[6028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ff9aaf61560 5 bytes JMP 00007ffa8c421930 .text C:\Windows\system32\AUDIODG.EXE[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00007ff9aaf61640 5 bytes JMP 00007ffa8c421e60 .text C:\Windows\system32\AUDIODG.EXE[6028] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 00007ff9aaf616e0 5 bytes JMP 00007ffa8c421d30 .text C:\Windows\system32\AUDIODG.EXE[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00007ff9aaf61c20 5 bytes JMP 00007ffa8c421ec0 .text C:\Windows\system32\AUDIODG.EXE[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00007ff9aaf61cb0 5 bytes JMP 00007ffa8c421f20 .text C:\Windows\system32\AUDIODG.EXE[6028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 00007ff9aaf61d40 5 bytes JMP 00007ffa8c421f80 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [668:452] fffff960008a92d0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
25.11.2015, 20:37 | #2 |
/// the machine /// TB-Ausbilder | Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung Popup hi,
__________________Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
25.11.2015, 22:22 | #3 |
| Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung Popup So habe die Programme gelöscht und die Scans durchgeführt.
__________________Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2015.11.25.04 rootkit: v2015.11.23.01 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.18053 tokoma :: TOKO [administrator] 25.11.2015 21:20:19 mbar-log-2015-11-25 (21-20-19).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 331489 Time elapsed: 35 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 10 C:\WINDOWS\SYSTEM32\drivers\bsdriver.sys (Rootkit.Komodia.PUA) -> Delete on reboot. [ae29b7f803909567e840ed8af0615680] C:\Users\tokoma\AppData\Local\Temp\_@B3E5.tmp (FraudTool.YAC) -> Delete on reboot. [5edaf092c1ca0c2af55c0c1226db24dc] C:\Users\tokoma\AppData\Local\Temp\_@B3F5.tmp (FraudTool.YAC) -> Delete on reboot. [64d48af8c8c36acc7ed46ab49968c13f] C:\Users\tokoma\AppData\Local\Temp\_@B3F6.tmp (FraudTool.YAC) -> Delete on reboot. [91a7156d216a43f362f08a9429d8fc04] C:\Users\tokoma\AppData\Local\Temp\_@B3F7.tmp (FraudTool.YAC) -> Delete on reboot. [3efa275bd2b9e452aca633ebd22f9070] C:\Users\tokoma\AppData\Local\Temp\_@B408.tmp (FraudTool.YAC) -> Delete on reboot. [f7417d0574171c1ad87a79a5ea170ef2] C:\Users\tokoma\AppData\Local\Temp\_@B418.tmp (FraudTool.YAC) -> Delete on reboot. [93a5631fe3a875c193bfce50837ea55b] C:\Users\tokoma\AppData\Local\Temp\_@B439.tmp (FraudTool.YAC) -> Delete on reboot. [9a9ee79ba5e63501fc5647d7fe03c53b] C:\Users\tokoma\AppData\Local\Temp\_@B449.tmp (FraudTool.YAC) -> Delete on reboot. [41f7e2a078131620b1a16ab4fc0549b7] C:\Users\tokoma\AppData\Local\Temp\_@B44A.tmp (FraudTool.YAC) -> Delete on reboot. [87b1ceb438531f17c98934eab64b3ac6] Physical Sectors Detected: 0 (No malicious items detected) (end) Code:
ATTFilter 22:19:50.0789 0x0df4 TDSS rootkit removing tool 3.1.0.6 Nov 16 2015 12:17:23 22:19:50.0789 0x0df4 UEFI system 22:19:55.0645 0x0df4 ============================================================ 22:19:55.0645 0x0df4 Current date / time: 2015/11/25 22:19:55.0645 22:19:55.0645 0x0df4 SystemInfo: 22:19:55.0645 0x0df4 22:19:55.0645 0x0df4 OS Version: 6.3.9600 ServicePack: 0.0 22:19:55.0645 0x0df4 Product type: Workstation 22:19:55.0645 0x0df4 ComputerName: TOKO 22:19:55.0645 0x0df4 UserName: tokoma 22:19:55.0645 0x0df4 Windows directory: C:\Windows 22:19:55.0645 0x0df4 System windows directory: C:\Windows 22:19:55.0645 0x0df4 Running under WOW64 22:19:55.0645 0x0df4 Processor architecture: Intel x64 22:19:55.0645 0x0df4 Number of processors: 4 22:19:55.0645 0x0df4 Page size: 0x1000 22:19:55.0645 0x0df4 Boot type: Normal boot 22:19:55.0645 0x0df4 ============================================================ 22:19:56.0250 0x0df4 KLMD registered as C:\Windows\system32\drivers\17578688.sys 22:19:56.0956 0x0df4 System UUID: {204BA4FB-E53C-4501-CCC5-72BC0985FAD5} 22:19:57.0551 0x0df4 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:19:57.0556 0x0df4 ============================================================ 22:19:57.0556 0x0df4 \Device\Harddisk0\DR0: 22:19:57.0561 0x0df4 GPT partitions: 22:19:57.0561 0x0df4 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {9596F6C7-EB32-4FD6-B832-57DD1FBAAB6C}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000 22:19:57.0561 0x0df4 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {8DC48BA4-BB57-4919-9326-09CBF893D94E}, Name: Basic data partition, StartLBA 0x32800, BlocksNum 0x1C2000 22:19:57.0561 0x0df4 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8641C079-63CC-4712-BCDB-4C7C2246DBF5}, Name: Microsoft reserved partition, StartLBA 0x1F4800, BlocksNum 0x40000 22:19:57.0561 0x0df4 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {EA2CAAD6-9C0A-4A61-9165-1FBDB3275286}, Name: Basic data partition, StartLBA 0x234800, BlocksNum 0x2E935000 22:19:57.0561 0x0df4 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {3CE28317-3C2C-4F3B-BD05-276C39D08C70}, Name: Basic data partition, StartLBA 0x2EB69800, BlocksNum 0x43398000 22:19:57.0561 0x0df4 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {189D1635-7B82-4605-B3F0-BFDF341BDA98}, Name: Basic data partition, StartLBA 0x71F01800, BlocksNum 0x2805000 22:19:57.0561 0x0df4 MBR partitions: 22:19:57.0561 0x0df4 ============================================================ 22:19:57.0601 0x0df4 C: <-> \Device\Harddisk0\DR0\Partition4 22:19:57.0641 0x0df4 D: <-> \Device\Harddisk0\DR0\Partition5 22:19:57.0641 0x0df4 ============================================================ 22:19:57.0641 0x0df4 Initialize success 22:19:57.0641 0x0df4 ============================================================ 22:20:05.0453 0x0b80 ============================================================ 22:20:05.0453 0x0b80 Scan started 22:20:05.0453 0x0b80 Mode: Manual; SigCheck; TDLFS; 22:20:05.0453 0x0b80 ============================================================ 22:20:05.0453 0x0b80 KSN ping started 22:20:07.0788 0x0b80 KSN ping finished: true 22:20:09.0369 0x0b80 ================ Scan system memory ======================== 22:20:09.0369 0x0b80 System memory - ok 22:20:09.0369 0x0b80 ================ Scan services ============================= 22:20:09.0529 0x0b80 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys 22:20:09.0634 0x0b80 1394ohci - ok 22:20:09.0679 0x0b80 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys 22:20:09.0709 0x0b80 3ware - ok 22:20:09.0929 0x0b80 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:20:09.0979 0x0b80 ACPI - ok 22:20:10.0029 0x0b80 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys 22:20:10.0054 0x0b80 acpiex - ok 22:20:10.0084 0x0b80 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys 22:20:10.0114 0x0b80 acpipagr - ok 22:20:10.0134 0x0b80 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys 22:20:10.0164 0x0b80 AcpiPmi - ok 22:20:10.0179 0x0b80 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys 22:20:10.0209 0x0b80 acpitime - ok 22:20:10.0329 0x0b80 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS 22:20:10.0389 0x0b80 ADP80XX - ok 22:20:10.0464 0x0b80 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:20:10.0504 0x0b80 AeLookupSvc - ok 22:20:10.0634 0x0b80 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\Windows\system32\drivers\afd.sys 22:20:10.0684 0x0b80 AFD - ok 22:20:10.0844 0x0b80 [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 22:20:10.0924 0x0b80 AgereSoftModem - ok 22:20:10.0949 0x0b80 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:20:10.0974 0x0b80 agp440 - ok 22:20:11.0004 0x0b80 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys 22:20:11.0034 0x0b80 ahcache - ok 22:20:11.0074 0x0b80 [ 16F6F6B7903B913AB41AB848C8BB5658, 7304257048CB42E5274B3F6400F4A053A38E3B70A157662FE9D2B7C5979DE851 ] AiCharger C:\Windows\system32\DRIVERS\AiCharger.sys 22:20:11.0104 0x0b80 AiCharger - ok 22:20:11.0139 0x0b80 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\Windows\System32\alg.exe 22:20:11.0169 0x0b80 ALG - ok 22:20:11.0234 0x0b80 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys 22:20:11.0264 0x0b80 AmdK8 - ok 22:20:11.0284 0x0b80 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys 22:20:11.0314 0x0b80 AmdPPM - ok 22:20:11.0334 0x0b80 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:20:11.0359 0x0b80 amdsata - ok 22:20:11.0389 0x0b80 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 22:20:11.0424 0x0b80 amdsbs - ok 22:20:11.0439 0x0b80 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:20:11.0464 0x0b80 amdxata - ok 22:20:11.0499 0x0b80 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\Windows\system32\drivers\appid.sys 22:20:11.0529 0x0b80 AppID - ok 22:20:11.0569 0x0b80 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:20:11.0599 0x0b80 AppIDSvc - ok 22:20:11.0634 0x0b80 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\Windows\System32\appinfo.dll 22:20:11.0664 0x0b80 Appinfo - ok 22:20:11.0719 0x0b80 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\Windows\system32\AppReadiness.dll 22:20:11.0769 0x0b80 AppReadiness - ok 22:20:11.0854 0x0b80 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll 22:20:11.0939 0x0b80 AppXSvc - ok 22:20:11.0979 0x0b80 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys 22:20:12.0009 0x0b80 arcsas - ok 22:20:12.0079 0x0b80 [ 564CB886D1A968B9798C1AB03F4EB54F, F7F73E5C17C0848462860E367215F5D9D4C52E1AA26B3154EC60BA14CBD56556 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe 22:20:12.0104 0x0b80 ASLDRService - ok 22:20:12.0144 0x0b80 [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 22:20:12.0159 0x0b80 ASMMAP64 - ok 22:20:12.0229 0x0b80 [ 591C1205CD75D271A4828869AC54EEEF, 2E34690DDC1A935ACEA9CD36DB2904B1895E7BFDFF54B5AF93241892B655B090 ] Asus WebStorage Windows Service C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe 22:20:12.0244 0x0b80 Asus WebStorage Windows Service - detected UnsignedFile.Multi.Generic ( 1 ) 22:20:14.0785 0x0b80 Asus WebStorage Windows Service ( UnsignedFile.Multi.Generic ) - warning 22:20:17.0161 0x0b80 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys 22:20:17.0186 0x0b80 atapi - ok 22:20:17.0206 0x0b80 [ 8302D313DCC5536FE6BFB85165D9BB1E, CD9101D9CFE34F0D6CF5A6AD5C997CC5D32CCF5135B78604D0C3CD7252117C2D ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys 22:20:17.0226 0x0b80 AthBTPort - ok 22:20:17.0296 0x0b80 [ BBF78A7D6F9BFF37927303ED2539FAB7, B37B2910469D0D82E4B6213F38F149DC5A7D087B89D1169B48DF0D6EA2F1A0D4 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 22:20:17.0326 0x0b80 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 ) 22:20:19.0731 0x0b80 Detect skipped due to KSN trusted 22:20:19.0731 0x0b80 AtherosSvc - ok 22:20:19.0926 0x0b80 [ BBE82125AC1E180DA7E3AF98AB4C0DA2, A0723EBC70B861B2F7EEF7CAEBE66DEF044CBCB0D5C8F4441197264EF69E9641 ] athr C:\Windows\system32\DRIVERS\athwbx.sys 22:20:20.0116 0x0b80 athr - ok 22:20:20.0141 0x0b80 [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 22:20:20.0156 0x0b80 ATKGFNEXSrv - ok 22:20:20.0206 0x0b80 [ C435191FAD19B43E5C3082E4275DCE75, 12D8AF471CA89FE59790092EF3274D638B4B978F1F061423F8D70F270121CF7A ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 22:20:20.0221 0x0b80 ATKWMIACPIIO - ok 22:20:20.0261 0x0b80 [ 22973DEAE98D27F5BBDBA6B093B8DC0A, FD2CAF329AFD1934C1C57E9CC47926443B53039F4B55543C1CB473D01887E754 ] ATP C:\Windows\System32\drivers\AsusTP.sys 22:20:20.0281 0x0b80 ATP - ok 22:20:20.0321 0x0b80 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll 22:20:20.0361 0x0b80 AudioEndpointBuilder - ok 22:20:20.0416 0x0b80 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\Windows\System32\Audiosrv.dll 22:20:20.0486 0x0b80 Audiosrv - ok 22:20:20.0626 0x0b80 [ 843A45EBB934EB33992CE8C72927DA21, B65E0FA7E654908B72544E4236A0A534AA53153A321877A6CC3A01876FA6FB6D ] AvgAMPS C:\Program Files (x86)\AVG\Av\avgamps.exe 22:20:20.0671 0x0b80 AvgAMPS - ok 22:20:20.0716 0x0b80 [ CB0316E55674D69AF814250FD6EAEAB2, 488334E7E4D65D3B739A58C196E3F7FDBC531E0C3B1DCE1F92AA5D50688F7962 ] Avgboota C:\Windows\system32\DRIVERS\avgboota.sys 22:20:20.0746 0x0b80 Avgboota - ok 22:20:20.0771 0x0b80 [ 0047D8CDD760C85F0FCEE46FB10F7AF5, 312039D91C71819A58E1970330ED6443CFA462FAA0B2E00B55AC25D523C65722 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys 22:20:20.0796 0x0b80 Avgdiska - ok 22:20:20.0982 0x0b80 [ 279A6B916711B54DA2B2913250E5AFF1, 16BE31BB009079AE0C8C3E9CF14354F87578C8AD6502AB2F22D918B174A51EC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\Av\avgidsagent.exe 22:20:21.0167 0x0b80 AVGIDSAgent - ok 22:20:21.0222 0x0b80 [ 788FA68A9319CC73413AFE97EFD642A1, C6DF7D4A64D64A6BEAF185CDE7D910ED712A3873786EBCCF28E7E0B95A8E7905 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 22:20:21.0252 0x0b80 AVGIDSDriver - ok 22:20:21.0302 0x0b80 [ E9796E2C69DC0D3AEE77EC82B80F83F3, E89011A5CC74AE9FDCCD094C50289E7875A014E537A05338EA6B0152B6E992F4 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 22:20:21.0332 0x0b80 AVGIDSHA - ok 22:20:21.0397 0x0b80 [ D2E83AA008426FC9408272035E50D40B, 6F3B3385C5E1BDBF29343737C5A72A3C8B671016BC805EC51B4C0728807726E3 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 22:20:21.0427 0x0b80 Avgldx64 - ok 22:20:21.0487 0x0b80 [ 6BB3E78DE490503540DD93B9A733794D, 18832B066A10EF2CF0A02F0B834B91771DD95CC3FAB24CBACB7B60E46D280B25 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys 22:20:21.0522 0x0b80 Avgloga - ok 22:20:21.0542 0x0b80 [ 0D853D9B288298D3C61D7FC94A659DB2, B4B7C19EDE805B49645EF8A310EB6CED41E46CC606AB57D7496E0CA845161AE1 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 22:20:21.0572 0x0b80 Avgmfx64 - ok 22:20:21.0597 0x0b80 [ B4551FA74295B9629B8F63B1D54EF4FB, 3C0C798D98AC8B50098ACE634ED4733A2A245D2C03B8C92397899767C11C24DD ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 22:20:21.0617 0x0b80 Avgrkx64 - ok 22:20:21.0727 0x0b80 [ 5E3C595A18B70417858BB37A3B3F6039, 374D76D2D7C684881501A48FF00CE6E0742FE75E411212EAA72543CC94CE184F ] avgsvc C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe 22:20:21.0787 0x0b80 avgsvc - ok 22:20:21.0842 0x0b80 [ F328F131751BBFC9BBB5EDFE4080158F, 080F05CA0B6F600C27015A0572717FC94C5828847B816F8AEEFFE14A1F1E90C7 ] avgwd C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe 22:20:21.0887 0x0b80 avgwd - ok 22:20:21.0942 0x0b80 [ 84BCAB9AFA9E787D94E08346F27AB711, BEC8A755CDE397ABC15BE0A57B7DBB8B45BAB8BE6942EF2BDF1FAD7906C3EE57 ] Avgwfpa C:\Windows\system32\DRIVERS\avgwfpa.sys 22:20:21.0972 0x0b80 Avgwfpa - ok 22:20:22.0007 0x0b80 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:20:22.0042 0x0b80 AxInstSV - ok 22:20:22.0102 0x0b80 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 22:20:22.0152 0x0b80 b06bdrv - ok 22:20:22.0177 0x0b80 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys 22:20:22.0202 0x0b80 BasicDisplay - ok 22:20:22.0217 0x0b80 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys 22:20:22.0242 0x0b80 BasicRender - ok 22:20:22.0272 0x0b80 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys 22:20:22.0287 0x0b80 bcmfn2 - ok 22:20:22.0327 0x0b80 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\Windows\System32\bdesvc.dll 22:20:22.0372 0x0b80 BDESVC - ok 22:20:22.0397 0x0b80 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys 22:20:22.0427 0x0b80 Beep - ok 22:20:22.0492 0x0b80 [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE C:\Windows\System32\bfe.dll 22:20:22.0557 0x0b80 BFE - ok 22:20:22.0632 0x0b80 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\Windows\System32\qmgr.dll 22:20:22.0707 0x0b80 BITS - ok 22:20:22.0742 0x0b80 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:20:22.0777 0x0b80 bowser - ok 22:20:22.0812 0x0b80 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll 22:20:22.0852 0x0b80 BrokerInfrastructure - ok 22:20:22.0902 0x0b80 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\Windows\System32\browser.dll 22:20:22.0932 0x0b80 Browser - ok 22:20:22.0942 0x0b80 bsdriver - ok 22:20:22.0977 0x0b80 [ DE8D825D9D45108CC7640C7944E68D60, 554F473BB5CC5DABB125E821BC57A62026E996A6405E8724464B5ABCE50B626F ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys 22:20:23.0007 0x0b80 BTATH_A2DP - ok 22:20:23.0037 0x0b80 [ 30609197DBF90028615E9CE312C60A14, F7FCA3DB15A02D5EB583DA50132A6C30D59A7D521EA548AD5AACF8D2E2F41E72 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys 22:20:23.0057 0x0b80 btath_avdt - ok 22:20:23.0087 0x0b80 [ AF7DEA6A0E93AF8517A310D189B656BE, 008FE5102EE6B73A8D9AFC2B0E563C6A3567167380FCEDC538278240D2AE1FD4 ] BTATH_BUS C:\Windows\system32\drivers\btath_bus.sys 22:20:23.0107 0x0b80 BTATH_BUS - ok 22:20:23.0147 0x0b80 [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP C:\Windows\System32\drivers\btath_hcrp.sys 22:20:23.0172 0x0b80 BTATH_HCRP - ok 22:20:23.0212 0x0b80 [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys 22:20:23.0232 0x0b80 BTATH_LWFLT - ok 22:20:23.0252 0x0b80 [ 859A116D748FBA603AF94C251DC5CF97, D64061721BE01F86386C4B0168B166C6AD076630B2229036E1D368D877389D46 ] BTATH_RCP C:\Windows\System32\drivers\btath_rcp.sys 22:20:23.0277 0x0b80 BTATH_RCP - ok 22:20:23.0332 0x0b80 [ 8434237E1EC39E85D8ACE6FA694A5733, CE4261DC6AE5393327DC43D97F35FC9AE86665F89D17CC5708AA3D387B4FFFA5 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys 22:20:23.0372 0x0b80 BtFilter - ok 22:20:23.0407 0x0b80 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys 22:20:23.0437 0x0b80 BthAvrcpTg - ok 22:20:23.0462 0x0b80 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\Windows\System32\drivers\BthEnum.sys 22:20:23.0497 0x0b80 BthEnum - ok 22:20:23.0527 0x0b80 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys 22:20:23.0557 0x0b80 BthHFEnum - ok 22:20:23.0582 0x0b80 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys 22:20:23.0612 0x0b80 bthhfhid - ok 22:20:23.0657 0x0b80 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll 22:20:23.0697 0x0b80 BthHFSrv - ok 22:20:23.0742 0x0b80 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys 22:20:23.0777 0x0b80 BthLEEnum - ok 22:20:23.0802 0x0b80 [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys 22:20:23.0827 0x0b80 BTHMODEM - ok 22:20:23.0857 0x0b80 [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan C:\Windows\System32\drivers\bthpan.sys 22:20:23.0887 0x0b80 BthPan - ok 22:20:23.0962 0x0b80 [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 22:20:24.0042 0x0b80 BTHPORT - ok 22:20:24.0077 0x0b80 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\Windows\system32\bthserv.dll 22:20:24.0107 0x0b80 bthserv - ok 22:20:24.0137 0x0b80 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 22:20:24.0162 0x0b80 BTHUSB - ok 22:20:24.0202 0x0b80 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:20:24.0237 0x0b80 cdfs - ok 22:20:24.0257 0x0b80 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys 22:20:24.0292 0x0b80 cdrom - ok 22:20:24.0322 0x0b80 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\Windows\System32\certprop.dll 22:20:24.0357 0x0b80 CertPropSvc - ok 22:20:24.0377 0x0b80 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys 22:20:24.0407 0x0b80 circlass - ok 22:20:24.0457 0x0b80 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\Windows\system32\drivers\CLFS.sys 22:20:24.0497 0x0b80 CLFS - ok 22:20:24.0547 0x0b80 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys 22:20:24.0577 0x0b80 CmBatt - ok 22:20:24.0632 0x0b80 [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG C:\Windows\system32\Drivers\cng.sys 22:20:24.0682 0x0b80 CNG - ok 22:20:24.0707 0x0b80 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys 22:20:24.0732 0x0b80 CompositeBus - ok 22:20:24.0742 0x0b80 COMSysApp - ok 22:20:24.0762 0x0b80 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys 22:20:24.0792 0x0b80 condrv - ok 22:20:24.0872 0x0b80 [ 8A8E6BEBC062BDF09B43DEEB04633F64, 9844819147FF989C4EA8491D6A199ACAC63341ADCE9F842E6F39AACE8E4BE50E ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 22:20:24.0902 0x0b80 cphs - ok 22:20:24.0937 0x0b80 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:20:24.0972 0x0b80 CryptSvc - ok 22:20:24.0992 0x0b80 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\Windows\system32\drivers\dam.sys 22:20:25.0022 0x0b80 dam - ok 22:20:25.0103 0x0b80 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:20:25.0163 0x0b80 DcomLaunch - ok 22:20:25.0223 0x0b80 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\Windows\System32\defragsvc.dll 22:20:25.0273 0x0b80 defragsvc - ok 22:20:25.0318 0x0b80 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll 22:20:25.0363 0x0b80 DeviceAssociationService - ok 22:20:25.0403 0x0b80 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\Windows\system32\umpnpmgr.dll 22:20:25.0438 0x0b80 DeviceInstall - ok 22:20:25.0478 0x0b80 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys 22:20:25.0508 0x0b80 Dfsc - ok 22:20:25.0573 0x0b80 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\Windows\system32\dhcpcore.dll 22:20:25.0618 0x0b80 Dhcp - ok 22:20:25.0713 0x0b80 [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack C:\Windows\system32\diagtrack.dll 22:20:25.0798 0x0b80 DiagTrack - ok 22:20:25.0843 0x0b80 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\Windows\system32\drivers\disk.sys 22:20:25.0868 0x0b80 disk - ok 22:20:25.0893 0x0b80 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys 22:20:25.0923 0x0b80 dmvsc - ok 22:20:25.0963 0x0b80 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:20:26.0003 0x0b80 Dnscache - ok 22:20:26.0048 0x0b80 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\Windows\System32\dot3svc.dll 22:20:26.0088 0x0b80 dot3svc - ok 22:20:26.0128 0x0b80 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\Windows\system32\dps.dll 22:20:26.0163 0x0b80 DPS - ok 22:20:26.0198 0x0b80 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:20:26.0223 0x0b80 drmkaud - ok 22:20:26.0263 0x0b80 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll 22:20:26.0303 0x0b80 DsmSvc - ok 22:20:26.0398 0x0b80 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:20:26.0498 0x0b80 DXGKrnl - ok 22:20:26.0558 0x0b80 [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress C:\Windows\system32\DRIVERS\e1i63x64.sys 22:20:26.0608 0x0b80 e1iexpress - ok 22:20:26.0653 0x0b80 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\Windows\System32\eapsvc.dll 22:20:26.0688 0x0b80 Eaphost - ok 22:20:26.0863 0x0b80 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys 22:20:27.0058 0x0b80 ebdrv - ok 22:20:27.0108 0x0b80 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\Windows\System32\lsass.exe 22:20:27.0138 0x0b80 EFS - ok 22:20:27.0183 0x0b80 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys 22:20:27.0213 0x0b80 EhStorClass - ok 22:20:27.0233 0x0b80 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys 22:20:27.0263 0x0b80 EhStorTcgDrv - ok 22:20:27.0283 0x0b80 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys 22:20:27.0313 0x0b80 ErrDev - ok 22:20:27.0378 0x0b80 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\Windows\system32\es.dll 22:20:27.0428 0x0b80 EventSystem - ok 22:20:27.0478 0x0b80 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys 22:20:27.0528 0x0b80 exfat - ok 22:20:27.0618 0x0b80 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:20:27.0653 0x0b80 fastfat - ok 22:20:28.0573 0x0b80 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\Windows\system32\fxssvc.exe 22:20:28.0638 0x0b80 Fax - ok 22:20:28.0657 0x0b80 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys 22:20:28.0692 0x0b80 fdc - ok 22:20:28.0727 0x0b80 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\Windows\system32\fdPHost.dll 22:20:28.0757 0x0b80 fdPHost - ok 22:20:28.0802 0x0b80 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\Windows\system32\fdrespub.dll 22:20:28.0832 0x0b80 FDResPub - ok 22:20:28.0882 0x0b80 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\Windows\system32\fhsvc.dll 22:20:28.0917 0x0b80 fhsvc - ok 22:20:28.0962 0x0b80 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:20:28.0992 0x0b80 FileInfo - ok 22:20:29.0017 0x0b80 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:20:29.0062 0x0b80 Filetrace - ok 22:20:29.0092 0x0b80 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys 22:20:29.0127 0x0b80 flpydisk - ok 22:20:29.0167 0x0b80 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:20:29.0207 0x0b80 FltMgr - ok 22:20:29.0397 0x0b80 [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache C:\Windows\system32\FntCache.dll 22:20:29.0487 0x0b80 FontCache - ok 22:20:29.0627 0x0b80 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:20:29.0652 0x0b80 FontCache3.0.0.0 - ok 22:20:29.0702 0x0b80 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:20:29.0727 0x0b80 FsDepends - ok 22:20:29.0752 0x0b80 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:20:29.0777 0x0b80 Fs_Rec - ok 22:20:29.0862 0x0b80 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:20:29.0913 0x0b80 fvevol - ok 22:20:29.0953 0x0b80 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys 22:20:29.0983 0x0b80 FxPPM - ok 22:20:30.0018 0x0b80 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 22:20:30.0043 0x0b80 gagp30kx - ok 22:20:30.0238 0x0b80 [ E6CE7A89183D1840F0FF63694292FFA2, 8907ADCF9967026CD1A9D545E2274569F840F1DFF0E407CC77B6A662267AAC4B ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe 22:20:30.0263 0x0b80 GamesAppIntegrationService - ok 22:20:30.0298 0x0b80 [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 22:20:30.0323 0x0b80 GamesAppService - ok 22:20:30.0368 0x0b80 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys 22:20:30.0398 0x0b80 gencounter - ok 22:20:30.0438 0x0b80 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys 22:20:30.0468 0x0b80 GPIOClx0101 - ok 22:20:30.0608 0x0b80 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\Windows\System32\gpsvc.dll 22:20:30.0693 0x0b80 gpsvc - ok 22:20:30.0723 0x0b80 gupdate - ok 22:20:30.0728 0x0b80 gupdatem - ok 22:20:30.0838 0x0b80 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:20:30.0883 0x0b80 HdAudAddService - ok 22:20:30.0908 0x0b80 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys 22:20:30.0938 0x0b80 HDAudBus - ok 22:20:30.0953 0x0b80 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys 22:20:30.0983 0x0b80 HidBatt - ok 22:20:31.0018 0x0b80 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\Windows\System32\drivers\hidbth.sys 22:20:31.0048 0x0b80 HidBth - ok 22:20:31.0073 0x0b80 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys 22:20:31.0103 0x0b80 hidi2c - ok 22:20:31.0123 0x0b80 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys 22:20:31.0153 0x0b80 HidIr - ok 22:20:31.0188 0x0b80 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\Windows\system32\hidserv.dll 22:20:31.0218 0x0b80 hidserv - ok 22:20:31.0248 0x0b80 [ 894D982CEAB8CD45A56AE2C9988E86C0, AA2DEB62CB69FF1AEF772989342F2CF77CA48F212C9489A92A4FF97FD46D3866 ] HIDSwitch C:\Windows\System32\drivers\AsHIDSwitch64.sys 22:20:31.0263 0x0b80 HIDSwitch - ok 22:20:31.0298 0x0b80 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\Windows\System32\drivers\hidusb.sys 22:20:31.0323 0x0b80 HidUsb - ok 22:20:31.0353 0x0b80 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\Windows\system32\kmsvc.dll 22:20:31.0383 0x0b80 hkmsvc - ok 22:20:31.0428 0x0b80 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:20:31.0468 0x0b80 HomeGroupListener - ok 22:20:31.0528 0x0b80 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:20:31.0573 0x0b80 HomeGroupProvider - ok 22:20:31.0608 0x0b80 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:20:31.0633 0x0b80 HpSAMD - ok 22:20:31.0708 0x0b80 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:20:31.0778 0x0b80 HTTP - ok 22:20:31.0798 0x0b80 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:20:31.0818 0x0b80 hwpolicy - ok 22:20:31.0843 0x0b80 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys 22:20:31.0868 0x0b80 hyperkbd - ok 22:20:31.0893 0x0b80 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys 22:20:31.0923 0x0b80 HyperVideo - ok 22:20:31.0958 0x0b80 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\Windows\System32\drivers\i8042prt.sys 22:20:31.0988 0x0b80 i8042prt - ok 22:20:32.0003 0x0b80 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 22:20:32.0018 0x0b80 iaLPSSi_GPIO - ok 22:20:32.0038 0x0b80 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys 22:20:32.0063 0x0b80 iaLPSSi_I2C - ok 22:20:32.0108 0x0b80 [ 25555186E4FBDF0E30A5DBFC9B9A73F9, 4A9DAC2B56389C5955C343E202C6E81CD3A608E78A4BB7E6ED560719DF02C955 ] iaStorA C:\Windows\system32\drivers\iaStorA.sys 22:20:32.0148 0x0b80 iaStorA - ok 22:20:32.0193 0x0b80 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys 22:20:32.0238 0x0b80 iaStorAV - ok 22:20:32.0283 0x0b80 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:20:32.0323 0x0b80 iaStorV - ok 22:20:32.0383 0x0b80 [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe 22:20:32.0403 0x0b80 ICCS - ok 22:20:32.0413 0x0b80 IEEtwCollectorService - ok 22:20:32.0608 0x0b80 [ 142CFBE6ED0E498CCA7ABE8DD932C1AF, 513DFF7DA86CCCB9A061CF7ED0AC84305D800A26189179F60B62BD4FFFCF7DDF ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 22:20:32.0798 0x0b80 igfx - ok 22:20:32.0878 0x0b80 [ A9D3EE3C1202D724521C52A3D63EED8D, CEC61EF60D5A74B8C3D7DAE7EB8478803F2660432461A1BBFF7F575CBC9EBE40 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe 22:20:32.0908 0x0b80 igfxCUIService1.0.0.0 - ok 22:20:32.0988 0x0b80 [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT C:\Windows\System32\ikeext.dll 22:20:33.0063 0x0b80 IKEEXT - ok 22:20:33.0108 0x0b80 [ F0F581A2299CB2BAB1DF2597BCDDB80F, EE485AF3049C87666BC6D6BFFC8A0EB4B95831D9061EB81848ECEE29C4232BF4 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys 22:20:33.0128 0x0b80 intaud_WaveExtensible - ok 22:20:33.0348 0x0b80 [ 44ED7064A8CFF33E6D2BCC81412145F7, FFC2D581044D7E43D0287D13F33AA97CDF1F03D4B167ACD6BE551E92C9551C0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 22:20:33.0533 0x0b80 IntcAzAudAddService - ok 22:20:33.0633 0x0b80 [ 8E4044C6B71B2F837166F6EDB6BF9100, 441A4EA0C3EF686B8B7884EC96FD8EE1017EB3F462FB4376638F461E41D97C72 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 22:20:33.0668 0x0b80 IntcDAud - ok 22:20:33.0808 0x0b80 [ 768DD5CB66952BC4A3BD474757AEE34F, 5A1F91FC8028D84FD83591D60CB7E3B24425C3B0FFF5A9BB0F7CE2E17AAB92D4 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe 22:20:33.0853 0x0b80 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 ) 22:20:40.0140 0x08a8 Object required for P2P: [ 279A6B916711B54DA2B2913250E5AFF1 ] AVGIDSAgent 22:20:41.0395 0x0b80 Detect skipped due to KSN trusted 22:20:41.0395 0x0b80 Intel(R) Capability Licensing Service Interface - ok 22:20:41.0500 0x0b80 [ 7C9ED65324CF268ACBA8024257F782D8, 1DC43DBA3612E26454D7786DEB0538B44A736B67EC99642B4CC574D8A03E0DC7 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe 22:20:41.0555 0x0b80 Intel(R) Capability Licensing Service TCP IP Interface - ok 22:20:41.0590 0x0b80 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys 22:20:41.0615 0x0b80 intelide - ok 22:20:41.0660 0x0b80 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\Windows\system32\drivers\intelpep.sys 22:20:41.0685 0x0b80 intelpep - ok 22:20:41.0720 0x0b80 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys 22:20:41.0750 0x0b80 intelppm - ok 22:20:41.0770 0x0b80 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:20:41.0805 0x0b80 IpFilterDriver - ok 22:20:41.0915 0x0b80 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:20:41.0980 0x0b80 iphlpsvc - ok 22:20:42.0025 0x0b80 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys 22:20:42.0055 0x0b80 IPMIDRV - ok 22:20:42.0095 0x0b80 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:20:42.0130 0x0b80 IPNAT - ok 22:20:42.0155 0x0b80 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:20:42.0190 0x0b80 IRENUM - ok 22:20:42.0211 0x0b80 iSafeKrnlMon - ok 22:20:42.0231 0x0b80 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:20:42.0251 0x0b80 isapnp - ok 22:20:42.0411 0x0b80 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys 22:20:42.0446 0x0b80 iScsiPrt - ok 22:20:42.0506 0x0b80 [ C2BC9AC9C6514230A481BDCA6A24BEFD, 84E41675D11EF2EEECED23C8469503C8D12810A2C6B6743D7AA322EB6DF7E68D ] iwdbus C:\Windows\System32\drivers\iwdbus.sys 22:20:42.0521 0x0b80 iwdbus - ok 22:20:42.0571 0x0b80 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\Windows\System32\drivers\kbdclass.sys 22:20:42.0596 0x0b80 kbdclass - ok 22:20:42.0631 0x08a8 Object send P2P result: true 22:20:42.0636 0x08a8 Object required for P2P: [ F328F131751BBFC9BBB5EDFE4080158F ] avgwd 22:20:42.0646 0x0b80 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys 22:20:42.0676 0x0b80 kbdhid - ok 22:20:42.0706 0x0b80 [ 6C6F4A5FC5A2343995D1B0F111D5CF06, 62282992D3B1634C7BBDD1BCFC13F77FC806AD85B2C667FA09D73355825D19A8 ] kbfiltr C:\Windows\System32\drivers\kbfiltr.sys 22:20:42.0726 0x0b80 kbfiltr - ok 22:20:42.0756 0x0b80 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys 22:20:42.0781 0x0b80 kdnic - ok 22:20:42.0806 0x0b80 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\Windows\system32\lsass.exe 22:20:42.0836 0x0b80 KeyIso - ok 22:20:42.0876 0x0b80 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:20:42.0901 0x0b80 KSecDD - ok 22:20:42.0986 0x0b80 [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:20:43.0016 0x0b80 KSecPkg - ok 22:20:43.0071 0x0b80 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:20:43.0101 0x0b80 ksthunk - ok 22:20:43.0181 0x0b80 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\Windows\system32\msdtckrm.dll 22:20:43.0226 0x0b80 KtmRm - ok 22:20:43.0266 0x0b80 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\Windows\system32\srvsvc.dll 22:20:43.0316 0x0b80 LanmanServer - ok 22:20:43.0376 0x0b80 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:20:43.0426 0x0b80 LanmanWorkstation - ok 22:20:43.0556 0x0b80 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll 22:20:43.0606 0x0b80 lfsvc - ok 22:20:43.0941 0x0b80 [ 7C4CAFBE3FC655B036026D24B4E5D433, 4B46E427CE18EE2E601FAD2F2CA0CF60E2A8D41F5D9F03DF30D97EA2FFCAF06E ] LiveUpdateSvc C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe 22:20:44.0071 0x0b80 LiveUpdateSvc - ok 22:20:44.0131 0x0b80 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:20:44.0166 0x0b80 lltdio - ok 22:20:44.0301 0x0b80 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:20:44.0341 0x0b80 lltdsvc - ok 22:20:44.0381 0x0b80 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:20:44.0411 0x0b80 lmhosts - ok 22:20:44.0471 0x0b80 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 22:20:44.0496 0x0b80 LSI_SAS - ok 22:20:44.0526 0x0b80 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 22:20:44.0551 0x0b80 LSI_SAS2 - ok 22:20:44.0576 0x0b80 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys 22:20:44.0601 0x0b80 LSI_SAS3 - ok 22:20:44.0631 0x0b80 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys 22:20:44.0656 0x0b80 LSI_SSS - ok 22:20:44.0871 0x0b80 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\Windows\System32\lsm.dll 22:20:44.0931 0x0b80 LSM - ok 22:20:44.0951 0x0b80 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys 22:20:44.0986 0x0b80 luafv - ok 22:20:45.0036 0x0b80 [ 0D3CF8B876F55291B137B972891C1575, 2E7D0A54D5B2211D340EB56F3D5FCB8362E75415A3C75F553643BA55888DC690 ] MBI C:\Windows\system32\drivers\MBI.sys 22:20:45.0056 0x0b80 MBI - ok 22:20:45.0101 0x08a8 Object send P2P result: true 22:20:45.0111 0x0b80 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys 22:20:45.0141 0x0b80 megasas - ok 22:20:45.0206 0x0b80 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys 22:20:45.0261 0x0b80 megasr - ok 22:20:45.0296 0x0b80 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\Windows\system32\mmcss.dll 22:20:45.0326 0x0b80 MMCSS - ok 22:20:45.0351 0x0b80 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys 22:20:45.0386 0x0b80 Modem - ok 22:20:45.0441 0x0b80 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys 22:20:45.0466 0x0b80 monitor - ok 22:20:45.0501 0x0b80 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\Windows\System32\drivers\mouclass.sys 22:20:45.0526 0x0b80 mouclass - ok 22:20:45.0576 0x0b80 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\Windows\System32\drivers\mouhid.sys 22:20:45.0601 0x0b80 mouhid - ok 22:20:45.0651 0x0b80 [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:20:45.0676 0x0b80 mountmgr - ok 22:20:45.0721 0x0b80 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:20:45.0751 0x0b80 mpsdrv - ok 22:20:45.0861 0x0b80 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\Windows\system32\mpssvc.dll 22:20:45.0927 0x0b80 MpsSvc - ok 22:20:46.0017 0x0b80 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:20:46.0047 0x0b80 MRxDAV - ok 22:20:46.0196 0x0b80 [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:20:46.0241 0x0b80 mrxsmb - ok 22:20:46.0277 0x0b80 [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:20:46.0317 0x0b80 mrxsmb10 - ok 22:20:46.0342 0x0b80 [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:20:46.0382 0x0b80 mrxsmb20 - ok 22:20:46.0417 0x0b80 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys 22:20:46.0452 0x0b80 MsBridge - ok 22:20:46.0487 0x0b80 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\Windows\System32\msdtc.exe 22:20:46.0522 0x0b80 MSDTC - ok 22:20:46.0567 0x0b80 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:20:46.0597 0x0b80 Msfs - ok 22:20:46.0617 0x0b80 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys 22:20:46.0642 0x0b80 msgpiowin32 - ok 22:20:46.0657 0x0b80 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:20:46.0687 0x0b80 mshidkmdf - ok 22:20:46.0697 0x0b80 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys 22:20:46.0727 0x0b80 mshidumdf - ok 22:20:46.0742 0x0b80 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:20:46.0767 0x0b80 msisadrv - ok 22:20:46.0797 0x0b80 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:20:46.0832 0x0b80 MSiSCSI - ok 22:20:46.0842 0x0b80 msiserver - ok 22:20:46.0887 0x0b80 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:20:46.0917 0x0b80 MSKSSRV - ok 22:20:46.0952 0x0b80 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys 22:20:46.0982 0x0b80 MsLldp - ok 22:20:46.0997 0x0b80 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:20:47.0027 0x0b80 MSPCLOCK - ok 22:20:47.0047 0x0b80 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:20:47.0077 0x0b80 MSPQM - ok 22:20:47.0117 0x0b80 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:20:47.0157 0x0b80 MsRPC - ok 22:20:47.0172 0x0b80 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys 22:20:47.0197 0x0b80 mssmbios - ok 22:20:47.0222 0x0b80 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:20:47.0252 0x0b80 MSTEE - ok 22:20:47.0262 0x0b80 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys 22:20:47.0287 0x0b80 MTConfig - ok 22:20:47.0302 0x0b80 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\Windows\system32\Drivers\mup.sys 22:20:47.0327 0x0b80 Mup - ok 22:20:47.0352 0x0b80 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys 22:20:47.0377 0x0b80 mvumis - ok 22:20:47.0412 0x0b80 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\Windows\system32\qagentRT.dll 22:20:47.0462 0x0b80 napagent - ok 22:20:47.0507 0x0b80 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:20:47.0557 0x0b80 NativeWifiP - ok 22:20:47.0602 0x0b80 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\Windows\System32\ncasvc.dll 22:20:47.0637 0x0b80 NcaSvc - ok 22:20:47.0672 0x0b80 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\Windows\System32\ncbservice.dll 22:20:47.0707 0x0b80 NcbService - ok 22:20:47.0737 0x0b80 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll 22:20:47.0767 0x0b80 NcdAutoSetup - ok 22:20:47.0847 0x0b80 [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:20:47.0922 0x0b80 NDIS - ok 22:20:47.0947 0x0b80 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:20:47.0982 0x0b80 NdisCap - ok 22:20:48.0017 0x0b80 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys 22:20:48.0047 0x0b80 NdisImPlatform - ok 22:20:48.0082 0x0b80 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:20:48.0112 0x0b80 NdisTapi - ok 22:20:48.0157 0x0b80 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:20:48.0187 0x0b80 Ndisuio - ok 22:20:48.0202 0x0b80 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys 22:20:48.0237 0x0b80 NdisVirtualBus - ok 22:20:48.0272 0x0b80 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:20:48.0312 0x0b80 NdisWan - ok 22:20:48.0332 0x0b80 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys 22:20:48.0372 0x0b80 NdisWanLegacy - ok 22:20:48.0407 0x0b80 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:20:48.0437 0x0b80 NDProxy - ok 22:20:48.0462 0x0b80 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\Windows\system32\drivers\Ndu.sys 22:20:48.0497 0x0b80 Ndu - ok 22:20:48.0527 0x0b80 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:20:48.0557 0x0b80 NetBIOS - ok 22:20:48.0602 0x0b80 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:20:48.0642 0x0b80 NetBT - ok 22:20:48.0662 0x0b80 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\Windows\system32\lsass.exe 22:20:48.0687 0x0b80 Netlogon - ok 22:20:48.0732 0x0b80 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\Windows\System32\netman.dll 22:20:48.0772 0x0b80 Netman - ok 22:20:48.0827 0x0b80 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\Windows\System32\netprofmsvc.dll 22:20:48.0882 0x0b80 netprofm - ok 22:20:48.0942 0x0b80 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:20:48.0972 0x0b80 NetTcpPortSharing - ok 22:20:49.0007 0x0b80 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\Windows\System32\drivers\netvsc63.sys 22:20:49.0037 0x0b80 netvsc - ok 22:20:49.0552 0x0b80 [ 272BB8C52BE106B5CC69171AF1D281D4, 3D65A772C15440DF5895843185241D890CCDECA0E02DD6CF32CCB9B5849E31A4 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys 22:20:50.0042 0x0b80 NETwNs64 - ok 22:20:50.0177 0x0b80 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\Windows\System32\nlasvc.dll 22:20:50.0222 0x0b80 NlaSvc - ok 22:20:50.0267 0x0b80 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:20:50.0302 0x0b80 Npfs - ok 22:20:50.0327 0x0b80 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys 22:20:50.0353 0x0b80 npsvctrig - ok 22:20:50.0403 0x0b80 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\Windows\system32\nsisvc.dll 22:20:50.0438 0x0b80 nsi - ok 22:20:50.0473 0x0b80 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:20:50.0503 0x0b80 nsiproxy - ok 22:20:50.0808 0x0b80 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:20:50.0928 0x0b80 Ntfs - ok 22:20:50.0978 0x0b80 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys 22:20:51.0008 0x0b80 Null - ok 22:20:51.0038 0x0b80 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:20:51.0068 0x0b80 nvraid - ok 22:20:51.0103 0x0b80 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:20:51.0133 0x0b80 nvstor - ok 22:20:51.0153 0x0b80 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:20:51.0183 0x0b80 nv_agp - ok 22:20:51.0223 0x0b80 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:20:51.0268 0x0b80 p2pimsvc - ok 22:20:51.0308 0x0b80 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\Windows\system32\p2psvc.dll 22:20:51.0358 0x0b80 p2psvc - ok 22:20:51.0398 0x0b80 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\Windows\System32\drivers\parport.sys 22:20:51.0428 0x0b80 Parport - ok 22:20:51.0458 0x0b80 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:20:51.0488 0x0b80 partmgr - ok 22:20:51.0538 0x0b80 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\Windows\System32\pcasvc.dll 22:20:51.0588 0x0b80 PcaSvc - ok 22:20:51.0628 0x0b80 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\Windows\system32\drivers\pci.sys 22:20:51.0663 0x0b80 pci - ok 22:20:51.0678 0x0b80 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys 22:20:51.0703 0x0b80 pciide - ok 22:20:51.0738 0x0b80 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 22:20:51.0763 0x0b80 pcmcia - ok 22:20:51.0793 0x0b80 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys 22:20:51.0818 0x0b80 pcw - ok 22:20:51.0853 0x0b80 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\Windows\system32\drivers\pdc.sys 22:20:51.0883 0x0b80 pdc - ok 22:20:51.0928 0x0b80 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:20:51.0983 0x0b80 PEAUTH - ok 22:20:52.0068 0x0b80 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:20:52.0098 0x0b80 PerfHost - ok 22:20:52.0208 0x0b80 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\Windows\system32\pla.dll 22:20:52.0303 0x0b80 pla - ok 22:20:52.0338 0x0b80 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:20:52.0373 0x0b80 PlugPlay - ok 22:20:52.0398 0x0b80 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:20:52.0433 0x0b80 PNRPAutoReg - ok 22:20:52.0468 0x0b80 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:20:52.0513 0x0b80 PNRPsvc - ok 22:20:52.0558 0x0b80 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:20:52.0603 0x0b80 PolicyAgent - ok 22:20:52.0643 0x0b80 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\Windows\system32\umpo.dll 22:20:52.0678 0x0b80 Power - ok 22:20:52.0858 0x0b80 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll 22:20:53.0003 0x0b80 PrintNotify - ok 22:20:53.0038 0x0b80 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys 22:20:53.0068 0x0b80 Processor - ok 22:20:53.0113 0x0b80 [ C8D39A07CAD9EF1C86BD5D7CAC98DA54, 10146D1E023D9BC5B8CBAADE6A70D87A41BDABAA44D812B609C13563DF25527A ] ProfSvc C:\Windows\system32\profsvc.dll 22:20:53.0148 0x0b80 ProfSvc - ok 22:20:53.0183 0x0b80 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:20:53.0218 0x0b80 Psched - ok 22:20:53.0263 0x0b80 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\Windows\system32\qwave.dll 22:20:53.0303 0x0b80 QWAVE - ok 22:20:53.0338 0x0b80 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:20:53.0363 0x0b80 QWAVEdrv - ok 22:20:53.0383 0x0b80 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:20:53.0413 0x0b80 RasAcd - ok 22:20:53.0443 0x0b80 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\Windows\System32\rasauto.dll 22:20:53.0478 0x0b80 RasAuto - ok 22:20:53.0538 0x0b80 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\Windows\System32\rasmans.dll 22:20:53.0588 0x0b80 RasMan - ok 22:20:53.0618 0x0b80 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:20:53.0653 0x0b80 RasPppoe - ok 22:20:53.0688 0x0b80 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:20:53.0733 0x0b80 rdbss - ok 22:20:53.0748 0x0b80 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys 22:20:53.0773 0x0b80 rdpbus - ok 22:20:53.0803 0x0b80 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 22:20:53.0838 0x0b80 RDPDR - ok 22:20:53.0878 0x0b80 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 22:20:53.0903 0x0b80 RdpVideoMiniport - ok 22:20:53.0923 0x0b80 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:20:53.0958 0x0b80 rdyboost - ok 22:20:54.0018 0x0b80 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\Windows\system32\drivers\ReFS.sys 22:20:54.0088 0x0b80 ReFS - ok 22:20:54.0138 0x0b80 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:20:54.0178 0x0b80 RemoteAccess - ok 22:20:54.0223 0x0b80 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:20:54.0258 0x0b80 RemoteRegistry - ok 22:20:54.0293 0x0b80 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys 22:20:54.0328 0x0b80 RFCOMM - ok 22:20:54.0353 0x0b80 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:20:54.0388 0x0b80 RpcEptMapper - ok 22:20:54.0418 0x0b80 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\Windows\system32\locator.exe 22:20:54.0449 0x0b80 RpcLocator - ok 22:20:54.0519 0x0b80 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\Windows\system32\rpcss.dll 22:20:54.0584 0x0b80 RpcSs - ok 22:20:54.0624 0x0b80 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:20:54.0659 0x0b80 rspndr - ok 22:20:54.0734 0x0b80 [ CE9B0D2B0790C23952A3554AD375699C, 5ED67683F06B448D104345CD479CA3F1FEFEE92B5A302E9284A04B747993BC03 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys 22:20:54.0784 0x0b80 RTL8168 - ok 22:20:54.0809 0x0b80 [ 8461757DDDCA99CCB6B97AE3EC3405EC, 15D96ADCE5171BC02845FE3A0209BDD8610B7EC43242FDF61071C7C74B28D808 ] RTSPER C:\Windows\system32\DRIVERS\RtsPer.sys 22:20:54.0849 0x0b80 RTSPER - ok 22:20:54.0884 0x0b80 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys 22:20:54.0949 0x0b80 s3cap - ok 22:20:54.0989 0x0b80 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\Windows\system32\lsass.exe 22:20:55.0014 0x0b80 SamSs - ok 22:20:55.0039 0x0b80 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:20:55.0069 0x0b80 sbp2port - ok 22:20:55.0099 0x0b80 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:20:55.0144 0x0b80 SCardSvr - ok 22:20:55.0179 0x0b80 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll 22:20:55.0229 0x0b80 ScDeviceEnum - ok 22:20:55.0269 0x0b80 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:20:55.0344 0x0b80 scfilter - ok 22:20:55.0429 0x0b80 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\Windows\system32\schedsvc.dll 22:20:55.0514 0x0b80 Schedule - ok 22:20:55.0549 0x0b80 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\Windows\System32\certprop.dll 22:20:55.0584 0x0b80 SCPolicySvc - ok 22:20:55.0629 0x0b80 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\Windows\System32\drivers\sdbus.sys 22:20:55.0664 0x0b80 sdbus - ok 22:20:55.0699 0x0b80 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys 22:20:55.0724 0x0b80 sdstor - ok 22:20:55.0744 0x0b80 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:20:55.0779 0x0b80 secdrv - ok 22:20:55.0814 0x0b80 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\Windows\system32\seclogon.dll 22:20:55.0869 0x0b80 seclogon - ok 22:20:55.0909 0x0b80 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\Windows\System32\sens.dll 22:20:55.0954 0x0b80 SENS - ok 22:20:55.0994 0x0b80 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:20:56.0049 0x0b80 SensrSvc - ok 22:20:56.0079 0x0b80 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys 22:20:56.0109 0x0b80 SerCx - ok 22:20:56.0134 0x0b80 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys 22:20:56.0169 0x0b80 SerCx2 - ok 22:20:56.0194 0x0b80 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\Windows\System32\drivers\serenum.sys 22:20:56.0259 0x0b80 Serenum - ok 22:20:56.0279 0x0b80 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\Windows\System32\drivers\serial.sys 22:20:56.0349 0x0b80 Serial - ok 22:20:56.0374 0x0b80 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\Windows\System32\drivers\sermouse.sys 22:20:56.0444 0x0b80 sermouse - ok 22:20:56.0504 0x0b80 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\Windows\system32\sessenv.dll 22:20:56.0584 0x0b80 SessionEnv - ok 22:20:56.0619 0x0b80 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys 22:20:56.0684 0x0b80 sfloppy - ok 22:20:56.0744 0x0b80 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:20:56.0814 0x0b80 SharedAccess - ok 22:20:56.0879 0x0b80 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:20:56.0934 0x0b80 ShellHWDetection - ok 22:20:56.0969 0x0b80 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 22:20:56.0994 0x0b80 SiSRaid2 - ok 22:20:57.0014 0x0b80 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 22:20:57.0044 0x0b80 SiSRaid4 - ok 22:20:57.0074 0x0b80 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\Windows\System32\smphost.dll 22:20:57.0134 0x0b80 smphost - ok 22:20:57.0174 0x0b80 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:20:57.0224 0x0b80 SNMPTRAP - ok 22:20:57.0269 0x0b80 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\Windows\system32\drivers\spaceport.sys 22:20:57.0319 0x0b80 spaceport - ok 22:20:57.0354 0x0b80 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys 22:20:57.0379 0x0b80 SpbCx - ok 22:20:57.0449 0x0b80 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\Windows\System32\spoolsv.exe 22:20:57.0534 0x0b80 Spooler - ok 22:20:57.0824 0x0b80 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\Windows\system32\sppsvc.exe 22:20:58.0184 0x0b80 sppsvc - ok 22:20:58.0289 0x0b80 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\Windows\system32\DRIVERS\srv.sys 22:20:58.0349 0x0b80 srv - ok 22:20:58.0414 0x0b80 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:20:58.0489 0x0b80 srv2 - ok 22:20:58.0530 0x0b80 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:20:58.0565 0x0b80 srvnet - ok 22:20:58.0605 0x0b80 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:20:58.0645 0x0b80 SSDPSRV - ok 22:20:58.0690 0x0b80 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:20:58.0755 0x0b80 SstpSvc - ok 22:20:58.0875 0x0b80 [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 22:20:58.0925 0x0b80 Steam Client Service - ok 22:20:58.0965 0x0b80 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys 22:20:58.0990 0x0b80 stexstor - ok 22:20:59.0050 0x0b80 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\Windows\System32\wiaservc.dll 22:20:59.0145 0x0b80 stisvc - ok 22:20:59.0165 0x0b80 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys 22:20:59.0195 0x0b80 storahci - ok 22:20:59.0230 0x0b80 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 22:20:59.0255 0x0b80 storflt - ok 22:20:59.0270 0x0b80 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\Windows\system32\drivers\stornvme.sys 22:20:59.0295 0x0b80 stornvme - ok 22:20:59.0335 0x0b80 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\Windows\system32\storsvc.dll 22:20:59.0385 0x0b80 StorSvc - ok 22:20:59.0405 0x0b80 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys 22:20:59.0430 0x0b80 storvsc - ok 22:20:59.0455 0x0b80 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\Windows\system32\svsvc.dll 22:20:59.0505 0x0b80 svsvc - ok 22:20:59.0540 0x0b80 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\Windows\System32\drivers\swenum.sys 22:20:59.0565 0x0b80 swenum - ok 22:20:59.0630 0x0b80 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\Windows\System32\swprv.dll 22:20:59.0725 0x0b80 swprv - ok 22:20:59.0800 0x0b80 [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain C:\Windows\system32\sysmain.dll 22:20:59.0890 0x0b80 SysMain - ok 22:20:59.0940 0x0b80 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll 22:20:59.0980 0x0b80 SystemEventsBroker - ok 22:21:00.0020 0x0b80 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:21:00.0085 0x0b80 TabletInputService - ok 22:21:00.0135 0x0b80 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\Windows\System32\tapisrv.dll 22:21:00.0215 0x0b80 TapiSrv - ok 22:21:00.0340 0x0b80 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:21:00.0495 0x0b80 Tcpip - ok 22:21:00.0605 0x0b80 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:21:00.0755 0x0b80 TCPIP6 - ok 22:21:00.0825 0x0b80 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:21:00.0865 0x0b80 tcpipreg - ok 22:21:00.0910 0x0b80 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:21:00.0985 0x0b80 tdx - ok 22:21:01.0550 0x0b80 [ 2AA61246A5B813C1B12BCCFAA6F23DD8, 74EE3DB839A0F4BC781294803281DB2248D013B8808FF05F2EE9597C14C6FEED ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe 22:21:01.0795 0x0b80 TeamViewer - ok 22:21:01.0865 0x0b80 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys 22:21:01.0890 0x0b80 terminpt - ok 22:21:01.0960 0x0b80 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\Windows\System32\termsrv.dll 22:21:02.0080 0x0b80 TermService - ok 22:21:02.0115 0x0b80 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\Windows\system32\themeservice.dll 22:21:02.0150 0x0b80 Themes - ok 22:21:02.0190 0x0b80 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\Windows\system32\mmcss.dll 22:21:02.0220 0x0b80 THREADORDER - ok 22:21:02.0265 0x0b80 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll 22:21:02.0305 0x0b80 TimeBroker - ok 22:21:02.0350 0x0b80 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\Windows\system32\drivers\tpm.sys 22:21:02.0380 0x0b80 TPM - ok 22:21:02.0420 0x0b80 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\Windows\System32\trkwks.dll 22:21:02.0455 0x0b80 TrkWks - ok 22:21:02.0515 0x0b80 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:21:02.0560 0x0b80 TrustedInstaller - ok 22:21:02.0595 0x0b80 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:21:02.0661 0x0b80 TsUsbFlt - ok 22:21:02.0691 0x0b80 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys 22:21:02.0761 0x0b80 TsUsbGD - ok 22:21:02.0796 0x0b80 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:21:02.0876 0x0b80 tunnel - ok 22:21:02.0916 0x0b80 [ E624283C1A2F9BB4688A002914CC00A7, B6908C1FFDD6BCFFC5C2FC0C429FC3E237E340F891F80CFD737BE41E5EF7E328 ] TXEIx64 C:\Windows\System32\drivers\TXEIx64.sys 22:21:02.0936 0x0b80 TXEIx64 - ok 22:21:02.0961 0x0b80 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 22:21:02.0986 0x0b80 uagp35 - ok 22:21:03.0011 0x0b80 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys 22:21:03.0041 0x0b80 UASPStor - ok 22:21:03.0076 0x0b80 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys 22:21:03.0111 0x0b80 UCX01000 - ok 22:21:03.0151 0x0b80 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:21:03.0231 0x0b80 udfs - ok 22:21:03.0256 0x0b80 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys 22:21:03.0281 0x0b80 UEFI - ok 22:21:03.0316 0x0b80 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:21:03.0391 0x0b80 UI0Detect - ok 22:21:03.0426 0x0b80 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:21:03.0451 0x0b80 uliagpkx - ok 22:21:03.0471 0x0b80 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys 22:21:03.0531 0x0b80 umbus - ok 22:21:03.0551 0x0b80 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys 22:21:03.0611 0x0b80 UmPass - ok 22:21:03.0656 0x0b80 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\Windows\System32\umrdp.dll 22:21:03.0731 0x0b80 UmRdpService - ok 22:21:03.0786 0x0b80 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\Windows\System32\upnphost.dll 22:21:03.0846 0x0b80 upnphost - ok 22:21:03.0886 0x0b80 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\Windows\System32\drivers\usbccgp.sys 22:21:03.0916 0x0b80 usbccgp - ok 22:21:03.0956 0x0b80 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\Windows\System32\drivers\usbcir.sys 22:21:04.0016 0x0b80 usbcir - ok 22:21:04.0051 0x0b80 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\Windows\System32\drivers\usbehci.sys 22:21:04.0076 0x0b80 usbehci - ok 22:21:04.0131 0x0b80 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\Windows\System32\drivers\usbhub.sys 22:21:04.0176 0x0b80 usbhub - ok 22:21:04.0236 0x0b80 [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys 22:21:04.0286 0x0b80 USBHUB3 - ok 22:21:04.0371 0x0b80 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\Windows\System32\drivers\usbohci.sys 22:21:04.0436 0x0b80 usbohci - ok 22:21:04.0456 0x0b80 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys 22:21:04.0511 0x0b80 usbprint - ok 22:21:04.0566 0x0b80 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS 22:21:04.0596 0x0b80 USBSTOR - ok 22:21:04.0626 0x0b80 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys 22:21:04.0686 0x0b80 usbuhci - ok 22:21:04.0721 0x0b80 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 22:21:04.0801 0x0b80 usbvideo - ok 22:21:04.0846 0x0b80 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS 22:21:04.0886 0x0b80 USBXHCI - ok 22:21:04.0906 0x0b80 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\Windows\system32\lsass.exe 22:21:04.0931 0x0b80 VaultSvc - ok 22:21:04.0966 0x0b80 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:21:04.0996 0x0b80 vdrvroot - ok 22:21:05.0076 0x0b80 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\Windows\System32\vds.exe 22:21:05.0226 0x0b80 vds - ok 22:21:05.0241 0x0b80 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys 22:21:05.0276 0x0b80 VerifierExt - ok 22:21:05.0326 0x0b80 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys 22:21:05.0381 0x0b80 vhdmp - ok 22:21:05.0426 0x0b80 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys 22:21:05.0451 0x0b80 viaide - ok 22:21:05.0491 0x0b80 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\Windows\system32\drivers\vmbus.sys 22:21:05.0521 0x0b80 vmbus - ok 22:21:05.0536 0x0b80 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys 22:21:05.0591 0x0b80 VMBusHID - ok 22:21:05.0641 0x0b80 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll 22:21:05.0736 0x0b80 vmicguestinterface - ok 22:21:05.0761 0x0b80 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\Windows\System32\ICSvc.dll 22:21:05.0811 0x0b80 vmicheartbeat - ok 22:21:05.0841 0x0b80 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll 22:21:05.0891 0x0b80 vmickvpexchange - ok 22:21:05.0921 0x0b80 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\Windows\System32\ICSvc.dll 22:21:05.0971 0x0b80 vmicrdv - ok 22:21:05.0996 0x0b80 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\Windows\System32\ICSvc.dll 22:21:06.0046 0x0b80 vmicshutdown - ok 22:21:06.0076 0x0b80 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\Windows\System32\ICSvc.dll 22:21:06.0126 0x0b80 vmictimesync - ok 22:21:06.0151 0x0b80 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\Windows\System32\ICSvc.dll 22:21:06.0201 0x0b80 vmicvss - ok 22:21:06.0246 0x0b80 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:21:06.0276 0x0b80 volmgr - ok 22:21:06.0296 0x0b80 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:21:06.0341 0x0b80 volmgrx - ok 22:21:06.0386 0x0b80 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:21:06.0426 0x0b80 volsnap - ok 22:21:06.0466 0x0b80 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\Windows\System32\drivers\vpci.sys 22:21:06.0496 0x0b80 vpci - ok 22:21:06.0516 0x0b80 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 22:21:06.0546 0x0b80 vsmraid - ok 22:21:06.0636 0x0b80 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\Windows\system32\vssvc.exe 22:21:06.0782 0x0b80 VSS - ok 22:21:06.0807 0x0b80 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys 22:21:06.0847 0x0b80 VSTXRAID - ok 22:21:06.0872 0x0b80 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 22:21:06.0927 0x0b80 vwifibus - ok 22:21:06.0957 0x0b80 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 22:21:07.0012 0x0b80 vwififlt - ok 22:21:07.0047 0x0b80 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 22:21:07.0082 0x0b80 vwifimp - ok 22:21:07.0132 0x0b80 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\Windows\system32\w32time.dll 22:21:07.0207 0x0b80 W32Time - ok 22:21:07.0242 0x0b80 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys 22:21:07.0312 0x0b80 WacomPen - ok 22:21:07.0412 0x0b80 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\Windows\system32\wbengine.exe 22:21:07.0512 0x0b80 wbengine - ok 22:21:07.0562 0x0b80 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:21:07.0622 0x0b80 WbioSrvc - ok 22:21:07.0737 0x0b80 [ EF5A84613B66176A61747D4718E81F7B, 184057B0D9D244E5FE277FC84A564FAB1B1E9073286F8812039710FF3D9D43E9 ] wbsvc C:\Program Files\WebBar\wbsvc.exe 22:21:07.0752 0x0b80 wbsvc - ok 22:21:07.0782 0x0b80 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\Windows\System32\wcmsvc.dll 22:21:07.0832 0x0b80 Wcmsvc - ok 22:21:07.0877 0x0b80 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:21:07.0947 0x0b80 wcncsvc - ok 22:21:07.0982 0x0b80 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:21:08.0042 0x0b80 WcsPlugInService - ok 22:21:08.0072 0x0b80 [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys 22:21:08.0102 0x0b80 WdBoot - ok 22:21:08.0162 0x0b80 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:21:08.0217 0x0b80 Wdf01000 - ok 22:21:08.0247 0x0b80 [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys 22:21:08.0287 0x0b80 WdFilter - ok 22:21:08.0322 0x0b80 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:21:08.0372 0x0b80 WdiServiceHost - ok 22:21:08.0382 0x0b80 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:21:08.0422 0x0b80 WdiSystemHost - ok 22:21:08.0467 0x0b80 [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys 22:21:08.0497 0x0b80 WdNisDrv - ok 22:21:08.0537 0x0b80 WdNisSvc - ok 22:21:08.0572 0x0b80 [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient C:\Windows\System32\webclnt.dll 22:21:08.0637 0x0b80 WebClient - ok 22:21:08.0662 0x0b80 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:21:08.0727 0x0b80 Wecsvc - ok 22:21:08.0747 0x0b80 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll 22:21:08.0797 0x0b80 WEPHOSTSVC - ok 22:21:08.0827 0x0b80 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:21:08.0867 0x0b80 wercplsupport - ok 22:21:08.0897 0x0b80 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\Windows\System32\WerSvc.dll 22:21:08.0957 0x0b80 WerSvc - ok 22:21:08.0987 0x0b80 [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys 22:21:09.0017 0x0b80 WFPLWFS - ok 22:21:09.0057 0x0b80 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\Windows\System32\wiarpc.dll 22:21:09.0122 0x0b80 WiaRpc - ok 22:21:09.0157 0x0b80 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:21:09.0177 0x0b80 WIMMount - ok 22:21:09.0187 0x0b80 WinDefend - ok 22:21:09.0262 0x0b80 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll 22:21:09.0342 0x0b80 WinHttpAutoProxySvc - ok 22:21:09.0412 0x0b80 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:21:09.0472 0x0b80 Winmgmt - ok 22:21:09.0627 0x0b80 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\Windows\system32\WsmSvc.dll 22:21:09.0812 0x0b80 WinRM - ok 22:21:09.0867 0x0b80 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\Windows\System32\drivers\WinUSB.sys 22:21:09.0937 0x0b80 WinUsb - ok 22:21:10.0032 0x0b80 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\Windows\System32\wlansvc.dll 22:21:10.0137 0x0b80 WlanSvc - ok 22:21:10.0232 0x0b80 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\Windows\system32\wlidsvc.dll 22:21:10.0362 0x0b80 wlidsvc - ok 22:21:10.0402 0x0b80 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys 22:21:10.0442 0x0b80 WmiAcpi - ok 22:21:10.0487 0x0b80 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:21:10.0557 0x0b80 wmiApSrv - ok 22:21:10.0597 0x0b80 WMPNetworkSvc - ok 22:21:10.0627 0x0b80 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys 22:21:10.0657 0x0b80 Wof - ok 22:21:10.0768 0x0b80 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll 22:21:10.0913 0x0b80 workfolderssvc - ok 22:21:10.0943 0x0b80 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys 22:21:10.0968 0x0b80 wpcfltr - ok 22:21:10.0998 0x0b80 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:21:11.0043 0x0b80 WPCSvc - ok 22:21:11.0083 0x0b80 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:21:11.0128 0x0b80 WPDBusEnum - ok 22:21:11.0148 0x0b80 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys 22:21:11.0173 0x0b80 WpdUpFltr - ok 22:21:11.0193 0x0b80 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:21:11.0263 0x0b80 ws2ifsl - ok 22:21:11.0303 0x0b80 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\Windows\System32\wscsvc.dll 22:21:11.0343 0x0b80 wscsvc - ok 22:21:11.0353 0x0b80 WSearch - ok 22:21:11.0713 0x0b80 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\Windows\System32\WSService.dll 22:21:11.0993 0x0b80 WSService - ok 22:21:12.0518 0x0b80 [ FA2F8EA0DFACE3B3E935B106EDEF4150, 7BFFFAE521BF579CD33463DEB7E19CE83C69A5AB40BB71AF96C3FE141C7B16FD ] wuauserv C:\Windows\system32\wuaueng.dll 22:21:12.0748 0x0b80 wuauserv - ok 22:21:12.0788 0x0b80 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:21:12.0838 0x0b80 WudfPf - ok 22:21:12.0888 0x0b80 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys 22:21:12.0973 0x0b80 WUDFRd - ok 22:21:12.0988 0x0b80 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\Windows\System32\drivers\WUDFRd.sys 22:21:13.0023 0x0b80 WUDFSensorLP - ok 22:21:13.0058 0x0b80 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:21:13.0098 0x0b80 wudfsvc - ok 22:21:13.0113 0x0b80 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\Windows\System32\drivers\WUDFRd.sys 22:21:13.0148 0x0b80 WUDFWpdFs - ok 22:21:13.0203 0x0b80 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\Windows\System32\wwansvc.dll 22:21:13.0263 0x0b80 WwanSvc - ok 22:21:13.0328 0x0b80 [ 86B8B1F5C1189D68B07666784BE882FE, 0DD8C627F3DDBDB61B1910540C465C0D62C9F8D84C7CBB6C80782DB02D535AF0 ] ZAtheros Bt and Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe 22:21:13.0358 0x0b80 ZAtheros Bt and Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 ) 22:21:15.0754 0x0b80 Detect skipped due to KSN trusted 22:21:15.0754 0x0b80 ZAtheros Bt and Wlan Coex Agent - ok 22:21:15.0784 0x0b80 ================ Scan global =============================== 22:21:15.0819 0x0b80 [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\Windows\system32\basesrv.dll 22:21:15.0859 0x0b80 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll 22:21:15.0909 0x0b80 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll 22:21:15.0964 0x0b80 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe 22:21:15.0984 0x0b80 [ Global ] - ok 22:21:15.0984 0x0b80 ================ Scan MBR ================================== 22:21:16.0004 0x0b80 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0 22:21:16.0344 0x0b80 \Device\Harddisk0\DR0 - ok 22:21:16.0344 0x0b80 ================ Scan VBR ================================== 22:21:16.0379 0x0b80 [ 70B2B18981DDB4ED0251E4A2803D126E ] \Device\Harddisk0\DR0\Partition1 22:21:16.0464 0x0b80 \Device\Harddisk0\DR0\Partition1 - ok 22:21:16.0484 0x0b80 [ 442D8BFD0153E0193F711324324C0A58 ] \Device\Harddisk0\DR0\Partition2 22:21:16.0644 0x0b80 \Device\Harddisk0\DR0\Partition2 - ok 22:21:16.0659 0x0b80 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3 22:21:16.0669 0x0b80 \Device\Harddisk0\DR0\Partition3 - ok 22:21:16.0704 0x0b80 [ 70BA76584F604BFFC5658F96AC07ED52 ] \Device\Harddisk0\DR0\Partition4 22:21:16.0854 0x0b80 \Device\Harddisk0\DR0\Partition4 - ok 22:21:16.0894 0x0b80 [ 97577F5BD92D1BD6C36B993050850BB2 ] \Device\Harddisk0\DR0\Partition5 22:21:16.0944 0x0b80 \Device\Harddisk0\DR0\Partition5 - ok 22:21:16.0979 0x0b80 [ 42274D8208022700372D5A91E33191A4 ] \Device\Harddisk0\DR0\Partition6 22:21:17.0084 0x0b80 \Device\Harddisk0\DR0\Partition6 - ok 22:21:17.0084 0x0b80 ================ Scan generic autorun ====================== 22:21:17.0259 0x0b80 [ 232390232619AD98E0D070704303E50D, 1D3582E582B2BC19DF30ED7A038684099727DA82350B1EC61A87F2F94195E5B0 ] C:\Program Files (x86)\ASUS\APRP\APRP.EXE 22:21:17.0339 0x0b80 ASUSPRP - detected UnsignedFile.Multi.Generic ( 1 ) 22:21:19.0730 0x0b80 Detect skipped due to KSN trusted 22:21:19.0730 0x0b80 ASUSPRP - ok 22:21:19.0875 0x0b80 [ 18C6EB33C4392AFFAC81D5FF9F7EBF86, 456ACF6ABD8C86C564683BEC9CB29160E59F1F8A19E48AAC429E3F8540E0CB24 ] C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe 22:21:19.0890 0x0b80 WebStorage - ok 22:21:20.0005 0x0b80 [ C43D9B70B4D14E7059EFF8F69814DEF0, 91A636E66732378856EEDE055949ACC550DFEB2C3FEF84C42DC01BA1E531C012 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 22:21:20.0035 0x0b80 SunJavaUpdateSched - ok 22:21:20.0325 0x0b80 [ B2D3666199175389D771DD94F5C98594, 4238DC200F718DC425F2CF4C2716289845EF207ADFDB1CAC154271FFF8528D9B ] C:\Program Files (x86)\AVG\Framework\Common\avguix.exe 22:21:20.0385 0x0b80 AvgUi - ok 22:21:20.0900 0x0b80 [ BB1597F99D85047CC586F58C5C72A552, 788392F22ABA3131EE1250AF3237205D6D5E2E0E3E1A6C492E82F936B6FCE272 ] C:\Program Files (x86)\AVG\Av\avgui.exe 22:21:21.0070 0x0b80 AVG_UI - ok 22:21:21.0220 0x0b80 [ 05DD0C6B983F7C2E9B4BF1B91AFC3545, C130179DAA1F06915556E802DBB6576694C36A459EADE70D52A85ED00D3CF2D4 ] C:\Program Files (x86)\Steam\Steam.exe 22:21:21.0320 0x0b80 Steam - ok 22:21:21.0325 0x0b80 Waiting for KSN requests completion. In queue: 5 22:21:22.0330 0x0b80 Waiting for KSN requests completion. In queue: 5 22:21:23.0336 0x0b80 Waiting for KSN requests completion. In queue: 5 22:21:24.0361 0x0b80 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated ) 22:21:24.0361 0x0b80 AV detected via SS2: AVG AntiVirus Free Edition, C:\Program Files (x86)\AVG\Av\avgwsc.exe ( 16.7.0.7227 ), 0x41000 ( enabled : updated ) 22:21:24.0371 0x0b80 Win FW state via NFP2: enabled ( trusted ) 22:21:26.0741 0x0b80 ============================================================ 22:21:26.0741 0x0b80 Scan finished 22:21:26.0741 0x0b80 ============================================================ 22:21:26.0761 0x13d8 Detected object count: 1 22:21:26.0761 0x13d8 Actual detected object count: 1 22:21:53.0288 0x13d8 Asus WebStorage Windows Service ( UnsignedFile.Multi.Generic ) - skipped by user 22:21:53.0288 0x13d8 Asus WebStorage Windows Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:23:06.0941 0x046c Deinitialize success |
27.11.2015, 17:37 | #4 |
| Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung Popup Hier mal die neuen FRST Logs Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-11-2015 durchgeführt von tokoma (Administrator) auf TOKO (26-11-2015 19:43:29) Gestartet von C:\Users\tokoma\Desktop Geladene Profile: tokoma (Verfügbare Profile: tokoma) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-15] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\MountPoints2: {02627817-285f-11e4-8252-806e6f6e6963} - "E:\autorun.exe" ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) ProxyEnable: [.DEFAULT] => Proxy ist aktiviert. ProxyServer: [.DEFAULT] => http=127.0.0.1:62992;https=127.0.0.1:62992 Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{5C8B1A66-6F46-4E47-B6CF-280D94F05E04}: [DhcpNameServer] 192.13.128.24 Tcpip\..\Interfaces\{E72CCE24-6189-43F5-9E5E-5EC6FB4BB621}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKLM -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-655055617-1888823773-2012408708-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-14] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-14] (Oracle Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-14] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-03] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () Chrome: ======= CHR dev: Chrome dev build erkannt! <======= ACHTUNG CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1442258229&z=5d3e89d9d390ba01647ea52g6zdzfo3o0w3b3e7z1e&from=cmi&uid=ST1000LM024XHN-M101MBB_S32XJ9EF641803 CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1442258229&z=5d3e89d9d390ba01647ea52g6zdzfo3o0w3b3e7z1e&from=cmi&uid=ST1000LM024XHN-M101MBB_S32XJ9EF641803" CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M93C99B2A-59AF-4A63-99D7-DBDCE7398FC8&SearchSource=58&CUI=&UM=8&UP=SPC44D3508-E3BA-45F6-ADE2-52DC81727624&D=080415&q={searchTerms}&SSPV=SP3010TB_sp_ch CHR DefaultSearchKeyword: Default -> trovi.search CHR DefaultNewTabURL: Default -> hxxps://www.trovi.com/?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M93C99B2A-59AF-4A63-99D7-DBDCE7398FC8&SearchSource=69&CUI=&SSPV=SP3010TB_sp_ch&lay=5&p=cnts&UM=8&UP=SPC44D3508-E3BA-45F6-ADE2-52DC81727624&SAT=CNTS&D=080415 CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}&SSPV=SP3010TB_sp_ch CHR Profile: C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-28] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ACHTUNG CHR Extension: (Google Drive) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25] CHR Extension: (YouTube) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25] CHR Extension: (Google-Suche) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-28] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ACHTUNG CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ACHTUNG CHR Extension: (Google Mail) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [Datei ist nicht signiert] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-25] (Atheros) [Datei ist nicht signiert] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-28] (Intel Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S1 bsdriver; \??\C:\Windows\system32\drivers\bsdriver.sys [X] S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-28 14:20 - 2016-07-28 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-07-28 14:20 - 2015-11-24 22:48 - 00002423 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-07-28 14:18 - 2015-11-25 01:25 - 00000000 ____D C:\Program Files (x86)\BrowserPro App 2016-07-28 14:15 - 2016-07-28 14:20 - 00000000 ____D C:\Program Files (x86)\Google 2016-07-28 14:15 - 2015-11-24 23:53 - 00000000 ____D C:\Users\tokoma\AppData\Local\Google 2016-07-24 15:31 - 2015-11-25 00:34 - 00000000 ____D C:\Program Files\Common Files\AV 2016-07-02 14:47 - 2016-07-02 14:47 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\OneSafe PC Cleaner 2016-07-02 14:47 - 2015-11-25 18:33 - 00000000 ____D C:\Users\tokoma\Documents\OneSafe PC Cleaner 2016-07-02 14:47 - 2015-11-25 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSafe PC Cleaner 2016-06-19 14:45 - 2016-07-28 13:29 - 00000000 ____D C:\Windows\Minidump 2016-06-19 14:45 - 2016-07-27 15:16 - 640785184 _____ C:\Windows\MEMORY.DMP 2016-06-18 17:52 - 2015-08-01 06:52 - 00000226 _____ C:\Users\tokoma\AppData\Roaming\WB.CFG 2016-06-18 15:53 - 2016-06-18 15:54 - 00000000 ____D C:\Users\tokoma\AppData\Local\Chromium 2015-11-26 19:43 - 2015-11-26 19:43 - 00016846 _____ C:\Users\tokoma\Desktop\FRST.txt 2015-11-26 19:43 - 2015-11-26 19:43 - 00000000 ____D C:\Users\tokoma\Desktop\FRST-OlderVersion 2015-11-25 21:20 - 2015-11-25 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-25 21:20 - 2015-11-25 21:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-25 21:17 - 2015-11-25 22:23 - 00000000 ____D C:\Users\tokoma\Desktop\mbar 2015-11-25 21:17 - 2015-11-25 22:19 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-25 21:12 - 2015-11-25 21:12 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\tokoma\Desktop\tdsskiller.exe 2015-11-25 21:07 - 2015-11-25 21:09 - 16563352 _____ (Malwarebytes Corp.) C:\Users\tokoma\Desktop\mbar-1.09.3.1001.exe 2015-11-25 20:49 - 2015-11-25 20:49 - 00001282 _____ C:\Users\tokoma\Desktop\Revo Uninstaller.lnk 2015-11-25 20:49 - 2015-11-25 20:49 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2015-11-25 20:49 - 2015-11-25 20:49 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-11-25 20:48 - 2015-11-25 20:48 - 00003490 _____ C:\Windows\System32\Tasks\ProfessionalPCCleaner_Popup 2015-11-25 20:48 - 2015-11-25 20:48 - 00003226 _____ C:\Windows\System32\Tasks\ProfessionalPCCleaner_Start 2015-11-25 20:48 - 2015-11-25 20:48 - 00000000 ____D C:\Users\tokoma\Documents\ProfessionalPCCleaner 2015-11-25 20:48 - 2015-11-25 20:48 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\updates 2015-11-25 20:48 - 2015-11-25 20:48 - 00000000 ____D C:\Users\tokoma\AppData\Local\Professional_PC_Cleaner 2015-11-25 20:47 - 2015-11-25 20:47 - 00000000 ____D C:\Program Files (x86)\Pro PC Cleaner 2015-11-25 19:09 - 2015-11-26 19:43 - 00000000 ____D C:\FRST 2015-11-25 19:08 - 2015-11-25 19:08 - 00380416 _____ C:\Users\tokoma\Desktop\Gmer-19357.exe 2015-11-25 19:06 - 2015-11-26 19:43 - 02348544 _____ (Farbar) C:\Users\tokoma\Desktop\FRST64.exe 2015-11-25 19:05 - 2015-11-25 19:05 - 00000000 _____ C:\Users\tokoma\defogger_reenable 2015-11-25 19:03 - 2015-11-25 19:03 - 00050477 _____ C:\Users\tokoma\Desktop\Defogger.exe 2015-11-25 18:44 - 2015-11-25 18:44 - 00000000 ____D C:\Users\tokoma\AppData\Local\TeamViewer 2015-11-25 18:43 - 2015-11-25 19:15 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-11-25 18:43 - 2015-11-25 18:43 - 00001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-11-25 18:43 - 2015-11-25 18:43 - 00001045 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-11-25 18:42 - 2015-11-25 18:43 - 08202040 _____ (TeamViewer GmbH) C:\Users\tokoma\Downloads\TeamViewer_Setup_de.exe 2015-11-25 00:35 - 2015-11-25 00:35 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\AVG 2015-11-25 00:34 - 2015-11-25 00:34 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\TuneUp Software 2015-11-25 00:34 - 2015-11-25 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-11-25 00:31 - 2015-11-25 00:31 - 00000000 ___HD C:\$AVG 2015-11-25 00:24 - 2015-11-26 19:43 - 00000000 ____D C:\ProgramData\MFAData 2015-11-25 00:24 - 2015-11-25 00:24 - 00000954 _____ C:\Users\Public\Desktop\AVG.lnk 2015-11-25 00:24 - 2015-11-25 00:24 - 00000000 ____D C:\Users\tokoma\AppData\Local\MFAData 2015-11-25 00:24 - 2015-11-25 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-11-25 00:21 - 2015-11-25 00:31 - 00000000 ____D C:\ProgramData\Avg 2015-11-25 00:21 - 2015-11-25 00:28 - 00000000 ____D C:\Program Files (x86)\AVG 2015-11-25 00:20 - 2015-11-25 00:35 - 00000000 ____D C:\Users\tokoma\AppData\Local\Avg 2015-11-25 00:20 - 2015-11-25 00:23 - 00000000 ____D C:\Users\tokoma\AppData\Local\AvgSetupLog 2015-11-25 00:19 - 2015-11-25 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-25 00:12 - 2015-11-25 01:24 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV25.10 2015-11-25 00:11 - 2015-11-25 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBrowser 2015-11-25 00:10 - 2015-11-25 00:10 - 00000000 ____D C:\Program Files (x86)\MyBrowser 2015-11-25 00:04 - 2015-11-25 00:04 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\ProductData 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\LocalLow\IObit 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\Local\DesktopSearch 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\ProgramData\ProductData 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\ProgramData\IObit 2015-11-25 00:02 - 2015-11-25 22:11 - 00000000 ____D C:\Program Files (x86)\IObit 2015-11-25 00:02 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\IObit 2015-11-24 23:48 - 2015-11-26 19:39 - 00000081 _____ C:\Users\tokoma\AppData\Roaming\sp_data.sys 2015-11-24 23:35 - 2015-11-24 23:35 - 00009493 _____ C:\Users\tokoma\Desktop\JRT.txt 2015-11-24 23:31 - 2015-11-24 23:31 - 00000000 _____ C:\Recovery.txt 2015-11-24 22:54 - 2015-11-24 23:41 - 00000000 ____D C:\AdwCleaner 2015-11-24 22:37 - 2015-11-24 22:37 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\kingsoft 2015-10-30 19:06 - 2015-11-26 00:20 - 00001125 _____ C:\Users\tokoma\Desktop\nativelog.txt 2015-10-30 18:52 - 2015-10-30 18:52 - 00001142 _____ C:\Users\tokoma\Desktop\Willkommen zur ASUS Produktregistrierung.lnk 2015-10-30 17:00 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-10-30 17:00 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-10-30 16:58 - 2015-09-10 19:02 - 25851392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-10-30 16:58 - 2015-09-10 18:19 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-10-30 16:58 - 2015-09-10 18:18 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-10-30 16:58 - 2015-09-10 18:14 - 05990400 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-10-30 16:58 - 2015-09-10 18:09 - 20358144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-10-30 16:58 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-10-30 16:58 - 2015-09-10 18:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-10-30 16:58 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-10-30 16:58 - 2015-09-10 17:39 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-10-30 16:58 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-10-30 16:58 - 2015-09-10 17:33 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-10-30 16:58 - 2015-09-10 17:28 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-10-30 16:58 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-10-30 16:58 - 2015-09-10 17:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-10-30 16:58 - 2015-09-10 17:24 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-10-30 16:58 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-10-30 16:58 - 2015-09-10 17:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-10-30 16:58 - 2015-09-10 17:19 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-10-30 16:58 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-10-30 16:58 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-10-30 16:58 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-10-30 16:58 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-10-30 16:58 - 2015-09-10 17:02 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-10-30 16:58 - 2015-09-10 17:01 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-10-30 16:58 - 2015-09-10 17:00 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-10-30 16:58 - 2015-09-10 16:57 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-10-30 16:58 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-10-30 16:58 - 2015-09-10 16:55 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-10-30 16:58 - 2015-09-10 16:45 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-10-30 16:58 - 2015-09-10 16:34 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-10-30 16:58 - 2015-09-10 16:31 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-10-30 16:58 - 2015-09-10 16:27 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-10-30 16:58 - 2015-09-10 16:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-10-30 16:58 - 2015-07-16 21:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-10-30 16:58 - 2015-07-16 20:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-10-30 16:58 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-10-30 16:58 - 2015-07-16 20:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-10-30 16:58 - 2015-07-16 19:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-10-30 16:57 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-10-30 16:57 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-10-30 16:57 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-10-30 16:57 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-10-30 16:57 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-10-30 16:57 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-10-30 16:56 - 2015-10-30 16:58 - 00000044 _____ C:\Users\tokoma\Desktop\Fuc! U Virus.txt 2015-10-30 16:54 - 2015-10-30 16:54 - 00000000 ____D C:\ProgramData\kingsoft 2015-10-30 16:54 - 2015-09-29 13:29 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-10-30 16:54 - 2015-09-28 19:45 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-10-30 16:54 - 2015-09-28 19:26 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-10-30 16:54 - 2015-09-28 19:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-10-30 16:54 - 2015-09-28 19:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-10-30 16:54 - 2015-09-28 19:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-10-30 16:54 - 2015-09-28 19:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-10-30 16:54 - 2015-09-28 19:22 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-10-30 16:54 - 2015-09-28 19:22 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-10-30 16:54 - 2015-09-28 19:15 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-10-30 16:54 - 2015-09-28 19:13 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-10-30 16:54 - 2015-09-28 19:12 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-10-30 16:54 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-10-30 16:42 - 2015-07-14 04:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-10-30 16:42 - 2015-07-14 04:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-10-30 16:42 - 2015-07-10 18:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-10-30 16:42 - 2015-07-10 17:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-10-30 16:42 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-10-30 16:42 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-10-30 16:42 - 2015-07-09 17:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-28 12:47 - 2014-09-30 16:23 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{165E99F4-4F00-4F10-8F2D-DEE576ACF2BD} 2016-07-28 12:46 - 2015-05-13 16:19 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1 2016-07-28 12:46 - 2015-05-13 16:19 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2 2016-07-19 19:29 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports 2016-07-17 17:32 - 2014-10-30 14:52 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2015 2016-07-02 14:23 - 2015-01-19 15:16 - 00000000 ____D C:\Program Files (x86)\Steam 2015-11-26 00:22 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2015-11-26 00:19 - 2014-09-30 16:12 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-655055617-1888823773-2012408708-1001 2015-11-25 22:16 - 2014-05-16 00:45 - 00765582 _____ C:\Windows\system32\perfh007.dat 2015-11-25 22:16 - 2014-05-16 00:45 - 00159366 _____ C:\Windows\system32\perfc007.dat 2015-11-25 22:16 - 2014-03-18 16:26 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-25 22:16 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2015-11-25 22:11 - 2015-08-04 10:53 - 00000000 ____D C:\Program Files\shopperz22072015 2015-11-25 22:11 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-25 22:10 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-11-25 19:25 - 2015-08-05 12:25 - 00000374 _____ C:\Windows\Tasks\DocControl.job 2015-11-25 19:13 - 2015-05-01 14:13 - 00206848 ___SH C:\Users\tokoma\Desktop\Thumbs.db 2015-11-25 19:11 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-11-25 19:05 - 2014-09-30 16:06 - 00000000 ____D C:\Users\tokoma 2015-11-25 19:02 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-11-25 19:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2015-11-25 19:01 - 2014-09-30 16:06 - 00000000 ____D C:\Users\tokoma\AppData\Local\Packages 2015-11-25 18:47 - 2013-08-22 15:44 - 00338072 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-25 18:40 - 2014-12-09 20:51 - 00000000 ____D C:\Users\tokoma\AppData\Local\CrashDumps 2015-11-25 01:25 - 2015-08-05 12:32 - 00000000 ____D C:\Program Files (x86)\Ghostery 2015-11-25 00:40 - 2015-08-04 10:54 - 00000000 ____D C:\ProgramData\RcMxTslM 2015-11-25 00:38 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-11-25 00:33 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-11-25 00:15 - 2014-08-20 13:12 - 00000000 ____D C:\Program Files\Common Files\mcafee 2015-11-25 00:15 - 2014-08-20 13:12 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-11-25 00:15 - 2014-08-20 13:11 - 00000000 ____D C:\ProgramData\McAfee 2015-11-24 23:43 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System 2015-11-24 23:22 - 2015-05-29 13:11 - 00000000 ____D C:\Windows\system32\log 2015-10-30 19:08 - 2015-01-31 18:05 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\.minecraft 2015-10-30 18:01 - 2015-01-28 19:53 - 00000000 ____D C:\Windows\system32\appraiser 2015-10-30 18:01 - 2014-10-22 19:15 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-10-30 18:01 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-10-30 17:09 - 2014-10-22 19:10 - 00000000 ____D C:\Windows\system32\MRT 2015-10-30 16:55 - 2015-02-07 18:49 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\TS3Client 2015-10-30 16:53 - 2015-02-07 18:49 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2015-10-30 16:32 - 2015-02-18 13:48 - 00000000 ____D C:\Program Files (x86)\Minecraft ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-11-24 23:48 - 2015-11-26 19:39 - 0000081 _____ () C:\Users\tokoma\AppData\Roaming\sp_data.sys 2016-06-18 17:52 - 2015-08-01 06:52 - 0000226 _____ () C:\Users\tokoma\AppData\Roaming\WB.CFG 2014-08-20 12:58 - 2014-08-20 12:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-05-15 16:58 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2014-05-15 16:58 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-05-15 16:58 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS 2015-09-14 20:18 - 2015-09-14 20:18 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Einige Dateien in TEMP: ==================== C:\Users\tokoma\AppData\Local\Temp\apptemp.1.exe C:\Users\tokoma\AppData\Local\Temp\atdl.exe C:\Users\tokoma\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\tokoma\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe C:\Users\tokoma\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881517_Silence.exe C:\Users\tokoma\AppData\Local\Temp\Quarantine.exe C:\Users\tokoma\AppData\Local\Temp\SpOrder.dll C:\Users\tokoma\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-25 19:22 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:26-11-2015 durchgeführt von tokoma (2015-11-26 19:45:26) Gestartet von C:\Users\tokoma\Desktop Windows 8.1 (X64) (2014-09-30 15:06:34) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-655055617-1888823773-2012408708-500 - Administrator - Disabled) Gast (S-1-5-21-655055617-1888823773-2012408708-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-655055617-1888823773-2012408708-1003 - Limited - Enabled) tokoma (S-1-5-21-655055617-1888823773-2012408708-1001 - Administrator - Enabled) => C:\Users\tokoma ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Air Traffic Control (HKLM-x32\...\Air Traffic Control_is1) (Version: - Nemesys Team Studio) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS) ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS) AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies) AVG (Version: 16.7.7227 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4477 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies) AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.) Geländewagen-Simulator 2012 (Nur entfernen) (HKLM-x32\...\{50747054-5F94-4BBC-B189-4D3F4D22C094}_is1) (Version: 1.1.1.0 - Rondomedia Marketing & Vertriebs GmbH) GIANTS Editor 6.0.2 32-bit (HKLM-x32\...\giants_editor_6.0.2_win32_is1) (Version: 6.0.2 - GIANTS Software GmbH) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation) Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.2.0.0 - GIANTS Software) Let's go 2 Sprachtrainer (HKLM-x32\...\{33DA5B25-479B-431E-9691-650D7293B31F}) (Version: 1.00.000 - Klett) MediaPlayerVid2.4 (HKLM-x32\...\MediaPlayerVid2.4) (Version: 1.36.01.22 - NewPlayerVideo+) <==== ACHTUNG Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Phonetik (HKLM-x32\...\{626B7EA2-B7C2-4277-AE30-A8B452A92B6C}) (Version: 1.0.0 - Ernst Klett Verlag) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent) Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-655055617-1888823773-2012408708-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Wiederherstellungspunkte ========================= 25-11-2015 19:22:27 Windows Update ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {1F0CFFF0-5B0F-4D02-9C88-D3E666FD98E7} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS) Task: {331B6CFB-7982-46B4-99B9-43AFDFEDB8EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-02] (Microsoft Corporation) Task: {40DEE9C9-64DA-4D89-82E8-7B52375748BA} - \Crossbrowse -> Keine Datei <==== ACHTUNG Task: {7BEEB586-4055-4005-ACD4-3741E7307D83} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] () Task: {A75A6BF7-3D66-49C0-8EA5-BA7084B338A1} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {AB15EBB1-52E2-495B-9D6E-F6939F7D96B8} - System32\Tasks\DocControl => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: {AF26F9D7-CA93-4E30-A419-366551E45487} - System32\Tasks\ProfessionalPCCleaner_Start => C:\Program Files (x86)\Professional PC Cleaner\ProfessionalPCCleaner.exe Task: {B740C971-DDB5-4ECF-B4E3-B9F4026B1D7C} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.) Task: {BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD} - \Papuir -> Keine Datei <==== ACHTUNG Task: {CB808FC9-7655-4728-A744-E4FA33F32F7C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.) Task: {D1403659-1623-4CAE-8D62-2ACEDCB42A2A} - \cfr3011 -> Keine Datei <==== ACHTUNG Task: {DC74E85A-D091-4963-A838-170EDE4E5868} - System32\Tasks\ProfessionalPCCleaner_Popup => C:\Program Files (x86)\Professional PC Cleaner\Splash.exe Task: {ECF238FA-98A6-4D1A-A33C-EEB7D1318599} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek) Task: {F59FBF87-D889-4982-A23A-97410AB1FA03} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {FB1C8FF6-2F5A-4E80-B1B8-EA4E448A7476} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor) Task: {FFF22234-81DA-49C7-AC22-3EEA6ECAA36E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\DocControl.job => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2014-02-25 06:49 - 2014-02-25 06:49 - 00063296 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe 2015-11-25 00:03 - 2015-09-21 10:49 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll 2015-11-25 00:21 - 2015-11-25 00:21 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll 2015-02-12 13:08 - 2015-02-12 13:08 - 00012288 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tokoma\Documents\My Games\FarmingSimulator2015\screenshots\fsScreen_2016_06_07_15_32_03.png DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "3D BubbleSound" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "rec_de_70" HKLM\...\StartupApproved\Run32: => "YTDownloader" HKLM\...\StartupApproved\Run32: => "rec_de_74" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\StartupFolder: => "crossbrowse.lnk" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_98557E2CC4C9D57801F5B3619084BEF7" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "Gameo" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_EC762B715C225D87E1C23535A3EDCE73" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "SPDriver" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "YTDownloader" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{192477CF-8B53-4A83-B511-06315D696FA8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{A46D567D-5F9A-45CE-8BD6-890EC3EB6BC7}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{DF697040-F386-4FF9-B8B3-78333930FC9E}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{68136F48-6499-49A1-B039-D32581004614}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{2F937C3E-8AFD-44AD-AB66-AE5762095737}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{3CD82484-EE38-472E-9304-DAC40B574B8D}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [{53D0D9B3-2293-428B-881D-FD2BA123DB9B}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [{5E0942ED-7728-4D3C-B997-F4DC8F76EF73}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{23E7DC91-7F7C-444F-BF78-4833B471F527}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8BE086D3-3024-49A0-8651-9AEE792804DE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{69A2C892-1AFE-40E8-91D8-E0DAB77503C0}] => (Allow) C:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe FirewallRules: [{55F25D8D-8DC3-47AB-9370-5B9593DCCC26}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{4071443B-2F56-4F46-86CD-B1B1FC0429F0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{F3F8E757-1B34-4FE5-82E2-9C3701D6C78B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{4215CA2E-7145-4E56-AD68-0032B44420D8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{7B88681B-E215-46FD-BF11-263AB3B8CB12}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F0E6401B-A50B-4641-B255-86120DCB97ED}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F016DAB6-D3AF-4775-A4A9-7CB3A3E73ECC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{27EFDCE1-6AA4-4DEA-90A0-FA328EE8F9AC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{9D2D8176-4985-4084-8A95-9349EA4C6A05}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{C45A982F-8F22-4BE1-A437-95EA71638B02}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E5885FF4-72C1-4601-89DC-52B6F373EF7A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{8BFCF986-C7C4-4C7E-A779-7F32051419D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (11/25/2015 06:34:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xfa8 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Vollständiger Name des fehlerhaften Pakets: mbam.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5 Error: (11/25/2015 02:39:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.8.0, Zeitstempel: 0x53f64d6c Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.8.0, Zeitstempel: 0x53f64d6c Ausnahmecode: 0x40000015 Fehleroffset: 0x0008f746 ID des fehlerhaften Prozesses: 0x1340 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5 Error: (11/25/2015 00:11:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_Schedule, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: iSafeSrvMon64.dll, Version: 6.1.45.23411, Zeitstempel: 0x5500213f Ausnahmecode: 0xc0000409 Fehleroffset: 0x0000000000005ceb ID des fehlerhaften Prozesses: 0x358 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Schedule0 Pfad der fehlerhaften Anwendung: svchost.exe_Schedule1 Pfad des fehlerhaften Moduls: svchost.exe_Schedule2 Berichtskennung: svchost.exe_Schedule3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_Schedule4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Schedule5 Error: (11/24/2015 11:57:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (11/24/2015 11:45:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336 Ausnahmecode: 0xc000000d Fehleroffset: 0x0000000000101e60 ID des fehlerhaften Prozesses: 0x62c Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0 Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1 Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2 Berichtskennung: svchost.exe_DiagTrack3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_DiagTrack4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_DiagTrack5 Error: (11/24/2015 11:43:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_Schedule, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: iSafeSrvMon64.dll, Version: 6.1.45.23411, Zeitstempel: 0x5500213f Ausnahmecode: 0xc0000409 Fehleroffset: 0x0000000000005ceb ID des fehlerhaften Prozesses: 0x1bc8 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Schedule0 Pfad der fehlerhaften Anwendung: svchost.exe_Schedule1 Pfad des fehlerhaften Moduls: svchost.exe_Schedule2 Berichtskennung: svchost.exe_Schedule3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_Schedule4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Schedule5 Error: (11/24/2015 11:37:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (11/24/2015 11:31:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_Schedule, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: iSafeSrvMon64.dll, Version: 6.1.45.23411, Zeitstempel: 0x5500213f Ausnahmecode: 0xc0000409 Fehleroffset: 0x0000000000005ceb ID des fehlerhaften Prozesses: 0x3a8 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Schedule0 Pfad der fehlerhaften Anwendung: svchost.exe_Schedule1 Pfad des fehlerhaften Moduls: svchost.exe_Schedule2 Berichtskennung: svchost.exe_Schedule3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_Schedule4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Schedule5 Error: (11/24/2015 11:25:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (11/24/2015 10:56:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: BrowserHelper.exe, Version: 1.7.0.0, Zeitstempel: 0x55c1de0f Name des fehlerhaften Moduls: BrowserHelper.exe, Version: 1.7.0.0, Zeitstempel: 0x55c1de0f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00026115 ID des fehlerhaften Prozesses: 0x1004 Startzeit der fehlerhaften Anwendung: 0xBrowserHelper.exe0 Pfad der fehlerhaften Anwendung: BrowserHelper.exe1 Pfad des fehlerhaften Moduls: BrowserHelper.exe2 Berichtskennung: BrowserHelper.exe3 Vollständiger Name des fehlerhaften Pakets: BrowserHelper.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BrowserHelper.exe5 Systemfehler: ============= Error: (11/26/2015 00:25:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst avgsvc erreicht. Error: (11/26/2015 00:22:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240055 fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3102939) Error: (11/26/2015 00:19:27 AM) (Source: DCOM) (EventID: 10010) (User: toko) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (11/26/2015 00:18:57 AM) (Source: DCOM) (EventID: 10010) (User: toko) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (11/25/2015 10:16:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/25/2015 07:26:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240055 fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3102939) Error: (11/25/2015 06:52:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/25/2015 06:46:37 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst AVG WatchDog konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (11/25/2015 02:44:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/25/2015 02:32:56 AM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. CodeIntegrity: =================================== Date: 2015-11-26 19:43:56.942 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-26 19:43:55.926 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-26 19:43:54.895 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-26 19:43:53.879 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-26 19:43:52.879 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-26 19:43:51.895 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-26 19:43:50.895 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 22:14:22.685 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 18:52:42.069 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-25 18:52:41.131 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz Prozentuale Nutzung des RAM: 21% Installierter physikalischer RAM: 8078.54 MB Verfügbarer physikalischer RAM: 6315.28 MB Summe virtueller Speicher: 10766.54 MB Verfügbarer virtueller Speicher: 8988.08 MB ==================== Laufwerke ================================ Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:306.73 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.5 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 61ECA0B9) Partition: GPT. ==================== Ende von Addition.txt ============================ |
27.11.2015, 21:29 | #5 |
| Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung Popup Malwarebytes anti malware Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 27.11.2015 Suchlaufzeit: 20:52 Protokolldatei: Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.11.27.03 Rootkit-Datenbank: v2015.11.26.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: tokoma Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 335003 Abgelaufene Zeit: 20 Min., 39 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 15 PUP.Optional.Searching.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, , [cf307111315aa3937bb15c0d09faff01], PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR , , [b34cec96e8a3999d6dbbdfca05fe55ab], PUP.Optional.FastSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\cfr3011, , [5fa086fc5833af872ee4f38f1de617e9], PUP.Optional.CrossBrowse, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Crossbrowse, , [e619f68cd2b9b383f43c7703ee15758b], PUP.Optional.Shopperz.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Papuir, , [be415e241f6c85b12e56abc170938080], PUP.Optional.ProfessionalPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProfessionalPCCleaner_Popup, , [aa55651deaa152e453193badbf4438c8], PUP.Optional.ProfessionalPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProfessionalPCCleaner_Start, , [88773b47bfcc1b1b2745e7015ba8eb15], PUP.Optional.ProfessionalPCCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ProfessionalPCCleaner_RASAPI32, , [2ed1e0a2e0ab74c2d09b10d8956ec739], PUP.Optional.ProfessionalPCCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ProfessionalPCCleaner_RASMANCS, , [6e91463c0f7c70c6ce9d7177b44f50b0], Rootkit.Komodia.PUA, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BSDRIVER, , [16e93b47e8a38babbe7bf5f8877c8f71], PUP.Optional.ProfessionalPCCleaner, HKU\S-1-5-21-655055617-1888823773-2012408708-1001\SOFTWARE\ProfessionalPCCleanerLanguage, , [9b64dea40e7d58def7739d4bfe05c53b], PUP.Optional.ProPCCleaner, HKU\S-1-5-21-655055617-1888823773-2012408708-1001\SOFTWARE\CAPHYON\ADVANCED UPDATER\{EB8CB898-F337-451C-A468-B9725D04ED21}, , [fc038bf7e1aace689fbff6c2a75ca25e], PUP.Optional.Searching.ShrtCln, HKU\S-1-5-21-655055617-1888823773-2012408708-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, , [35ca6c1667244cea77b4e0896b983dc3], PUP.Optional.MultiPlug, HKU\S-1-5-21-655055617-1888823773-2012408708-1001_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, , [78874d357f0ccb6bc51d88327b887789], PUP.Optional.MultiPlug, HKU\S-1-5-21-655055617-1888823773-2012408708-1001_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, , [78874d357f0ccb6bc51d88327b887789], Registrierungswerte: 20 PUP.Optional.Searching.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|TopResultURL, hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=F85ztutdk0004,290ecd61-4cc2-4569-af77-1fd2162790e0,, , [cf307111315aa3937bb15c0d09faff01] PUP.Optional.Searching.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|TopResultURLFallback, hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=F85ztutdk0004,290ecd61-4cc2-4569-af77-1fd2162790e0,, , [b14eec965d2e9c9a909cb0b9c3406d93] PUP.Optional.Searching.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://www-searching.com/favicon.ico, , [6996dba7aae18caa76b6beaba261df21] PUP.Optional.Searching.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURLFallback, hxxp://www-searching.com/favicon.ico, , [718e3a48a9e2d363f13bef7aa75c6d93] PUP.Optional.SearchModule, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|SuggestionsURL, hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}, , [2dd2f58d4e3dfe3856be4a554cb79868] PUP.Optional.SearchModule, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|SuggestionsURLFallback, hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}, , [41be354d4447fe381202f5aa6a9954ac] PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130831557324766604, , [c837037ffc8f57dff92ea7026c97e020] PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130831557324766604, , [c03f4042434856e0f73031781ae92ed2] PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130831557324766604, , [a45b93ef83082313c85fadfcaf5402fe] PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130831557324766604, , [916e5c262368171f9f884e5b20e37a86] PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130831557324766604, , [1ae5bdc5206bee4867c004a562a1ca36] PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130831557324766604, , [d9266121becdeb4b91966643f112cc34] PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130831557324766604, , [b34cec96e8a3999d6dbbdfca05fe55ab] Rootkit.Komodia.PUA, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BSDRIVER|DisplayName, bsdriver, , [16e93b47e8a38babbe7bf5f8877c8f71] PUP.Optional.Searching.ShrtCln, HKU\S-1-5-21-655055617-1888823773-2012408708-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|TopResultURL, hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=F85ztutdk0004,290ecd61-4cc2-4569-af77-1fd2162790e0,, , [35ca6c1667244cea77b4e0896b983dc3] PUP.Optional.Searching.ShrtCln, HKU\S-1-5-21-655055617-1888823773-2012408708-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|TopResultURLFallback, hxxp://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=F85ztutdk0004,290ecd61-4cc2-4569-af77-1fd2162790e0,, , [718e2959dab19a9c62c998d1e61d11ef] PUP.Optional.Searching.ShrtCln, HKU\S-1-5-21-655055617-1888823773-2012408708-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://www-searching.com/favicon.ico, , [619e8ef4424959ddd754b0b960a3fd03] PUP.Optional.Searching.ShrtCln, HKU\S-1-5-21-655055617-1888823773-2012408708-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURLFallback, hxxp://www-searching.com/favicon.ico, , [f00f493902895adc65c6006946bd1de3] PUP.Optional.SearchModule, HKU\S-1-5-21-655055617-1888823773-2012408708-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|SuggestionsURL, hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}, , [13ecb7cb424980b68f848b1443c048b8] PUP.Optional.SearchModule, HKU\S-1-5-21-655055617-1888823773-2012408708-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|SuggestionsURLFallback, hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}, , [11ee5d25a4e7979fdb389c03fe051de3] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 124 PUP.Optional.WebBar, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, , [c7380a78e5a638fe6a08b8f47f84847c], PUP.Optional.PCProCleaner, C:\Users\tokoma\AppData\Roaming\updates, , [26d95f23e3a80f271b375b5b41c2bf41], PUP.Optional.Shopperz.BrwsrFlsh, C:\Program Files\shopperz22072015, , [8c735e240289c0763ca396d00bf76898], PUP.Optional.CinemaPlus, C:\Program Files (x86)\CinemaPlus-3.2cV25.10, , [51ae6f130a816ccadb25d39907fb09f7], PUP.Optional.OneSafePCCleaner, C:\Users\tokoma\AppData\Roaming\OneSafe PC Cleaner, , [b54a2062b4d7d95d19781f632ad8fd03], PUP.Optional.OneSafePCCleaner, C:\Users\tokoma\AppData\Roaming\OneSafe PC Cleaner\Backup, , [b54a2062b4d7d95d19781f632ad8fd03], PUP.Optional.OneSafePCCleaner, C:\Users\tokoma\AppData\Roaming\OneSafe PC Cleaner\Log, , [b54a2062b4d7d95d19781f632ad8fd03], PUP.Optional.OneSafePCCleaner, C:\Users\tokoma\AppData\Roaming\OneSafe PC Cleaner\Undo, , [b54a2062b4d7d95d19781f632ad8fd03], PUP.Optional.OneSafePCCleaner, C:\Users\tokoma\Documents\OneSafe PC Cleaner, , [34cbd2b0acdfa2942171b2d00ef48f71], PUP.Optional.OneSafePCCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSafe PC Cleaner, , [e51a9be7becd9f973a5a067c659d39c7], PUP.Optional.MyBrowser, C:\Program Files (x86)\MyBrowser, , [659a7e0494f73006f0354e42788a1ae6], PUP.Optional.MyBrowser, C:\Program Files (x86)\MyBrowser\MyBrowser, , [659a7e0494f73006f0354e42788a1ae6], PUP.Optional.MyBrowser, C:\Program Files (x86)\MyBrowser\MyBrowser\Application, , [659a7e0494f73006f0354e42788a1ae6], PUP.Optional.MyBrowser, C:\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95, , [659a7e0494f73006f0354e42788a1ae6], PUP.Optional.MyBrowser, C:\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Extensions, , [659a7e0494f73006f0354e42788a1ae6], PUP.Optional.MyBrowser, C:\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer, , [659a7e0494f73006f0354e42788a1ae6], PUP.Optional.MyBrowser, C:\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Locales, , [659a7e0494f73006f0354e42788a1ae6], PUP.Optional.MyBrowser, C:\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\PepperFlash, , [659a7e0494f73006f0354e42788a1ae6], PUP.Optional.MyBrowser, C:\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\VisualElements, , [659a7e0494f73006f0354e42788a1ae6], PUP.Optional.MyBrowser, C:\Program Files (x86)\MyBrowser\MyBrowser\Application\Icons, , [659a7e0494f73006f0354e42788a1ae6], PUP.Optional.MyBrowser, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBrowser, , [ec1350320b8085b1a87e513f4bb754ac], PUP.Optional.Managera, C:\Users\tokoma\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42, , [8b74ea9828639c9a6f550888778b9b65], PUP.Optional.ExTutil, C:\Users\tokoma\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [4db2c0c2fb90dd59b8245d33738f1fe1], PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, , [0bf46f139eed0b2bad7ba4ef8181c13f], PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, , [0bf46f139eed0b2bad7ba4ef8181c13f], PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, , [0bf46f139eed0b2bad7ba4ef8181c13f], PUP.Optional.ProfessionalPCCleaner, C:\Users\tokoma\AppData\Local\Professional_PC_Cleaner, , [48b7453dbad19e980c80b5ded62c8f71], PUP.Optional.ProfessionalPCCleaner, C:\Users\tokoma\AppData\Local\Professional_PC_Cleaner\ProfessionalPCCleaner.exe_Url_sw5numhdonn240lbdkogdordvzoytvbi, , [48b7453dbad19e980c80b5ded62c8f71], PUP.Optional.ProfessionalPCCleaner, C:\Users\tokoma\AppData\Local\Professional_PC_Cleaner\ProfessionalPCCleaner.exe_Url_sw5numhdonn240lbdkogdordvzoytvbi\3.0.6.0, , [48b7453dbad19e980c80b5ded62c8f71], PUP.Optional.PullUpdate, C:\ProgramData\RcMxTslM\dat, , [8a756e147b1060d668a7dcb714f05ca4], PUP.Optional.PullUpdate, C:\ProgramData\RcMxTslM, , [8a756e147b1060d668a7dcb714f05ca4], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\css, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\html, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\bg, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ca, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\cs, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\da, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\de, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\el, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en_GB, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es_419, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\et, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fi, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fil, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fr, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hi, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hr, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hu, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\id, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\it, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ja, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ko, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lt, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lv, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nb, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nl, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pl, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_BR, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_PT, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ro, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ru, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sk, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sl, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sr, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sv, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\th, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\tr, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\uk, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\vi, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_CN, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_TW, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_metadata, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, , [d52a7c06b6d5b48209c7bbd962a2d52b], Dateien: 117 PUP.Optional.CrossRider, C:\Users\tokoma\AppData\Local\Temp\nsvCBD8.tmp, , [8778443e87042511791a2567ab59e020], PUP.Optional.WebBar, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, , [c7380a78e5a638fe6a08b8f47f84847c], PUP.Optional.PCProCleaner, C:\Users\tokoma\AppData\Roaming\updates\updates.aiu, , [26d95f23e3a80f271b375b5b41c2bf41], PUP.Optional.ProfessionalPCCleaner, C:\Windows\System32\Tasks\ProfessionalPCCleaner_Popup, , [44bb5230d0bb90a6cc9b2abe9073c937], PUP.Optional.ProfessionalPCCleaner, C:\Windows\System32\Tasks\ProfessionalPCCleaner_Start, , [e51af09290fb11254324b830c2416a96], PUP.Optional.Shopperz.BrwsrFlsh, C:\Program Files\shopperz22072015\prc.exe, , [8c735e240289c0763ca396d00bf76898], PUP.Optional.Shopperz.BrwsrFlsh, C:\Program Files\shopperz22072015\unins000.exe, , [8c735e240289c0763ca396d00bf76898], PUP.Optional.ProfessionalPCCleaner, C:\Users\tokoma\AppData\Local\Professional_PC_Cleaner\ProfessionalPCCleaner.exe_Url_sw5numhdonn240lbdkogdordvzoytvbi\3.0.6.0\user.config, , [48b7453dbad19e980c80b5ded62c8f71], PUP.Optional.PullUpdate, C:\ProgramData\RcMxTslM\dat\BaMVZQ.exe.config, , [8a756e147b1060d668a7dcb714f05ca4], PUP.Optional.PullUpdate, C:\ProgramData\RcMxTslM\dat\riIFnRYDVyB.exe.config, , [8a756e147b1060d668a7dcb714f05ca4], PUP.Optional.PullUpdate, C:\ProgramData\RcMxTslM\info.dat, , [8a756e147b1060d668a7dcb714f05ca4], PUP.Optional.PullUpdate, C:\ProgramData\RcMxTslM\WZjHote.dat, , [8a756e147b1060d668a7dcb714f05ca4], PUP.Optional.PullUpdate, C:\ProgramData\RcMxTslM\WZjHote.exe.config, , [8a756e147b1060d668a7dcb714f05ca4], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json, , [21de92f0008b4de99a36a1f3cc38659b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\manifest.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\craw_background.js, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\craw_window.js, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\css\craw_window.css, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\html\craw_window.html, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\flapper.gif, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\icon_128.png, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\icon_16.png, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button.png, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_close.png, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_hover.png, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_maximize.png, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\images\topbar_floating_button_pressed.png, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\bg\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ca\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\cs\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\da\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\de\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\el\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\en_GB\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\es_419\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\et\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fi\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fil\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\fr\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hi\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hr\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\hu\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\id\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\it\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ja\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ko\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lt\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\lv\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nb\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\nl\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pl\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_BR\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\pt_PT\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ro\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\ru\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sk\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sl\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sr\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\sv\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\th\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\tr\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\uk\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\vi\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_CN\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_locales\zh_TW\messages.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.HijackModifiedExtension, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\_metadata\verified_contents.json, , [d52a7c06b6d5b48209c7bbd962a2d52b], PUP.Optional.MyStartSearch, C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Schlecht: ("session":{"restore_on_startup":4,"startup_urls":["hxxp://www.mystartsearch.com/?type=hp&ts=1442258229&z=5d3e89d9d390ba01647ea52g6zdzfo3o0w3b3e7z1e&from=cmi&uid=ST1000LM024XHN-M101MBB_S32XJ9EF641803"]},"software_reporter":{"prompt_seed":"20150601","prompt_version":"3.21.0"}}), ,[0bf4b6cc612a43f35a1e6a2bd52f827e] Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
29.11.2015, 07:02 | #6 |
/// the machine /// TB-Ausbilder | Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung Popup MBAM updaten, scannen , Funde löschen. Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung Popup |
29.11.2015, 14:17 | #7 |
| Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung PopupCode:
ATTFilter # AdwCleaner v5.022 - Bericht erstellt am 29/11/2015 um 13:58:40 # Aktualisiert am 22/11/2015 von Xplode # Datenbank : 2015-11-22.2 [Server] # Betriebssystem : Windows 8.1 (x64) # Benutzername : tokoma - TOKO # Gestartet von : C:\Users\tokoma\Desktop\AdwCleaner_5.022.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** [-] Dienst Gelöscht : iSafeKrnlMon ***** [ Ordner ] ***** [-] Ordner Gelöscht : C:\Users\tokoma\AppData\Local\DesktopSearch ***** [ Dateien ] ***** ***** [ DLLs ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions [-] Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WebBar [-] Schlüssel Gelöscht : HKU\.DEFAULT\Software\Avg Secure Update ***** [ Internetbrowser ] ***** [-] [C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : trovi.search [-] [C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Gelöscht : hxxp://www.mystartsearch.com/webfavicon.ico [-] [C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Gelöscht : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330130&octid=EB_ORIGINAL_CTID&ISID=M93C99B2A-59AF-4A63-99D7-DBDCE7398FC8&SearchSource=58&CUI=&UM=8&UP=SPC44D3508-E3BA-45F6-ADE2-52DC81727624&D=080415&q={searchTerms}&SSPV=SP3010TB_sp_ch [-] [C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : booedmolknjekdopkepjjeckmjkdpfgl [-] [C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : flpcjncodpafbgdpnkljologafpionhb [-] [C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : jlcgehabolcakkjhgmgpkagpolbjlhfa [-] [C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Gelöscht : hxxp://www.mystartsearch.com/?type=hp&ts=1442258229&z=5d3e89d9d390ba01647ea52g6zdzfo3o0w3b3e7z1e&from=cmi&uid=ST1000LM024XHN-M101MBB_S32XJ9EF641803 ************************* :: "Tracing" Schlüssel gelöscht :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt :: Chrome Richtlinien gelöscht ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2573 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.1 (11.24.2015) Operating System: Windows 8.1 x64 Ran by tokoma (Administrator) on 29.11.2015 at 14:03:52,42 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 4 Successfully deleted: C:\ProgramData\productdata (Folder) Successfully deleted: C:\Users\tokoma\AppData\Roaming\productdata (Folder) Successfully deleted: C:\Users\tokoma\AppData\Roaming\sp_data.sys (File) Successfully deleted: C:\Program Files (x86)\pro pc cleaner (Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29.11.2015 at 14:07:33,01 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:28-11-2015 durchgeführt von tokoma (Administrator) auf TOKO (29-11-2015 14:11:52) Gestartet von C:\Users\tokoma\Desktop Geladene Profile: tokoma (Verfügbare Profile: tokoma) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (TeamViewer) C:\Program Files (x86)\ITbrain Agent\itbrain_agent.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-15] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] () HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\MountPoints2: {02627817-285f-11e4-8252-806e6f6e6963} - "E:\autorun.exe" ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{5C8B1A66-6F46-4E47-B6CF-280D94F05E04}: [DhcpNameServer] 192.13.128.24 Tcpip\..\Interfaces\{E72CCE24-6189-43F5-9E5E-5EC6FB4BB621}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-26] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-26] (Oracle Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-26] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-26] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/" CHR Profile: C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25] CHR Extension: (YouTube) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25] CHR Extension: (Google-Suche) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25] CHR Extension: (Google Docs Offline) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-27] CHR Extension: (Google Mail) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [Datei ist nicht signiert] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 ITbrain Agent; C:\Program Files (x86)\ITbrain Agent\itbrain_agent.exe [5567488 2013-08-22] (TeamViewer) [Datei ist nicht signiert] R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6849808 2015-11-10] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-25] (Atheros) [Datei ist nicht signiert] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-28] (Intel Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-28 14:20 - 2016-07-28 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-07-28 14:18 - 2015-11-25 01:25 - 00000000 ____D C:\Program Files (x86)\BrowserPro App 2016-07-28 14:15 - 2016-07-28 14:20 - 00000000 ____D C:\Program Files (x86)\Google 2016-07-28 14:15 - 2015-11-24 23:53 - 00000000 ____D C:\Users\tokoma\AppData\Local\Google 2016-07-24 15:31 - 2015-11-25 00:34 - 00000000 ____D C:\Program Files\Common Files\AV 2016-06-19 14:45 - 2016-07-28 13:29 - 00000000 ____D C:\Windows\Minidump 2016-06-19 14:45 - 2016-07-27 15:16 - 640785184 _____ C:\Windows\MEMORY.DMP 2016-06-18 17:52 - 2015-08-01 06:52 - 00000226 _____ C:\Users\tokoma\AppData\Roaming\WB.CFG 2016-06-18 15:53 - 2016-06-18 15:54 - 00000000 ____D C:\Users\tokoma\AppData\Local\Chromium 2015-11-29 14:11 - 2015-11-29 14:12 - 00013838 _____ C:\Users\tokoma\Desktop\FRST.txt 2015-11-29 14:07 - 2015-11-29 14:07 - 00000827 _____ C:\Users\tokoma\Desktop\JRT.txt 2015-11-29 14:02 - 2015-11-29 14:02 - 00002663 _____ C:\Users\tokoma\Desktop\AdwCleaner[C3].txt 2015-11-29 13:19 - 2015-11-29 13:19 - 01733632 _____ C:\Users\tokoma\Desktop\AdwCleaner_5.022.exe 2015-11-29 13:16 - 2015-11-29 13:17 - 01599336 _____ (Malwarebytes) C:\Users\tokoma\Desktop\JRT.exe 2015-11-27 23:33 - 2015-07-28 02:09 - 00484552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2015-11-27 23:33 - 2015-07-28 02:08 - 00690016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2015-11-27 21:38 - 2015-11-29 13:44 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2015-11-27 21:38 - 2015-11-29 13:43 - 00000967 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2015-11-27 21:33 - 2015-11-27 21:36 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\TeamViewer 2015-11-27 21:14 - 2015-11-27 21:14 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2015-11-27 21:14 - 2015-11-27 21:14 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software 2015-11-27 21:11 - 2015-11-29 14:12 - 00000000 ____D C:\Program Files (x86)\ITbrain Agent 2015-11-27 21:11 - 2015-11-27 21:11 - 00000000 __HDC C:\ProgramData\{651038AD-E038-410A-BD90-28FB006FD850} 2015-11-27 21:11 - 2015-11-27 21:11 - 00000000 ____D C:\Users\Default\AppData\Local\PackageAware 2015-11-27 21:11 - 2015-11-27 21:11 - 00000000 ____D C:\Users\Default User\AppData\Local\PackageAware 2015-11-27 20:51 - 2015-11-29 13:43 - 00001110 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-11-27 20:51 - 2015-11-27 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-27 20:51 - 2015-11-27 20:51 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-27 20:51 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-27 20:51 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-27 20:49 - 2015-11-27 20:50 - 22908888 _____ (Malwarebytes ) C:\Users\tokoma\Downloads\mbam-setup-2.2.0.1024.exe 2015-11-27 20:49 - 2015-11-27 20:50 - 22908888 _____ (Malwarebytes ) C:\Users\tokoma\Downloads\mbam-setup-2.2.0.1024 (1).exe 2015-11-27 00:04 - 2015-11-03 01:23 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-27 00:04 - 2015-11-03 01:23 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-26 23:07 - 2015-11-26 23:07 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2015-11-26 23:07 - 2015-11-26 23:07 - 00027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2015-11-26 23:00 - 2015-11-29 13:43 - 00001213 _____ C:\Users\Public\Desktop\Media Player Classic.lnk 2015-11-26 23:00 - 2015-11-26 23:00 - 00003790 _____ C:\Windows\System32\Tasks\klcp_update 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\Program Files\7-Zip 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2015-11-26 22:59 - 2015-11-26 23:00 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2015-11-26 22:58 - 2015-11-26 22:59 - 00000000 ____D C:\Users\tokoma\.oracle_jre_usage 2015-11-26 22:58 - 2015-11-26 22:58 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-11-26 22:58 - 2015-11-26 22:58 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Sun 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Users\tokoma\AppData\Local\Adobe 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-11-26 22:55 - 2015-11-29 13:43 - 00000080 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-26 22:55 - 2015-11-26 22:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-11-26 22:55 - 2015-11-26 22:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-11-26 22:54 - 2015-11-29 14:01 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-26 22:54 - 2015-11-29 13:59 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-26 22:54 - 2015-11-26 22:54 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-11-26 22:54 - 2015-11-26 22:54 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-11-26 22:52 - 2015-11-26 22:52 - 00307200 _____ (Secure By Design Inc.) C:\Users\tokoma\Downloads\Ninite 7Zip Air Chrome Java 8 Installer.exe 2015-11-26 20:49 - 2015-07-30 15:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-11-26 20:49 - 2015-07-30 14:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-11-26 19:43 - 2015-11-29 14:11 - 00000000 ____D C:\Users\tokoma\Desktop\FRST-OlderVersion 2015-11-25 21:20 - 2015-11-29 13:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-25 21:20 - 2015-11-27 00:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-25 21:17 - 2015-11-25 22:23 - 00000000 ____D C:\Users\tokoma\Desktop\mbar 2015-11-25 21:17 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-25 21:12 - 2015-11-25 21:12 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\tokoma\Desktop\tdsskiller.exe 2015-11-25 21:07 - 2015-11-25 21:09 - 16563352 _____ (Malwarebytes Corp.) C:\Users\tokoma\Desktop\mbar-1.09.3.1001.exe 2015-11-25 20:49 - 2015-11-25 20:49 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2015-11-25 20:49 - 2015-11-25 20:49 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-11-25 20:48 - 2015-11-25 20:48 - 00000000 ____D C:\Users\tokoma\Documents\ProfessionalPCCleaner 2015-11-25 19:09 - 2015-11-29 14:11 - 00000000 ____D C:\FRST 2015-11-25 19:08 - 2015-11-25 19:08 - 00380416 _____ C:\Users\tokoma\Desktop\Gmer-19357.exe 2015-11-25 19:06 - 2015-11-29 14:11 - 02349056 _____ (Farbar) C:\Users\tokoma\Desktop\FRST64.exe 2015-11-25 19:05 - 2015-11-25 19:05 - 00000000 _____ C:\Users\tokoma\defogger_reenable 2015-11-25 19:03 - 2015-11-25 19:03 - 00050477 _____ C:\Users\tokoma\Desktop\Defogger.exe 2015-11-25 18:44 - 2015-11-25 18:44 - 00000000 ____D C:\Users\tokoma\AppData\Local\TeamViewer 2015-11-25 18:43 - 2015-11-29 13:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-11-25 18:42 - 2015-11-25 18:43 - 08202040 _____ (TeamViewer GmbH) C:\Users\tokoma\Downloads\TeamViewer_Setup_de.exe 2015-11-25 02:53 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-25 02:53 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-25 02:53 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-25 02:53 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-25 02:53 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-25 02:53 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-25 02:53 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-25 02:53 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-25 02:53 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-11-25 02:53 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-25 02:53 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-25 02:53 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-25 02:53 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-25 02:53 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-25 02:53 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-25 02:53 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-11-25 02:53 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-25 02:53 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-25 02:53 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-25 02:53 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-25 02:53 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-25 02:53 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-25 02:53 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-25 02:47 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-25 02:47 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-25 02:47 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2015-11-25 02:47 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-25 02:47 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-25 02:47 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-25 02:47 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-25 02:47 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-11-25 02:47 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-25 02:47 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-25 02:47 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-11-25 02:47 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-25 02:47 - 2015-09-29 13:24 - 00155480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2015-11-25 02:47 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll 2015-11-25 02:47 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2015-11-25 02:47 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2015-11-25 02:47 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2015-11-25 02:47 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-11-25 02:47 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys 2015-11-25 02:47 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe 2015-11-25 02:47 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-11-25 02:47 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-11-25 02:47 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2015-11-25 02:47 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2015-11-25 02:46 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-25 02:46 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-25 02:46 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-25 02:46 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-11-25 02:46 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-11-25 02:46 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-11-25 02:46 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-11-25 02:46 - 2015-09-12 14:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml 2015-11-25 02:46 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-25 02:46 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-25 02:43 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-25 02:43 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-25 02:43 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-25 02:43 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-25 02:43 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-11-25 02:43 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-25 02:43 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-25 02:43 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-25 02:43 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-25 02:43 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-25 02:43 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-25 02:43 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-25 02:37 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-25 02:35 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2015-11-25 02:35 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2015-11-25 02:35 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2015-11-25 02:35 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2015-11-25 02:35 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2015-11-25 02:35 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2015-11-25 02:35 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys 2015-11-25 00:35 - 2015-11-25 00:35 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\AVG 2015-11-25 00:34 - 2015-11-27 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-11-25 00:34 - 2015-11-25 00:34 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\TuneUp Software 2015-11-25 00:31 - 2015-11-25 00:31 - 00000000 ___HD C:\$AVG 2015-11-25 00:24 - 2015-11-29 13:43 - 00000922 _____ C:\Users\Public\Desktop\AVG.lnk 2015-11-25 00:24 - 2015-11-29 13:41 - 00000000 ____D C:\ProgramData\MFAData 2015-11-25 00:24 - 2015-11-25 00:24 - 00000000 ____D C:\Users\tokoma\AppData\Local\MFAData 2015-11-25 00:24 - 2015-11-25 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-11-25 00:21 - 2015-11-25 00:31 - 00000000 ____D C:\ProgramData\Avg 2015-11-25 00:21 - 2015-11-25 00:28 - 00000000 ____D C:\Program Files (x86)\AVG 2015-11-25 00:20 - 2015-11-27 21:13 - 00000000 ____D C:\Users\tokoma\AppData\Local\Avg 2015-11-25 00:20 - 2015-11-25 00:23 - 00000000 ____D C:\Users\tokoma\AppData\Local\AvgSetupLog 2015-11-25 00:19 - 2015-11-25 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\LocalLow\IObit 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\ProgramData\IObit 2015-11-25 00:02 - 2015-11-25 22:11 - 00000000 ____D C:\Program Files (x86)\IObit 2015-11-25 00:02 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\IObit 2015-11-24 23:31 - 2015-11-24 23:31 - 00000000 _____ C:\Recovery.txt 2015-11-24 22:54 - 2015-11-29 13:58 - 00000000 ____D C:\AdwCleaner 2015-11-24 22:37 - 2015-11-24 22:37 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\kingsoft 2015-10-30 19:06 - 2015-11-26 00:20 - 00001125 _____ C:\Users\tokoma\Desktop\nativelog.txt 2015-10-30 17:14 - 2015-09-03 03:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-10-30 17:14 - 2015-09-03 03:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-10-30 17:14 - 2015-09-02 19:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-10-30 17:14 - 2015-09-02 18:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-10-30 17:14 - 2015-07-22 15:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-10-30 17:14 - 2015-07-22 14:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-10-30 17:14 - 2015-07-17 15:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-10-30 17:14 - 2015-07-17 15:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-10-30 17:14 - 2015-07-14 22:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-10-30 17:14 - 2015-07-14 22:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll 2015-10-30 17:14 - 2015-07-14 22:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll 2015-10-30 17:14 - 2015-07-09 17:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-10-30 17:14 - 2015-06-27 12:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-10-30 17:14 - 2015-06-19 18:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2015-10-30 17:14 - 2015-06-12 18:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2015-10-30 17:14 - 2015-06-12 17:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2015-10-30 17:14 - 2015-06-11 21:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2015-10-30 17:14 - 2015-06-11 21:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2015-10-30 17:13 - 2015-07-14 04:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe 2015-10-30 17:13 - 2015-07-10 20:06 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys 2015-10-30 17:13 - 2015-07-07 10:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-10-30 17:13 - 2015-07-07 10:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-10-30 17:13 - 2015-07-07 10:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-10-30 17:10 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-10-30 17:10 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-10-30 17:10 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-10-30 17:10 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2015-10-30 17:09 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-10-30 17:09 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-10-30 17:09 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-10-30 17:09 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-10-30 17:09 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx 2015-10-30 17:09 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx 2015-10-30 17:00 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-10-30 17:00 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-10-30 17:00 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-10-30 16:58 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-10-30 16:58 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-10-30 16:58 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-10-30 16:58 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-10-30 16:58 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-10-30 16:58 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-10-30 16:58 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-10-30 16:58 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-10-30 16:58 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-10-30 16:58 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-10-30 16:58 - 2015-07-16 21:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-10-30 16:58 - 2015-07-16 20:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-10-30 16:58 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-10-30 16:58 - 2015-07-16 20:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-10-30 16:58 - 2015-07-16 19:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-10-30 16:57 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-10-30 16:57 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-10-30 16:57 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-10-30 16:57 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-10-30 16:57 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-10-30 16:57 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-10-30 16:56 - 2015-10-30 16:58 - 00000044 _____ C:\Users\tokoma\Desktop\Fuc! U Virus.txt 2015-10-30 16:54 - 2015-10-30 16:54 - 00000000 ____D C:\ProgramData\kingsoft 2015-10-30 16:54 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-10-30 16:53 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-10-30 16:52 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-10-30 16:44 - 2015-07-16 01:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-10-30 16:44 - 2015-07-10 18:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-10-30 16:43 - 2015-09-02 03:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-10-30 16:43 - 2015-09-02 03:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-10-30 16:43 - 2015-09-02 03:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-10-30 16:43 - 2015-09-02 03:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-10-30 16:43 - 2015-07-30 18:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-10-30 16:43 - 2015-07-30 17:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-10-30 16:43 - 2015-07-22 15:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-10-30 16:43 - 2015-07-22 15:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll 2015-10-30 16:43 - 2015-07-22 15:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-10-30 16:43 - 2015-07-22 15:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll 2015-10-30 16:43 - 2015-07-18 19:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll 2015-10-30 16:43 - 2015-07-18 19:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll 2015-10-30 16:43 - 2015-07-18 19:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll 2015-10-30 16:43 - 2015-07-18 19:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2015-10-30 16:43 - 2015-07-13 20:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-10-30 16:43 - 2015-07-13 20:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-10-30 16:43 - 2015-07-01 23:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-10-30 16:43 - 2015-07-01 23:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-10-30 16:43 - 2015-07-01 22:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-10-30 16:43 - 2015-07-01 22:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-10-30 16:42 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-10-30 16:42 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-10-30 16:42 - 2015-07-09 17:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-28 12:47 - 2014-09-30 16:23 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{165E99F4-4F00-4F10-8F2D-DEE576ACF2BD} 2016-07-28 12:46 - 2015-05-13 16:19 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1 2016-07-28 12:46 - 2015-05-13 16:19 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2 2016-07-19 19:29 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports 2016-07-17 17:32 - 2014-10-30 14:52 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2015 2016-07-02 14:23 - 2015-01-19 15:16 - 00000000 ____D C:\Program Files (x86)\Steam 2015-11-29 14:07 - 2014-05-16 00:45 - 00765582 _____ C:\Windows\system32\perfh007.dat 2015-11-29 14:07 - 2014-05-16 00:45 - 00159366 _____ C:\Windows\system32\perfc007.dat 2015-11-29 14:07 - 2014-03-18 16:26 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-29 14:07 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2015-11-29 14:05 - 2014-09-30 16:12 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-655055617-1888823773-2012408708-1001 2015-11-29 14:00 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-29 13:44 - 2014-08-20 12:58 - 00001316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk 2015-11-29 13:44 - 2014-08-20 12:55 - 00000712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk 2015-11-29 13:44 - 2014-05-15 16:59 - 00002468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk 2015-11-29 13:44 - 2014-05-15 16:54 - 00001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2015-11-29 13:43 - 2015-05-24 08:44 - 00001273 _____ C:\Users\Public\Desktop\Air Traffic Control.lnk 2015-11-29 13:43 - 2015-02-18 13:49 - 00000969 _____ C:\Users\Public\Desktop\Minecraft.lnk 2015-11-29 13:43 - 2015-02-07 18:49 - 00001170 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2015-11-29 13:43 - 2014-10-30 15:03 - 00001293 _____ C:\Users\tokoma\Desktop\Landwirtschafts Simulator 15 .lnk 2015-11-29 13:43 - 2014-09-30 16:06 - 00000469 _____ C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-11-29 13:43 - 2014-09-30 16:06 - 00000467 _____ C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-11-29 13:42 - 2013-08-22 15:44 - 00338072 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-29 13:40 - 2014-10-22 19:13 - 00000000 ___RD C:\Windows\BrowserChoice 2015-11-29 13:40 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-11-29 13:25 - 2015-08-05 12:25 - 00000374 _____ C:\Windows\Tasks\DocControl.job 2015-11-28 04:41 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache 2015-11-27 23:33 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2015-11-26 23:58 - 2015-04-05 10:05 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-11-26 23:58 - 2015-04-05 10:05 - 00000000 ___SD C:\Windows\system32\GWX 2015-11-26 23:58 - 2014-03-18 16:10 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-26 23:58 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData 2015-11-26 23:58 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-11-26 23:58 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-11-26 23:45 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-11-26 22:59 - 2015-05-14 12:51 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-11-26 22:59 - 2015-05-14 12:51 - 00000000 ____D C:\Program Files\Java 2015-11-26 22:59 - 2015-01-31 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-26 22:58 - 2014-09-30 16:06 - 00000000 ____D C:\Users\tokoma 2015-11-26 22:57 - 2015-05-24 09:34 - 00000000 ____D C:\ProgramData\Adobe 2015-11-26 22:57 - 2015-01-31 18:04 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-26 22:57 - 2014-09-30 16:07 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Adobe 2015-11-26 20:14 - 2014-10-22 19:10 - 00000000 ____D C:\Windows\system32\MRT 2015-11-26 20:08 - 2014-10-22 19:10 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-26 19:46 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-11-25 19:13 - 2015-05-01 14:13 - 00206848 ___SH C:\Users\tokoma\Desktop\Thumbs.db 2015-11-25 19:02 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-11-25 19:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2015-11-25 19:01 - 2014-09-30 16:06 - 00000000 ____D C:\Users\tokoma\AppData\Local\Packages 2015-11-25 18:40 - 2014-12-09 20:51 - 00000000 ____D C:\Users\tokoma\AppData\Local\CrashDumps 2015-11-25 01:25 - 2015-08-05 12:32 - 00000000 ____D C:\Program Files (x86)\Ghostery 2015-11-25 00:33 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-11-25 00:15 - 2014-08-20 13:12 - 00000000 ____D C:\Program Files\Common Files\mcafee 2015-11-25 00:15 - 2014-08-20 13:12 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-11-25 00:15 - 2014-08-20 13:11 - 00000000 ____D C:\ProgramData\McAfee 2015-11-24 23:43 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System 2015-11-24 23:22 - 2015-05-29 13:11 - 00000000 ____D C:\Windows\system32\log 2015-10-30 19:08 - 2015-01-31 18:05 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\.minecraft 2015-10-30 18:01 - 2015-01-28 19:53 - 00000000 ____D C:\Windows\system32\appraiser 2015-10-30 18:01 - 2014-10-22 19:15 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-10-30 18:01 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-10-30 16:55 - 2015-02-07 18:49 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\TS3Client 2015-10-30 16:53 - 2015-02-07 18:49 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2015-10-30 16:32 - 2015-02-18 13:48 - 00000000 ____D C:\Program Files (x86)\Minecraft ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-06-18 17:52 - 2015-08-01 06:52 - 0000226 _____ () C:\Users\tokoma\AppData\Roaming\WB.CFG 2014-08-20 12:58 - 2014-08-20 12:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-05-15 16:58 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2014-05-15 16:58 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-05-15 16:58 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS 2015-09-14 20:18 - 2015-09-14 20:18 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Einige Dateien in TEMP: ==================== C:\Users\tokoma\AppData\Local\Temp\apptemp.1.exe C:\Users\tokoma\AppData\Local\Temp\atdl.exe C:\Users\tokoma\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\tokoma\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe C:\Users\tokoma\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881517_Silence.exe C:\Users\tokoma\AppData\Local\Temp\Quarantine.exe C:\Users\tokoma\AppData\Local\Temp\SpOrder.dll C:\Users\tokoma\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-25 19:22 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:28-11-2015 durchgeführt von tokoma (2015-11-29 14:13:18) Gestartet von C:\Users\tokoma\Desktop Windows 8.1 (X64) (2014-09-30 15:06:34) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-655055617-1888823773-2012408708-500 - Administrator - Disabled) Gast (S-1-5-21-655055617-1888823773-2012408708-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-655055617-1888823773-2012408708-1003 - Limited - Enabled) tokoma (S-1-5-21-655055617-1888823773-2012408708-1001 - Administrator - Enabled) => C:\Users\tokoma ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.) Air Traffic Control (HKLM-x32\...\Air Traffic Control_is1) (Version: - Nemesys Team Studio) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS) ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS) AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies) AVG (Version: 16.7.7227 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4477 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies) AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.) Geländewagen-Simulator 2012 (Nur entfernen) (HKLM-x32\...\{50747054-5F94-4BBC-B189-4D3F4D22C094}_is1) (Version: 1.1.1.0 - Rondomedia Marketing & Vertriebs GmbH) GIANTS Editor 6.0.2 32-bit (HKLM-x32\...\giants_editor_6.0.2_win32_is1) (Version: 6.0.2 - GIANTS Software GmbH) Google Chrome (HKLM-x32\...\{9CED8BD3-5E1F-3B87-97E3-0A3D5B7E49BA}) (Version: 46.0.2490.86 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) ITbrain Agent (HKLM-x32\...\ITbrain Agent) (Version: 1.0.0 - TeamViewer) ITbrain Agent (x32 Version: 1.0 - InstallAware Software Corporation) Hidden ITbrain Agent (x32 Version: 1.0.0 - TeamViewer) Hidden Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) K-Lite Codec Pack 11.7.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.0 - ) Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.2.0.0 - GIANTS Software) Let's go 2 Sprachtrainer (HKLM-x32\...\{33DA5B25-479B-431E-9691-650D7293B31F}) (Version: 1.00.000 - Klett) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MediaPlayerVid2.4 (HKLM-x32\...\MediaPlayerVid2.4) (Version: 1.36.01.22 - NewPlayerVideo+) <==== ACHTUNG Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Phonetik (HKLM-x32\...\{626B7EA2-B7C2-4277-AE30-A8B452A92B6C}) (Version: 1.0.0 - Ernst Klett Verlag) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.51091 Beta - TeamViewer) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent) Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-655055617-1888823773-2012408708-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Wiederherstellungspunkte ========================= 25-11-2015 19:22:27 Windows Update 29-11-2015 14:03:54 JRT Pre-Junkware Removal ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {14F1F97B-ED9C-4C93-8B38-90FD953D330B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-26] (Microsoft Corporation) Task: {1F0CFFF0-5B0F-4D02-9C88-D3E666FD98E7} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS) Task: {3A2AD2F5-DA33-44B9-8C81-C905B39BF7D5} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-11-19] () Task: {40DEE9C9-64DA-4D89-82E8-7B52375748BA} - \Crossbrowse -> Keine Datei <==== ACHTUNG Task: {7BEEB586-4055-4005-ACD4-3741E7307D83} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] () Task: {A0E0B8E2-D8E5-4332-841E-DD1B00E9E122} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.) Task: {A75A6BF7-3D66-49C0-8EA5-BA7084B338A1} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {AB15EBB1-52E2-495B-9D6E-F6939F7D96B8} - System32\Tasks\DocControl => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: {AF26F9D7-CA93-4E30-A419-366551E45487} - \ProfessionalPCCleaner_Start -> Keine Datei <==== ACHTUNG Task: {B740C971-DDB5-4ECF-B4E3-B9F4026B1D7C} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.) Task: {BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD} - \Papuir -> Keine Datei <==== ACHTUNG Task: {CB808FC9-7655-4728-A744-E4FA33F32F7C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.) Task: {D1403659-1623-4CAE-8D62-2ACEDCB42A2A} - \cfr3011 -> Keine Datei <==== ACHTUNG Task: {DC74E85A-D091-4963-A838-170EDE4E5868} - \ProfessionalPCCleaner_Popup -> Keine Datei <==== ACHTUNG Task: {ECF238FA-98A6-4D1A-A33C-EEB7D1318599} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek) Task: {F59FBF87-D889-4982-A23A-97410AB1FA03} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {FB1C8FF6-2F5A-4E80-B1B8-EA4E448A7476} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor) Task: {FE41704B-1D34-48B0-8172-4D01B87B1A47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.) Task: {FFF22234-81DA-49C7-AC22-3EEA6ECAA36E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\DocControl.job => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-11-25 00:03 - 2015-09-21 10:49 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "3D BubbleSound" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "rec_de_70" HKLM\...\StartupApproved\Run32: => "YTDownloader" HKLM\...\StartupApproved\Run32: => "rec_de_74" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\StartupFolder: => "crossbrowse.lnk" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_98557E2CC4C9D57801F5B3619084BEF7" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "Gameo" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_EC762B715C225D87E1C23535A3EDCE73" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "SPDriver" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "YTDownloader" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{192477CF-8B53-4A83-B511-06315D696FA8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{A46D567D-5F9A-45CE-8BD6-890EC3EB6BC7}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{DF697040-F386-4FF9-B8B3-78333930FC9E}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{68136F48-6499-49A1-B039-D32581004614}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{2F937C3E-8AFD-44AD-AB66-AE5762095737}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{3CD82484-EE38-472E-9304-DAC40B574B8D}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [{53D0D9B3-2293-428B-881D-FD2BA123DB9B}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [{5E0942ED-7728-4D3C-B997-F4DC8F76EF73}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{23E7DC91-7F7C-444F-BF78-4833B471F527}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{69A2C892-1AFE-40E8-91D8-E0DAB77503C0}] => (Allow) C:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe FirewallRules: [{55F25D8D-8DC3-47AB-9370-5B9593DCCC26}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{4071443B-2F56-4F46-86CD-B1B1FC0429F0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{F3F8E757-1B34-4FE5-82E2-9C3701D6C78B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{4215CA2E-7145-4E56-AD68-0032B44420D8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{7B88681B-E215-46FD-BF11-263AB3B8CB12}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F0E6401B-A50B-4641-B255-86120DCB97ED}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F016DAB6-D3AF-4775-A4A9-7CB3A3E73ECC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{27EFDCE1-6AA4-4DEA-90A0-FA328EE8F9AC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{2E15FED7-83FB-403E-B89F-C8B8E33DEB4F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{19BB4360-F6DD-453A-BA17-807357334F7E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{8A3BFD11-35B7-4038-B5A1-EDCBB7A78719}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{46646FC2-AB53-4F77-9989-36D04CD46239}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{395BDA37-E1A7-4B45-A446-5414A351B475}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (11/25/2015 06:34:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xfa8 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Vollständiger Name des fehlerhaften Pakets: mbam.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5 Error: (11/25/2015 02:39:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.8.0, Zeitstempel: 0x53f64d6c Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.8.0, Zeitstempel: 0x53f64d6c Ausnahmecode: 0x40000015 Fehleroffset: 0x0008f746 ID des fehlerhaften Prozesses: 0x1340 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5 Error: (11/25/2015 00:11:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_Schedule, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: iSafeSrvMon64.dll, Version: 6.1.45.23411, Zeitstempel: 0x5500213f Ausnahmecode: 0xc0000409 Fehleroffset: 0x0000000000005ceb ID des fehlerhaften Prozesses: 0x358 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Schedule0 Pfad der fehlerhaften Anwendung: svchost.exe_Schedule1 Pfad des fehlerhaften Moduls: svchost.exe_Schedule2 Berichtskennung: svchost.exe_Schedule3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_Schedule4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Schedule5 Error: (11/24/2015 11:57:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (11/24/2015 11:45:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336 Ausnahmecode: 0xc000000d Fehleroffset: 0x0000000000101e60 ID des fehlerhaften Prozesses: 0x62c Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0 Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1 Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2 Berichtskennung: svchost.exe_DiagTrack3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_DiagTrack4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_DiagTrack5 Error: (11/24/2015 11:43:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_Schedule, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: iSafeSrvMon64.dll, Version: 6.1.45.23411, Zeitstempel: 0x5500213f Ausnahmecode: 0xc0000409 Fehleroffset: 0x0000000000005ceb ID des fehlerhaften Prozesses: 0x1bc8 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Schedule0 Pfad der fehlerhaften Anwendung: svchost.exe_Schedule1 Pfad des fehlerhaften Moduls: svchost.exe_Schedule2 Berichtskennung: svchost.exe_Schedule3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_Schedule4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Schedule5 Error: (11/24/2015 11:37:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (11/24/2015 11:31:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_Schedule, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: iSafeSrvMon64.dll, Version: 6.1.45.23411, Zeitstempel: 0x5500213f Ausnahmecode: 0xc0000409 Fehleroffset: 0x0000000000005ceb ID des fehlerhaften Prozesses: 0x3a8 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Schedule0 Pfad der fehlerhaften Anwendung: svchost.exe_Schedule1 Pfad des fehlerhaften Moduls: svchost.exe_Schedule2 Berichtskennung: svchost.exe_Schedule3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_Schedule4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Schedule5 Error: (11/24/2015 11:25:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Error: (11/24/2015 10:56:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: BrowserHelper.exe, Version: 1.7.0.0, Zeitstempel: 0x55c1de0f Name des fehlerhaften Moduls: BrowserHelper.exe, Version: 1.7.0.0, Zeitstempel: 0x55c1de0f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00026115 ID des fehlerhaften Prozesses: 0x1004 Startzeit der fehlerhaften Anwendung: 0xBrowserHelper.exe0 Pfad der fehlerhaften Anwendung: BrowserHelper.exe1 Pfad des fehlerhaften Moduls: BrowserHelper.exe2 Berichtskennung: BrowserHelper.exe3 Vollständiger Name des fehlerhaften Pakets: BrowserHelper.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BrowserHelper.exe5 Systemfehler: ============= Error: (11/29/2015 01:59:10 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (11/29/2015 01:58:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/29/2015 01:58:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "GamesAppIntegrationService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/29/2015 01:58:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/29/2015 01:58:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/29/2015 01:58:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/29/2015 01:58:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/29/2015 01:58:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "AVG WatchDog" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/29/2015 01:58:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "AVG Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/29/2015 01:58:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "AtherosSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. CodeIntegrity: =================================== Date: 2015-11-29 14:01:29.712 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-29 13:47:07.860 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-29 13:42:23.564 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-29 13:18:23.523 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:39.909 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:38.894 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:37.893 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:36.831 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:35.690 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:34.643 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz Prozentuale Nutzung des RAM: 18% Installierter physikalischer RAM: 8078.54 MB Verfügbarer physikalischer RAM: 6551.43 MB Summe virtueller Speicher: 10766.54 MB Verfügbarer virtueller Speicher: 9220.65 MB ==================== Laufwerke ================================ Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:302.94 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.5 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 61ECA0B9) Partition: GPT. ==================== Ende von Addition.txt ============================ |
30.11.2015, 07:52 | #8 |
/// the machine /// TB-Ausbilder | Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung PopupESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.12.2015, 00:40 | #9 |
| Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung Popup Über 100 Funde bei ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=a2e84e2c60c4e54d8abd2601a6a2fc50 # end=init # utc_time=2015-12-01 05:57:08 # local_time=2015-12-01 06:57:08 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT Update Init Update Download esets_scanner_update returned -1 esets_gle=37126 Update Finalize Updated modules version: 0 Old modules - leave modules Update Init Update Download Update Init Update Download Update Finalize Updated modules version: 26993 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=a2e84e2c60c4e54d8abd2601a6a2fc50 # end=updated # utc_time=2015-12-01 06:50:56 # local_time=2015-12-01 07:50:56 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.2.9200 NT # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=a2e84e2c60c4e54d8abd2601a6a2fc50 # engine=26993 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-01 08:39:00 # local_time=2015-12-01 09:39:00 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='AVG AntiVirus Free Edition' # compatibility_mode=1057 16777213 100 100 16236 2811006 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 423619 12791910 0 0 # scanned=274683 # found=182 # cleaned=0 # scan_time=6483 sh=C7B1C48D9119C4F63EFEFA097590E62D82DDE378 ft=0 fh=0000000000000000 vn="VBS/TrojanDownloader.Agent.NSW Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\task.vbs.vir" sh=959B6C86267DFBD8053D06F339F5EE49F20F6944 ft=1 fh=c71c0011033d2405 vn="Variante von Win32/BubbleSound.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BubbleSound\3D BubbleSound.exe.vir" sh=79195201126BCA3C9223CD97D91EEC92B1E33B88 ft=1 fh=1426f2ffccc83712 vn="Variante von Win64/BubbleSound.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BubbleSound\BubbleSound.dll.vir" sh=FAB28D679C12C672082589D5DDD59B642BC8F594 ft=1 fh=0aa93a9c2fe44037 vn="Variante von Win32/SpeedBit.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu.dll.vir" sh=A33D178CC6BC18B850092D68C8719E4582CE6223 ft=1 fh=9a8adc52a0e410da vn="Variante von Win32/Toolbar.Perion.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz22072015\Dhnayvhf.dll.vir" sh=B6874BE59CE9C91B042B24982D5DA5B33A986E8E ft=1 fh=da86ed5bb802e53c vn="Variante von Win64/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz22072015\Dhnayvhf64.dll.vir" sh=B57BCA391F98F23E56206F83D384AF9C10502E14 ft=1 fh=bf72235fbd5630c4 vn="Variante von Win32/Toolbar.Perion.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz22072015\Huyde.exe.vir" sh=B4E50AD49BB3FEA346DE3710D27401F20DB78735 ft=1 fh=a72e0243827546de vn="Variante von Win64/Toolbar.Perion.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz22072015\Huyde64.exe.vir" sh=85C43829065ADB8800420E8BCB025664EA487DE3 ft=1 fh=2157bff471647dcf vn="Win32/Toolbar.Perion.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz22072015\Jmahzov.exe.vir" sh=03FA88DEAC3459E6CC6AD65CE763043F7F9AB683 ft=1 fh=75a36077137da62f vn="Variante von Win32/Toolbar.Perion.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz22072015\Jvpmajlij.exe.vir" sh=EB79609BD7CEBB9D369D79F876FF5048FCE59BCA ft=1 fh=f45c8ceaad1780a5 vn="Variante von Win32/RiskWare.Komodia.J Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz22072015\Rofdhowal.EXE.vir" sh=2733D463DD9AA5AC98621048A9F836ABF067F1F7 ft=1 fh=b65c85a764f14e96 vn="Variante von Win32/Adware.PennyBee.AD Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz22072015\TeobBopcin.exe.vir" sh=B21C06701B9D24DDC2D451CE155170252462BBE5 ft=1 fh=ff1982c9cbde089e vn="Variante von Win32/Toolbar.BitCocktail.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz22072015\Xeelfeze.dll.vir" sh=7BB6B8B5233679902283B3F41CADBA1BC184D598 ft=1 fh=86ead4c9333b78aa vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz22072015\Xeelfeze64.dll.vir" sh=126B0100B26436C939990D51AD681C693F015490 ft=1 fh=75b332e202d562f7 vn="Variante von Win32/Toolbar.Perion.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz22072015\Xpnsbedno.dll.vir" sh=FC0DDD3295F461B3EA8271D6F00D16D5DCEFC708 ft=1 fh=9164786157df6f76 vn="Variante von Win64/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz22072015\Xpnsbedno64.dll.vir" sh=6CA18D8D116E0C0C20175DBD898166B7838F50EA ft=1 fh=c71c0011d61cf2a7 vn="Variante von Win32/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WebBar\ISightSDK.dll.vir" sh=51712158428527024D4960DA1BBEFE6B66D8AC14 ft=1 fh=7e9c6ddc88b88625 vn="Variante von MSIL/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WebBar\wbsvc.exe.vir" sh=6CA18D8D116E0C0C20175DBD898166B7838F50EA ft=1 fh=c71c0011d61cf2a7 vn="Variante von Win32/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WebBar\2.0.5659.26749\ISightSDK.dll.vir" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WebBar\2.0.5659.26749\ISightSDK_x64.dll.vir" sh=63F820C1F7D407F180DD3351E0F54AFD887E7FD1 ft=1 fh=1c82d456e6278896 vn="Variante von MSIL/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WebBar\2.0.5659.26749\wb.exe.vir" sh=38C76D8D5EC85DF1A469161596E4E2F057C275A7 ft=1 fh=6d56b5e4297156c8 vn="Variante von Win32/Adware.ConvertAd.ABZ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\59BB2443-1442257496-3049-964B-54A050B178BE\hnscAEB9.tmp.vir" sh=2666846FFBD1C08DEE2422F1A1E83F52D097C216 ft=1 fh=bfd55908ab1ccc38 vn="Win32/Adware.ConvertAd.ZD Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\59BB2443-1442257496-3049-964B-54A050B178BE\jnsl9284.tmp.vir" sh=619C90E5255160F5089E26C5EDD4597153B07265 ft=1 fh=c1ddb01ef248aaeb vn="Variante von Win32/Adware.ConvertAd.ZK Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\59BB2443-1442257496-3049-964B-54A050B178BE\knsf7774.tmpfs.vir" sh=B44867AAD243A72094F3B6D2489994C2CAB3F520 ft=1 fh=19dc5839d00d2727 vn="Variante von Win32/Adware.ConvertAd.ZM Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\59BB2443-1442257496-3049-964B-54A050B178BE\rnsi8C65.exe.vir" sh=D014E0C11B801FC6E25F0833560841A37EB1F88B ft=1 fh=f90c0fb38c4a72ef vn="Variante von Win32/Adware.ConvertAd.YX.gen Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\59BB2443-1442257496-3049-964B-54A050B178BE\vnsj5C21.tmp.vir" sh=FE5330173F4EAE77DE54A9373C292B02E5FEAFCD ft=1 fh=10866083f2066a5b vn="Variante von Win32/Adware.ConvertAd.ABZ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\59BB2443-1446220944-3049-964B-54A050B178BE\hnsk27A1.tmp.vir" sh=BFA9E3EC72136C41B066A212E43D7A6A8D606D11 ft=1 fh=c2893aa913d37301 vn="Variante von Win32/Adware.ConvertAd.ABN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\59BB2443-1446220944-3049-964B-54A050B178BE\jnspDBE.tmp.vir" sh=8F0D6ADBCB261275BE9D0A959DD238599FBE1CFE ft=1 fh=625251d2eb4bd746 vn="Variante von Win32/Adware.ConvertAd.ABQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\59BB2443-1446220944-3049-964B-54A050B178BE\knsnEE88.tmpfs.vir" sh=57BFDF852F6E7C33FDE4BB074FBBF53E1F5E6EFF ft=1 fh=6f08ce01aabd1460 vn="Variante von Win32/Adware.ConvertAd.ABW Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\59BB2443-1446220944-3049-964B-54A050B178BE\rnsb3B8.exe.vir" sh=EB2EB2588A9C98EFF2D929D292F1E681692CE912 ft=1 fh=b9dc531daa745de2 vn="Win32/Adware.ConvertAd.YY Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\59BB2443-1446220944-3049-964B-54A050B178BE\Uninstall.exe.vir" sh=DE49FA599ACDFCD60C3B542EEB5B40F375103856 ft=1 fh=523595f0cb7a706a vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\59BB2443-1446220944-3049-964B-54A050B178BE\vnspCDBA.tmp.vir" sh=9EEB9506A3A640A55724BD69440A532449E608B4 ft=1 fh=e0f9f6263415f02b vn="Variante von Win32/HideBaid.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\baidu\Bind.exe.vir" sh=1302882AFC049521BDE4A4F917A9D5735E149242 ft=1 fh=21ed0babbb1892a8 vn="Variante von Win32/HideBaid.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\baidu\ppt.exe.vir" sh=186ECB6855D797528F60AE8A94A518A2D9E6431A ft=1 fh=a6a444532d8ce064 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastSearch\acengine.exe.vir" sh=49D7AA01F17A8FA1EC90C13BE6AF63580946DFE8 ft=1 fh=27c3d03a6e26c0d8 vn="Variante von Win32/Packed.Komodia.D verdächtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastSearch\acenginecert.dll.vir" sh=D0703F3B4FB63A34BA7FE72947032CECD026D61E ft=1 fh=f12327dcab7930ec vn="Variante von Win32/Toolbar.CrossRider.CC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\fe56664a-ffec-4080-bee0-aa32cf23ac94-5.exe.vir" sh=69ABAA11781807BE8EDE0040A33299F421B98592 ft=1 fh=10893ab21c88c852 vn="Variante von Win32/Toolbar.CrossRider.CU evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\Uninstall.exe.vir" sh=84FE972E00013AF7506F91131A8671B671AC1927 ft=1 fh=394c223700afbdbd vn="Variante von Win32/Toolbar.CrossRider.CM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\utils.exe.vir" sh=CD8A96E551F0C658AB1A1DD588B2B94F3647F21F ft=1 fh=ca7980df3f0b15ec vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_004010044\gamesdesktop_widget.exe.vir" sh=834BEAECA236C5A7816012CBA9809B8DFA27FF5E ft=1 fh=fb2f13fc5e0d0a44 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_004010044\gmsd_de_004010044.exe.vir" sh=968C655CB63BE8166A36C636127D834A4D76395B ft=1 fh=dc5620c5252be48e vn="Variante von Win32/Adware.EoRezo.AZ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_004010044\predm.exe.vir" sh=97F0ED5B0D989D7C3AD887CC216CE28252FA35FC ft=1 fh=c71c001150e26757 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_005010131\gamesdesktop_widget.exe.vir" sh=54E0DC9B46B8CAFC87A9DF59DCDC4A296D5C8DC0 ft=1 fh=c31ad4f344dde57a vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_005010131\gmsd_de_005010131.exe.vir" sh=A7EB4FC1C965A0C1001C7F3DAD90C74D21A4A72F ft=1 fh=31ba5e6038db3b87 vn="Variante von Win32/Adware.EoRezo.BD Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_005010131\predm.exe.vir" sh=65D89325FB47236CCF77D582B768FA7F710727A4 ft=1 fh=d6f0b6c223b598c5 vn="Variante von Win32/AlteredSoftware.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe.vir" sh=FBE28E7FE577995BB3866F3B85BFC012EB7BF967 ft=1 fh=705a393d61581e8c vn="Variante von Win32/AlteredSoftware.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\chrmstp.exe.vir" sh=315BDF53B3936FA6EF10610B1BA274231F4E8232 ft=0 fh=0000000000000000 vn="Variante von Win32/AlteredSoftware.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\chrome.7z.vir" sh=FBE28E7FE577995BB3866F3B85BFC012EB7BF967 ft=1 fh=705a393d61581e8c vn="Variante von Win32/AlteredSoftware.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\setup.exe.vir" sh=8A8289A911E56FE86A9E7932CE3117385889C3EB ft=1 fh=c71c0011a988aa91 vn="Variante von Win32/Adware.MultiPlug.ND Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PariceLEss\BEYflNl0Ty69FM.dll.vir" sh=7D4F2FB161D6AD332A252AAB35CEB1A7ABB44894 ft=1 fh=c71c00112f7e18fa vn="Variante von Win32/Adware.MultiPlug.JY Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PariceLEss\BEYflNl0Ty69FM.exe.vir" sh=B14386A9C2B6C01A29355053D8D4DB82898DA162 ft=1 fh=e17d281f338b4cdc vn="Variante von Win64/Adware.MultiPlug.K Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PariceLEss\BEYflNl0Ty69FM.x64.dll.vir" sh=B51C38E952A09DB40E55302F26470DA6E1E67E4D ft=1 fh=5d89c5edd26df0e3 vn="Variante von Win32/Adware.Vitruvian.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PhraseProfessor_1.10.0.21\Service\ppsvc.exe.vir" sh=8E8482069BCB3C22F33049CBFEF12798933B6272 ft=1 fh=c4b7cd35c43b70f2 vn="Variante von Win32/ELEX.GD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Picexa\picexasvc.exe.vir" sh=C3617AD4683AF5B991E8F5C2FE53ABECE21544AF ft=1 fh=ff0590880251bdff vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir" sh=9B317EB87019D0600599C7ABB579F6904DCC0F5B ft=1 fh=943d551a16f0648c vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir" sh=B303AAD3450688D72FEDDD12F4A673D24609CBB6 ft=1 fh=75c98acd3cb84daf vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir" sh=2C931A79737E13CB57DD7CE0C3B5B79DAB0FE61F ft=1 fh=fac71ac1aa0220bd vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir" sh=8F4561F59D9F9285F305DA7D3187530B7FFD2CF7 ft=1 fh=3b5092a7532b16e0 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir" sh=EBB1CB36EA40A9D5FDC36E911DD08FABF8689ECE ft=1 fh=8c196507ecf75b55 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir" sh=E9431D6F9CC2EBDDF9E5E71AA76C4D3F462E3F44 ft=1 fh=13dc455354ca1a69 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir" sh=8DD918189DF97FE6C7F14E286F17CE0B420D5490 ft=1 fh=028e82786e79a939 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir" sh=B585CF2B6DFE1296905D4EE045C64BD4E4287714 ft=1 fh=c5697dffab5a8a38 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir" sh=1E98E0A4797D05338AACA431810D24C2A78B2E69 ft=1 fh=c621d2cf0600cb0b vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir" sh=F8EEA87F2D80A2B9F50D003B50EC177D6BA18340 ft=1 fh=202479d58531f6ed vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir" sh=566BEC2FFE9304A7F732096F2F57FA3464F560A3 ft=1 fh=06f903c4073f63c4 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir" sh=9C642C97D5193AEF036C63B75336962987BDA94E ft=1 fh=c71c00114497113d vn="Variante von Win32/ELEX.EK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SFKEX.dll.vir" sh=43EE4E9B5B9732A1E1A0DE2F828EEC535447CA30 ft=1 fh=c71c0011de917058 vn="Variante von Win32/ELEX.EX evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SFKEX.exe.vir" sh=BDABF4AF36E0EDA881B83BAFCF9D6505A6B0BE13 ft=1 fh=bd64b025e08e5ea0 vn="Variante von Win64/ELEX.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SFKEX64.dll.vir" sh=C1784F5FC11FB55160BB67B30B01AF16236DC7C8 ft=1 fh=b61fd7d48f36514f vn="Variante von Win64/ELEX.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SFKEX64.exe.vir" sh=5C90BEE6682167402380033398B1875254689247 ft=1 fh=737e82e1e94dd7fc vn="Variante von Win32/ELEX.FO evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\SSFK.exe.vir" sh=6C37B63137DC9C7AA3F6BE7E2FB3FDED06CA742E ft=0 fh=0000000000000000 vn="Variante von Win64/ELEX.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SFK\Yrrehs.zip.vir" sh=0CACF65C99062D1F6839DA2755D4437B85B98627 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json.vir" sh=5D860DC4BC2E6AA2A324471E2CD06247B4A83321 ft=1 fh=340fd67fb8bf67af vn="Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.dll.vir" sh=D7AB300D609790221D3D6F8C3CEF70C1E15AA41B ft=1 fh=40bf1221a2553a64 vn="Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.exe.vir" sh=DE68BA500DED722761516503207CA370CD2A4169 ft=1 fh=79ec13e764103809 vn="Variante von Win64/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro64.dll.vir" sh=5316C944A2DD058736A54D5A923C9B6F5E04652E ft=1 fh=c781305f4633d273 vn="Variante von Win32/SpeedBit.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\SPRemove.exe.vir" sh=CDDCC83CB70C6659518F4CE140481F84DB3600F4 ft=1 fh=a7722bc4f85c5045 vn="Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\Updater.exe.vir" sh=3EB1572995B8D22042BBF8D8932CCE5C0D852582 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\FireFox\content\overlay.js.vir" sh=3A74DA7264804463AEE3C3D68EF57ECE4A196D98 ft=1 fh=c71c0011e711423a vn="Variante von Win32/ShopperPro.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.exe.vir" sh=2CCBCD350E70F4E22C21CC79A31E57E4E8C6A584 ft=1 fh=66575a46d7b03aa2 vn="Variante von Win64/ShopperPro.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.sys.vir" sh=3A74DA7264804463AEE3C3D68EF57ECE4A196D98 ft=1 fh=c71c0011e711423a vn="Variante von Win32/ShopperPro.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2243\jsdrv.exe.vir" sh=2CCBCD350E70F4E22C21CC79A31E57E4E8C6A584 ft=1 fh=66575a46d7b03aa2 vn="Variante von Win64/ShopperPro.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2243\jsdrv.sys.vir" sh=7A6F30DA6DC167430572F5754B0E94606493555E ft=1 fh=3b4e1b59814f707f vn="Variante von Win32/BrowseFox.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Super Great\SuperGreatbho.dll.vir" sh=32E68A6AAE37F634B3BC6BA71C64D87EC257F73E ft=1 fh=a5dbbdb2da4fbdf6 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Super Great\bin\utilSuperGreat.exe.vir" sh=3F5D04149E916FADA9CA4ECEF02F2FBA2151D80C ft=1 fh=48895a5a9e00df71 vn="Variante von Win32/Adware.Vitruvian.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe.vir" sh=FFA92A7806098F8A56DF796DBD9235F203ED781F ft=1 fh=8e8812e35b797ee0 vn="MSIL/Adware.Vitruvian.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe.vir" sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi.vir" sh=2DC3B960D3F9F5361DFB000F167E6EC11B079213 ft=1 fh=fccf8d91041184ab vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir" sh=A506F13EE393EF6B118A3B101625E089DB0ED93E ft=1 fh=e254195b347bc0e3 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir" sh=EEAF6ECD24DE592CF93A2CAE458696092E95E0FE ft=1 fh=91033ff7caa81cc6 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab_Bak.dll.vir" sh=8A7440796A96B076EFEA0F53E3559F779A9B4B96 ft=1 fh=c71c00112e8145a6 vn="Variante von Win32/Adware.MultiPlug.ND Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\youtubeadblocker\3XrzH6k80ViWHo.dll.vir" sh=B23A71024F4CFB039E51418F8C25A92C905D8162 ft=1 fh=c71c00116ce2cc7b vn="Variante von Win32/Adware.MultiPlug.JY Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\youtubeadblocker\3XrzH6k80ViWHo.exe.vir" sh=35C095BBB0588D45537C5D36BC84EA7012300DCC ft=1 fh=e17d281f4b9f17dc vn="Variante von Win64/Adware.MultiPlug.K Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\youtubeadblocker\3XrzH6k80ViWHo.x64.dll.vir" sh=3FD84EA81F827C4EDE7A6884F6751AF900D760AA ft=1 fh=cb94832da5930253 vn="Variante von Win32/SpeedBit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelper.exe.vir" sh=B896009C09AC16BD1306CF7199FE99E5F8DBC9D9 ft=1 fh=d24244a5a5d4eaf1 vn="Variante von Win32/SBWatchman.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe.vir" sh=5909ADCC9241CA457D3A9C047B086751828DC01B ft=1 fh=d2358d04f9baa77b vn="Variante von Win32/SpeedBit.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadAPI.dll.vir" sh=077DE3AEFB880C6774362940E96669FB91BBEE37 ft=1 fh=f0e13f6c8376863a vn="Variante von Win32/SpeedBit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadHelper.exe.vir" sh=34DB5DC5F5DB66F22AFEF747F5EFBCE7A9F0F1BA ft=1 fh=02258aa8576a2b51 vn="Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir" sh=3DB18CBDF70221303CF6DD44B85B4DDFA9484122 ft=1 fh=5dc2068bb3bc9ef1 vn="Variante von Win32/SBWatchman.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDownloader.exe.vir" sh=6EC93F22C11F001020252D8B6BB1F7EF8FDBB93B ft=1 fh=eab7b8bce953c312 vn="Variante von Win32/SpeedBit.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe.vir" sh=D927FBF867E2E9F1F0F192C3C4E9BBE6EA308DAD ft=1 fh=f73530d3e13e7e62 vn="Variante von Win32/ELEX.FF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\HWdsManProH\WdsManPro.exe.vir" sh=1A1F55F6B612A95890234E4DFDE7ACBA4935B5FE ft=1 fh=726c1851acc7f7b8 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SecurityUtility\ColorMedia.exe.vir" sh=2B96AFC47D016F8FF111B856979CCE31F6902037 ft=1 fh=bdf8064abd1ffbf6 vn="Variante von Win32/Adware.PicColor.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SecurityUtility\SecurityUtilitySrv.exe.vir" sh=5D860DC4BC2E6AA2A324471E2CD06247B4A83321 ft=1 fh=340fd67fb8bf67af vn="Variante von Win32/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro.dll.vir" sh=DE68BA500DED722761516503207CA370CD2A4169 ft=1 fh=79ec13e764103809 vn="Variante von Win64/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro64.dll.vir" sh=C107669747C93760F501183CD112A3990700BDE8 ft=1 fh=a52ebc4977188da6 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir" sh=4AF2B5B2DDD3B9F423BFF9ED57E7A30B350FB548 ft=1 fh=54bbfc0bd5af6e8e vn="Variante von Win32/Adware.SpeedingUpMyPC.AF Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{09e4fc6d-e35d-2b64-09e4-4fc6de35f1b7}\hqghumeaylnlf.exe.vir" sh=C1173071FE5DEFCDA4D43B081340D2199E460F1D ft=1 fh=41b6e73e70954ebc vn="Variante von Win32/Adware.MultiPlug.NP Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe.vir" sh=BACC92701337D83A28AC7471906491D8F70844D1 ft=1 fh=0c1c754286dde3ea vn="Variante von Win32/Adware.SpeedingUpMyPC.AF Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{c98c1ea0-a9ab-f383-c98c-c1ea0a9a7a82}\hqghumeaylnlf.exe.vir" sh=36BD4070AA2C4D2F5B7EE41D0BBD49417209D930 ft=1 fh=c71c0011f9d074ff vn="Variante von Win32/Adware.ConvertAd.ABO Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Local\59BB2443-1446224326-3049-964B-54A050B178BE\qnsx80F1.tmp.vir" sh=E0340B21450484E368177785E0C70F1AD7BB7710 ft=1 fh=67459858df299285 vn="Variante von Win32/Adware.ConvertAd.ABT Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Local\59BB2443-1446224597-3049-964B-54A050B178BE\snsbA87A.tmp.vir" sh=8AAFF178583CD4C267129CDE5159B10842BAC1A3 ft=1 fh=0e58b4f2f9dd2741 vn="Variante von Win32/Adware.EoRezo.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Local\gmsd_de_004010044\upgmsd_de_004010044.exe.vir" sh=BC8BF91B3D7F20A9BE3BDB9A35F678AE3E336DA9 ft=1 fh=dc175935ed6e6e80 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Local\gmsd_de_004010044\Download\myoffergroup_de.exe.vir" sh=4B3A4B42B6335A792F4515BA5C4C145090EAF47A ft=1 fh=abb2e319750374e2 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Local\gmsd_de_004010044\Download\setup_rec_de_70.exe.vir" sh=7565FF7E2A29E12E419AFEA1868E8D8B04CFB372 ft=1 fh=36641b3df374269b vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Local\gmsd_de_004010044\Download\setup_rec_de_74.exe.vir" sh=B46DB06A236315C2E7F7FBF3FCB875A4390406DC ft=1 fh=18f69f1d0002896b vn="Variante von Win32/Adware.EoRezo.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Local\gmsd_de_005010131\upgmsd_de_005010131.exe.vir" sh=6142578CD21CF27FD3C1B3A4F0626DE9FC6DF275 ft=1 fh=a0b7e9a9340cf144 vn="Variante von Win32/PriceGong.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Local\SmartWeb\SmartWebApp.exe.vir" sh=AA2BA9D6607589A3C93D1C760E3512EC8E61F968 ft=1 fh=f770637cdb111250 vn="Win32/PriceGong.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Local\SmartWeb\SmartWebHelper.exe.vir" sh=080016256C564232771ED8D6EFFC94ECAECAD316 ft=1 fh=bfc1d533ef10baf8 vn="Variante von Win32/PriceGong.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Local\SmartWeb\swhk.dll.vir" sh=32BE00C9B8BD83BF621E433EC87DE21B08F82098 ft=1 fh=a4fbdca8e8e73dc7 vn="Variante von Win32/PriceGong.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Local\SmartWeb\__u.exe.vir" sh=BEDE6FBB9F57587B407A09B17396B7812247B393 ft=1 fh=35625a1b2dfb6156 vn="Variante von Win32/Toolbar.MyWebSearch.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\LocalLow\Allin1Convert_8hEI\Installr\Cache\E659141B.exe.vir" sh=6D860159A3AD4F566E62DB98916B26F3255A7A1E ft=1 fh=a6caf9f79a61099b vn="Variante von Win32/RiskWare.Astori.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Roaming\InetStat\inetstat.exe.vir" sh=D014E0C11B801FC6E25F0833560841A37EB1F88B ft=1 fh=f90c0fb38c4a72ef vn="Variante von Win32/Adware.ConvertAd.YX.gen Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Roaming\VOPackage\VOPackage.exe.vir" sh=4CF9EF4D739C2F8A1F3909A2720274527EC29E1F ft=1 fh=c71c001143f2d9bd vn="Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\tokoma\AppData\Roaming\webssearches\UninstallManager.exe.vir" sh=40DA924475F939721BFC39DE225D1604A29689BF ft=1 fh=a039efda69b6d65e vn="Variante von Win64/Packed.Komodia.C verdächtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysNative\acengine64.dll.vir" sh=7901403741FFB504DCB027EC8ECBC2A68458121F ft=1 fh=64741586049a4586 vn="Variante von Win64/Riskware.Komodia.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysNative\Rofdhowal64.dll.vir" sh=5258F47EA3D5C8A029F12482A6F05769E50350C4 ft=1 fh=81458dcd3b86c70b vn="Win64/Riskware.Komodia.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\acwfp64.sys.vir" sh=DB6A25E4835583F8C740ABC630F67897B187C62A ft=1 fh=0d01a7620f1acf00 vn="Variante von Win32/Adware.PicColor.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\CMWFP64.sys.vir" sh=783A840EEBDAE7F86B5F211352C9A2A60352BE51 ft=1 fh=5b627b5065c7707b vn="Variante von Win32/Packed.Komodia.D verdächtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\acengine.dll.vir" sh=870F6D241586F4FABC8D832334EAC8434B871F36 ft=1 fh=c18c90cbdc157840 vn="Variante von Win32/RiskWare.Komodia.I Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\Rofdhowal.dll.vir" sh=A967A2FF7EBCBFEBC21B5B050155A3A29DA9E359 ft=1 fh=ed40676be56d4101 vn="Variante von Win32/DownloadAssistant.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Microsoft\Windows\INetCache\IE\CI7AN55R\RevoUninstaller_Setup.exe" sh=55211CD3AC08A1AC7AF048915B3794883D41C845 ft=1 fh=c6af81cc096e9c55 vn="Variante von MSIL/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Microsoft\Windows\INetCache\IE\V0MU0RU6\Web_Bar_Setup_2.0.5749.22382[1].exe" sh=54BE9EA469529ABF1F96C070B8606330BC85722A ft=1 fh=636b46849a64c189 vn="Win32/Adware.ConvertAd.ACI Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nsb224C.tmp" sh=F9C33D164917BB88C267DDFEFD86BE08CE78C6F6 ft=1 fh=c1f6992b5dead16f vn="Variante von Win32/Adware.ConvertAd.YO.gen Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nse6793.tmp" sh=DB29537258B49C591BE95B02A3C9D9A349D5DD30 ft=1 fh=ed32553ee5cfa0e5 vn="Variante von Win32/Adware.ConvertAd.XD.gen Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nsfB377.tmp" sh=DB29537258B49C591BE95B02A3C9D9A349D5DD30 ft=1 fh=ed32553ee5cfa0e5 vn="Variante von Win32/Adware.ConvertAd.XD.gen Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nshAF85.tmp" sh=F9C33D164917BB88C267DDFEFD86BE08CE78C6F6 ft=1 fh=c1f6992b5dead16f vn="Variante von Win32/Adware.ConvertAd.YO.gen Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nsi616B.tmp" sh=DB29537258B49C591BE95B02A3C9D9A349D5DD30 ft=1 fh=ed32553ee5cfa0e5 vn="Variante von Win32/Adware.ConvertAd.XD.gen Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nsiDA70.tmp" sh=F9C33D164917BB88C267DDFEFD86BE08CE78C6F6 ft=1 fh=c1f6992b5dead16f vn="Variante von Win32/Adware.ConvertAd.YO.gen Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nsj1FC8.tmp" sh=B61B6D719C5EA8AE64C0FAAD9200A5C0548DBB01 ft=1 fh=5773573e0e2fdbbe vn="Variante von Win32/Adware.ConvertAd.XD.gen Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nskA6E3.tmp" sh=B61B6D719C5EA8AE64C0FAAD9200A5C0548DBB01 ft=1 fh=5773573e0e2fdbbe vn="Variante von Win32/Adware.ConvertAd.XD.gen Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nsn7F0.tmp" sh=01D697AF37DDBBEDC6BB495722A6315A945740E3 ft=1 fh=4b1f5bcfb41af47f vn="Win32/Adware.ConvertAd.ACI Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nsp68F7.tmp" sh=B61B6D719C5EA8AE64C0FAAD9200A5C0548DBB01 ft=1 fh=5773573e0e2fdbbe vn="Variante von Win32/Adware.ConvertAd.XD.gen Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nsqACB5.tmp" sh=835136A33927789BF36B960A227BD1F7BFB10D62 ft=1 fh=c71c00112c228f7b vn="Variante von Win32/Adware.Imali.F Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nsr3DF7.tmp" sh=DB29537258B49C591BE95B02A3C9D9A349D5DD30 ft=1 fh=ed32553ee5cfa0e5 vn="Variante von Win32/Adware.ConvertAd.XD.gen Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nst16E5.tmp" sh=B61B6D719C5EA8AE64C0FAAD9200A5C0548DBB01 ft=1 fh=5773573e0e2fdbbe vn="Variante von Win32/Adware.ConvertAd.XD.gen Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nsvD5AC.tmp" sh=F9C33D164917BB88C267DDFEFD86BE08CE78C6F6 ft=1 fh=c1f6992b5dead16f vn="Variante von Win32/Adware.ConvertAd.YO.gen Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nsxBC16.tmp" sh=45D8E668D04155DC05063628BFCFFA76F3872717 ft=1 fh=09c48a20781b01ef vn="Variante von Win32/Tencent.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881517_Silence.exe" sh=2BB273E204358C59EF77302F3DA67F00ABA77373 ft=0 fh=0000000000000000 vn="Variante von Win32/AlteredSoftware.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\2197\chrome.packed.7z" sh=EC69BCC28469ABFA78910F01F29A5C923BA3023F ft=1 fh=bc762fdc34000b11 vn="Variante von Win32/SpeedBit.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\Install_17492\ins_ytd.exe" sh=729B216465D0B8FEA9080A71F1902D7020778332 ft=1 fh=3d1aab48ef912daf vn="Variante von Win32/SpeedBit.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\Install_19017\ins_ytd.exe" sh=5676B24B4474697BACA34879678BBE4D4B798A5A ft=1 fh=48455528b35e059e vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\is-NT7JL.tmp\package_vuupc_installer_multilang.exe" sh=FCBAD92636D252513746AC06DC4DF01652D78D8B ft=1 fh=45114cc2e534a361 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\is-O2AI9.tmp\package_vuupc_installer_multilang.exe" sh=AF67BF0AEC33EF6B2C726C062E675F8DA272D3BD ft=1 fh=94b6f2fbebbc21ce vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\is-OLF5U.tmp\600.exe" sh=DBB05F42505B454BC63A52CFD5116470BD65070A ft=1 fh=94b6f2fbf433e326 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\is-OLF5U.tmp\package_BubbleSound_installer_multilang.exe" sh=F481CBB0EF2CF37886D7197B68F5EB94E5D8FBF7 ft=1 fh=4845552814d9ae72 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\is-QKKNE.tmp\package_secprotwhite_installer_multilang.exe" sh=475E9BD37EADA9150BADFBA4C6838575840F3AF8 ft=1 fh=48455528f2c227e0 vn="Variante von Win32/Adware.EoRezo.AY Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\is-QKKNE.tmp\package_vuupc_installer_multilang.exe" sh=4101270357B096EF454463D13581E3D123C60560 ft=1 fh=2a17fddd6cb742ea vn="Variante von Win32/InstallCore.ACL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\is45637729\1600539_stp\RAM.dll" sh=E8A09900A0F99D5ACE5224FA1A878C3C29E6C1EF ft=1 fh=88daedad3d10a98e vn="Variante von Win32/InstallCore.ADB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\is45637729\1600727_stp\icba.dll" sh=A5BE0C1A6877CFECACE44C10F7A77AE1925F9292 ft=1 fh=5b8d6bde69b054c1 vn="Variante von Win32/InstallCore.ACL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\is981565047\0CC2D40F_stp\TaskScheduler.dll" sh=87BAC9D18750AF6FDAF013CE5325914979C5A72A ft=1 fh=4d6154421bc357fe vn="Variante von Win32/InstallCore.ACL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\is981565047\4A562C14_stp\CreateShortcut.dll" sh=6D860159A3AD4F566E62DB98916B26F3255A7A1E ft=1 fh=a6caf9f79a61099b vn="Variante von Win32/RiskWare.Astori.C Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\nsh3538.tmp\inter_silent_nt.exe" sh=4F1B4E3F0D1CB4D8BC3144362DF59D0BED0F15F9 ft=1 fh=9b63cc4d142a8841 vn="Variante von Win32/ELEX.FM evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\st484A.tmp\dup.exe" sh=66596016FD702C2F6D27155A4ABD9DD8A199EE21 ft=1 fh=a91dd06e38394ce0 vn="Variante von Win32/ELEX.FM evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\st916F.tmp\dup.exe" sh=7650C4A70ED643E7C4A0CCE9DB64C8499114783C ft=1 fh=e552e14f9eb167bf vn="Variante von Win32/ELEX.FM evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\dup.exe" sh=40BA74D9EDCABF8AF541E3CE9CA426602CD685EC ft=1 fh=bef5a377947884c6 vn="Variante von Win32/ELEX.DS evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\Picexa.exe" sh=8E8482069BCB3C22F33049CBFEF12798933B6272 ft=1 fh=c4b7cd35c43b70f2 vn="Variante von Win32/ELEX.GD evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\PicexaSvc.exe" sh=C09E3BCD37C0693082A129BC295FA81D5AEEF37B ft=1 fh=a2eab533b0d070ad vn="Variante von Win32/ELEX.BV evtl. unerwünschte Anwendung" ac=I fn="C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\uninstall.exe" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\isdk3oGYm5Lu\ISightSDK.dll" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\isdkC8Q9xDfz\ISightSDK.dll" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\isdkKlDiRoZn\ISightSDK.dll" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\isdkKozIHZNP\ISightSDK.dll" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\isdkKQeYfx3V\ISightSDK.dll" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\isdkL0TdFMU7\ISightSDK.dll" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\isdkmWqSxz0V\ISightSDK.dll" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\isdkppd4LIct\ISightSDK.dll" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\isdkPSUgkHf5\ISightSDK.dll" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\isdksyDpXrHS\ISightSDK.dll" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\isdkwnDucLcD\ISightSDK.dll" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\isdkXu54z9Pd\ISightSDK.dll" sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\isdkZi4cBEUU\ISightSDK.dll" Code:
ATTFilter Results of screen317's Security Check version 1.013 --- 11/28/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender AVG AntiVirus Free Edition Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 66 Google Chrome (44.0.2403.125) Google Chrome (46.0.2490.86) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015 durchgeführt von tokoma (Administrator) auf TOKO (02-12-2015 00:30:40) Gestartet von C:\Users\tokoma\Desktop Geladene Profile: tokoma (Verfügbare Profile: tokoma) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (TeamViewer) C:\Program Files (x86)\ITbrain Agent\itbrain_agent.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-15] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] () HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\MountPoints2: {02627817-285f-11e4-8252-806e6f6e6963} - "E:\autorun.exe" ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{5C8B1A66-6F46-4E47-B6CF-280D94F05E04}: [DhcpNameServer] 192.13.128.24 Tcpip\..\Interfaces\{E72CCE24-6189-43F5-9E5E-5EC6FB4BB621}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-26] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-26] (Oracle Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-26] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-26] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () Chrome: ======= CHR Profile: C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-29] CHR Extension: (Google Drive) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25] CHR Extension: (YouTube) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25] CHR Extension: (Google-Suche) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25] CHR Extension: (Google Docs Offline) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-27] CHR Extension: (Google Mail) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [Datei ist nicht signiert] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 ITbrain Agent; C:\Program Files (x86)\ITbrain Agent\itbrain_agent.exe [5567488 2013-08-22] (TeamViewer) [Datei ist nicht signiert] R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6849808 2015-11-10] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-25] (Atheros) [Datei ist nicht signiert] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-28] (Intel Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-28 14:20 - 2016-07-28 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-07-28 14:18 - 2015-11-25 01:25 - 00000000 ____D C:\Program Files (x86)\BrowserPro App 2016-07-28 14:15 - 2016-07-28 14:20 - 00000000 ____D C:\Program Files (x86)\Google 2016-07-28 14:15 - 2015-11-24 23:53 - 00000000 ____D C:\Users\tokoma\AppData\Local\Google 2016-07-24 15:31 - 2015-11-25 00:34 - 00000000 ____D C:\Program Files\Common Files\AV 2016-06-19 14:45 - 2016-07-28 13:29 - 00000000 ____D C:\Windows\Minidump 2016-06-19 14:45 - 2016-07-27 15:16 - 640785184 _____ C:\Windows\MEMORY.DMP 2016-06-18 17:52 - 2015-08-01 06:52 - 00000226 _____ C:\Users\tokoma\AppData\Roaming\WB.CFG 2016-06-18 15:53 - 2016-06-18 15:54 - 00000000 ____D C:\Users\tokoma\AppData\Local\Chromium 2015-12-02 00:30 - 2015-12-02 00:31 - 00015346 _____ C:\Users\tokoma\Desktop\FRST.txt 2015-12-01 18:54 - 2015-12-01 18:55 - 02870984 _____ (ESET) C:\Users\tokoma\Desktop\esetsmartinstaller_deu (1).exe 2015-12-01 18:54 - 2015-12-01 18:54 - 00852771 _____ C:\Users\tokoma\Desktop\SecurityCheck.exe 2015-12-01 18:35 - 2015-12-01 18:35 - 00000081 _____ C:\Users\tokoma\AppData\Roaming\sp_data.sys 2015-12-01 18:31 - 2015-12-01 18:31 - 00001090 _____ C:\Users\tokoma\Desktop\GWX Control Panel.lnk 2015-12-01 18:31 - 2015-12-01 18:31 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GWX Control Panel 2015-12-01 18:31 - 2015-12-01 18:31 - 00000000 ____D C:\Program Files (x86)\UltimateOutsider 2015-12-01 09:35 - 2015-12-01 09:35 - 00000000 ____D C:\Users\tokoma\AppData\Local\GWX 2015-11-30 19:41 - 2015-11-30 19:42 - 02393976 _____ C:\Users\tokoma\Desktop\GwxControlPanelSetup.exe 2015-11-30 02:02 - 2015-11-30 02:02 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\ProductData 2015-11-29 14:07 - 2015-11-29 14:07 - 00000827 _____ C:\Users\tokoma\Desktop\JRT.txt 2015-11-29 14:02 - 2015-11-29 14:02 - 00002663 _____ C:\Users\tokoma\Desktop\AdwCleaner[C3].txt 2015-11-29 13:19 - 2015-11-29 13:19 - 01733632 _____ C:\Users\tokoma\Desktop\AdwCleaner_5.022.exe 2015-11-29 13:16 - 2015-11-29 13:17 - 01599336 _____ (Malwarebytes) C:\Users\tokoma\Desktop\JRT.exe 2015-11-27 23:33 - 2015-07-28 02:09 - 00484552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2015-11-27 23:33 - 2015-07-28 02:08 - 00690016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2015-11-27 21:38 - 2015-11-29 13:44 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2015-11-27 21:38 - 2015-11-29 13:43 - 00000967 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2015-11-27 21:33 - 2015-11-27 21:36 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\TeamViewer 2015-11-27 21:14 - 2015-11-27 21:14 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2015-11-27 21:14 - 2015-11-27 21:14 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software 2015-11-27 21:11 - 2015-12-02 00:30 - 00000000 ____D C:\Program Files (x86)\ITbrain Agent 2015-11-27 21:11 - 2015-11-27 21:11 - 00000000 __HDC C:\ProgramData\{651038AD-E038-410A-BD90-28FB006FD850} 2015-11-27 21:11 - 2015-11-27 21:11 - 00000000 ____D C:\Users\Default\AppData\Local\PackageAware 2015-11-27 21:11 - 2015-11-27 21:11 - 00000000 ____D C:\Users\Default User\AppData\Local\PackageAware 2015-11-27 20:51 - 2015-11-29 13:43 - 00001110 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-11-27 20:51 - 2015-11-27 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-27 20:51 - 2015-11-27 20:51 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-27 20:51 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-27 20:51 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-27 20:49 - 2015-11-27 20:50 - 22908888 _____ (Malwarebytes ) C:\Users\tokoma\Downloads\mbam-setup-2.2.0.1024.exe 2015-11-27 20:49 - 2015-11-27 20:50 - 22908888 _____ (Malwarebytes ) C:\Users\tokoma\Downloads\mbam-setup-2.2.0.1024 (1).exe 2015-11-27 00:04 - 2015-11-03 01:23 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-27 00:04 - 2015-11-03 01:23 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-26 23:07 - 2015-11-26 23:07 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2015-11-26 23:07 - 2015-11-26 23:07 - 00027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2015-11-26 23:00 - 2015-11-29 13:43 - 00001213 _____ C:\Users\Public\Desktop\Media Player Classic.lnk 2015-11-26 23:00 - 2015-11-26 23:00 - 00003790 _____ C:\Windows\System32\Tasks\klcp_update 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\Program Files\7-Zip 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2015-11-26 22:59 - 2015-11-26 23:00 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2015-11-26 22:58 - 2015-11-26 22:59 - 00000000 ____D C:\Users\tokoma\.oracle_jre_usage 2015-11-26 22:58 - 2015-11-26 22:58 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-11-26 22:58 - 2015-11-26 22:58 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Sun 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Users\tokoma\AppData\Local\Adobe 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-11-26 22:55 - 2015-11-29 13:43 - 00000080 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-26 22:55 - 2015-11-26 22:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-11-26 22:55 - 2015-11-26 22:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-11-26 22:54 - 2015-12-01 23:59 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-26 22:54 - 2015-12-01 22:59 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-26 22:54 - 2015-11-26 22:54 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-11-26 22:54 - 2015-11-26 22:54 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-11-26 22:52 - 2015-11-26 22:52 - 00307200 _____ (Secure By Design Inc.) C:\Users\tokoma\Downloads\Ninite 7Zip Air Chrome Java 8 Installer.exe 2015-11-26 20:49 - 2015-07-30 15:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-11-26 20:49 - 2015-07-30 14:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-11-26 19:43 - 2015-12-02 00:30 - 00000000 ____D C:\Users\tokoma\Desktop\FRST-OlderVersion 2015-11-25 21:20 - 2015-11-29 13:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-25 21:20 - 2015-11-27 00:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-25 21:17 - 2015-11-25 22:23 - 00000000 ____D C:\Users\tokoma\Desktop\mbar 2015-11-25 21:17 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-25 21:12 - 2015-11-25 21:12 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\tokoma\Desktop\tdsskiller.exe 2015-11-25 21:07 - 2015-11-25 21:09 - 16563352 _____ (Malwarebytes Corp.) C:\Users\tokoma\Desktop\mbar-1.09.3.1001.exe 2015-11-25 20:49 - 2015-11-25 20:49 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2015-11-25 20:49 - 2015-11-25 20:49 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-11-25 20:48 - 2015-11-25 20:48 - 00000000 ____D C:\Users\tokoma\Documents\ProfessionalPCCleaner 2015-11-25 19:09 - 2015-12-02 00:30 - 00000000 ____D C:\FRST 2015-11-25 19:08 - 2015-11-25 19:08 - 00380416 _____ C:\Users\tokoma\Desktop\Gmer-19357.exe 2015-11-25 19:06 - 2015-12-02 00:30 - 02350080 _____ (Farbar) C:\Users\tokoma\Desktop\FRST64.exe 2015-11-25 19:05 - 2015-11-25 19:05 - 00000000 _____ C:\Users\tokoma\defogger_reenable 2015-11-25 19:03 - 2015-11-25 19:03 - 00050477 _____ C:\Users\tokoma\Desktop\Defogger.exe 2015-11-25 18:44 - 2015-11-25 18:44 - 00000000 ____D C:\Users\tokoma\AppData\Local\TeamViewer 2015-11-25 18:43 - 2015-12-02 00:28 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-11-25 18:42 - 2015-11-25 18:43 - 08202040 _____ (TeamViewer GmbH) C:\Users\tokoma\Downloads\TeamViewer_Setup_de.exe 2015-11-25 02:53 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-25 02:53 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-25 02:53 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-25 02:53 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-25 02:53 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-25 02:53 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-25 02:53 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-25 02:53 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-25 02:53 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-11-25 02:53 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-25 02:53 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-25 02:53 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-25 02:53 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-25 02:53 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-25 02:53 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-25 02:53 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-11-25 02:53 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-25 02:53 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-25 02:53 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-25 02:53 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-25 02:53 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-25 02:53 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-25 02:53 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-25 02:47 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-25 02:47 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-25 02:47 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2015-11-25 02:47 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-25 02:47 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-25 02:47 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-25 02:47 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-25 02:47 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-11-25 02:47 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-25 02:47 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-25 02:47 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-11-25 02:47 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-25 02:47 - 2015-09-29 13:24 - 00155480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2015-11-25 02:47 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll 2015-11-25 02:47 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2015-11-25 02:47 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2015-11-25 02:47 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2015-11-25 02:47 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-11-25 02:47 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys 2015-11-25 02:47 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe 2015-11-25 02:47 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-11-25 02:47 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-11-25 02:47 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2015-11-25 02:47 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2015-11-25 02:46 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-25 02:46 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-25 02:46 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-25 02:46 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-11-25 02:46 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-11-25 02:46 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-11-25 02:46 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-11-25 02:46 - 2015-09-12 14:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml 2015-11-25 02:46 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-25 02:46 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-25 02:43 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-25 02:43 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-25 02:43 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-25 02:43 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-25 02:43 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-11-25 02:43 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-25 02:43 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-25 02:43 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-25 02:43 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-25 02:43 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-25 02:43 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-25 02:43 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-25 02:37 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-25 02:35 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2015-11-25 02:35 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2015-11-25 02:35 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2015-11-25 02:35 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2015-11-25 02:35 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2015-11-25 02:35 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2015-11-25 02:35 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys 2015-11-25 00:35 - 2015-11-25 00:35 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\AVG 2015-11-25 00:34 - 2015-11-27 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-11-25 00:34 - 2015-11-25 00:34 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\TuneUp Software 2015-11-25 00:31 - 2015-11-25 00:31 - 00000000 ___HD C:\$AVG 2015-11-25 00:24 - 2015-12-01 20:53 - 00000000 ____D C:\ProgramData\MFAData 2015-11-25 00:24 - 2015-11-29 13:43 - 00000922 _____ C:\Users\Public\Desktop\AVG.lnk 2015-11-25 00:24 - 2015-11-25 00:24 - 00000000 ____D C:\Users\tokoma\AppData\Local\MFAData 2015-11-25 00:24 - 2015-11-25 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-11-25 00:21 - 2015-11-25 00:31 - 00000000 ____D C:\ProgramData\Avg 2015-11-25 00:21 - 2015-11-25 00:28 - 00000000 ____D C:\Program Files (x86)\AVG 2015-11-25 00:20 - 2015-11-27 21:13 - 00000000 ____D C:\Users\tokoma\AppData\Local\Avg 2015-11-25 00:20 - 2015-11-25 00:23 - 00000000 ____D C:\Users\tokoma\AppData\Local\AvgSetupLog 2015-11-25 00:19 - 2015-11-25 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\LocalLow\IObit 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\ProgramData\IObit 2015-11-25 00:02 - 2015-11-25 22:11 - 00000000 ____D C:\Program Files (x86)\IObit 2015-11-25 00:02 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\IObit 2015-11-24 23:31 - 2015-11-24 23:31 - 00000000 _____ C:\Recovery.txt 2015-11-24 22:54 - 2015-11-29 13:58 - 00000000 ____D C:\AdwCleaner 2015-11-24 22:37 - 2015-11-24 22:37 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\kingsoft ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-28 12:47 - 2014-09-30 16:23 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{165E99F4-4F00-4F10-8F2D-DEE576ACF2BD} 2016-07-28 12:46 - 2015-05-13 16:19 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1 2016-07-28 12:46 - 2015-05-13 16:19 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2 2016-07-19 19:29 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports 2016-07-17 17:32 - 2014-10-30 14:52 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2015 2016-07-02 14:23 - 2015-01-19 15:16 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-01 19:25 - 2015-08-05 12:25 - 00000374 _____ C:\Windows\Tasks\DocControl.job 2015-12-01 18:46 - 2014-09-30 16:12 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-655055617-1888823773-2012408708-1001 2015-12-01 18:39 - 2014-05-16 00:45 - 00765582 _____ C:\Windows\system32\perfh007.dat 2015-12-01 18:39 - 2014-05-16 00:45 - 00159366 _____ C:\Windows\system32\perfc007.dat 2015-12-01 18:39 - 2014-03-18 16:26 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-01 18:39 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2015-12-01 18:35 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-01 18:34 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-01 05:44 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-01 05:44 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2015-11-29 14:13 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-11-29 13:44 - 2014-08-20 12:58 - 00001316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk 2015-11-29 13:44 - 2014-08-20 12:55 - 00000712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk 2015-11-29 13:44 - 2014-05-15 16:59 - 00002468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk 2015-11-29 13:44 - 2014-05-15 16:54 - 00001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2015-11-29 13:43 - 2015-05-24 08:44 - 00001273 _____ C:\Users\Public\Desktop\Air Traffic Control.lnk 2015-11-29 13:43 - 2015-02-18 13:49 - 00000969 _____ C:\Users\Public\Desktop\Minecraft.lnk 2015-11-29 13:43 - 2015-02-07 18:49 - 00001170 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2015-11-29 13:43 - 2014-10-30 15:03 - 00001293 _____ C:\Users\tokoma\Desktop\Landwirtschafts Simulator 15 .lnk 2015-11-29 13:43 - 2014-09-30 16:06 - 00000469 _____ C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-11-29 13:43 - 2014-09-30 16:06 - 00000467 _____ C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-11-29 13:42 - 2013-08-22 15:44 - 00338072 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-29 13:40 - 2014-10-22 19:13 - 00000000 ___RD C:\Windows\BrowserChoice 2015-11-28 04:41 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache 2015-11-27 23:33 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2015-11-26 23:58 - 2015-04-05 10:05 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-11-26 23:58 - 2015-04-05 10:05 - 00000000 ___SD C:\Windows\system32\GWX 2015-11-26 23:58 - 2014-03-18 16:10 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-26 23:58 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData 2015-11-26 23:58 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-11-26 23:58 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-11-26 23:45 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-11-26 22:59 - 2015-05-14 12:51 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-11-26 22:59 - 2015-05-14 12:51 - 00000000 ____D C:\Program Files\Java 2015-11-26 22:59 - 2015-01-31 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-26 22:58 - 2014-09-30 16:06 - 00000000 ____D C:\Users\tokoma 2015-11-26 22:57 - 2015-05-24 09:34 - 00000000 ____D C:\ProgramData\Adobe 2015-11-26 22:57 - 2015-01-31 18:04 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-26 22:57 - 2014-09-30 16:07 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Adobe 2015-11-26 20:14 - 2014-10-22 19:10 - 00000000 ____D C:\Windows\system32\MRT 2015-11-26 20:08 - 2014-10-22 19:10 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-26 00:20 - 2015-10-30 19:06 - 00001125 _____ C:\Users\tokoma\Desktop\nativelog.txt 2015-11-25 19:13 - 2015-05-01 14:13 - 00206848 ___SH C:\Users\tokoma\Desktop\Thumbs.db 2015-11-25 19:01 - 2014-09-30 16:06 - 00000000 ____D C:\Users\tokoma\AppData\Local\Packages 2015-11-25 18:40 - 2014-12-09 20:51 - 00000000 ____D C:\Users\tokoma\AppData\Local\CrashDumps 2015-11-25 01:25 - 2015-08-05 12:32 - 00000000 ____D C:\Program Files (x86)\Ghostery 2015-11-25 00:33 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-11-25 00:15 - 2014-08-20 13:12 - 00000000 ____D C:\Program Files\Common Files\mcafee 2015-11-25 00:15 - 2014-08-20 13:12 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-11-25 00:15 - 2014-08-20 13:11 - 00000000 ____D C:\ProgramData\McAfee 2015-11-24 23:43 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System 2015-11-24 23:22 - 2015-05-29 13:11 - 00000000 ____D C:\Windows\system32\log ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-12-01 18:35 - 2015-12-01 18:35 - 0000081 _____ () C:\Users\tokoma\AppData\Roaming\sp_data.sys 2016-06-18 17:52 - 2015-08-01 06:52 - 0000226 _____ () C:\Users\tokoma\AppData\Roaming\WB.CFG 2014-08-20 12:58 - 2014-08-20 12:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-05-15 16:58 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2014-05-15 16:58 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-05-15 16:58 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS 2015-09-14 20:18 - 2015-09-14 20:18 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Einige Dateien in TEMP: ==================== C:\Users\tokoma\AppData\Local\Temp\apptemp.1.exe C:\Users\tokoma\AppData\Local\Temp\atdl.exe C:\Users\tokoma\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\tokoma\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe C:\Users\tokoma\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881517_Silence.exe C:\Users\tokoma\AppData\Local\Temp\Quarantine.exe C:\Users\tokoma\AppData\Local\Temp\SpOrder.dll C:\Users\tokoma\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-25 19:22 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015 durchgeführt von tokoma (2015-12-02 00:32:03) Gestartet von C:\Users\tokoma\Desktop Windows 8.1 (X64) (2014-09-30 15:06:34) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-655055617-1888823773-2012408708-500 - Administrator - Disabled) Gast (S-1-5-21-655055617-1888823773-2012408708-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-655055617-1888823773-2012408708-1003 - Limited - Enabled) tokoma (S-1-5-21-655055617-1888823773-2012408708-1001 - Administrator - Enabled) => C:\Users\tokoma ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.) Air Traffic Control (HKLM-x32\...\Air Traffic Control_is1) (Version: - Nemesys Team Studio) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS) ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS) AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies) AVG (Version: 16.7.7227 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4477 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies) AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.) Geländewagen-Simulator 2012 (Nur entfernen) (HKLM-x32\...\{50747054-5F94-4BBC-B189-4D3F4D22C094}_is1) (Version: 1.1.1.0 - Rondomedia Marketing & Vertriebs GmbH) GIANTS Editor 6.0.2 32-bit (HKLM-x32\...\giants_editor_6.0.2_win32_is1) (Version: 6.0.2 - GIANTS Software GmbH) Google Chrome (HKLM-x32\...\{9CED8BD3-5E1F-3B87-97E3-0A3D5B7E49BA}) (Version: 46.0.2490.86 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) ITbrain Agent (HKLM-x32\...\ITbrain Agent) (Version: 1.0.0 - TeamViewer) ITbrain Agent (x32 Version: 1.0 - InstallAware Software Corporation) Hidden ITbrain Agent (x32 Version: 1.0.0 - TeamViewer) Hidden Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) K-Lite Codec Pack 11.7.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.0 - ) Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.2.0.0 - GIANTS Software) Let's go 2 Sprachtrainer (HKLM-x32\...\{33DA5B25-479B-431E-9691-650D7293B31F}) (Version: 1.00.000 - Klett) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MediaPlayerVid2.4 (HKLM-x32\...\MediaPlayerVid2.4) (Version: 1.36.01.22 - NewPlayerVideo+) <==== ACHTUNG Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Phonetik (HKLM-x32\...\{626B7EA2-B7C2-4277-AE30-A8B452A92B6C}) (Version: 1.0.0 - Ernst Klett Verlag) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.51091 Beta - TeamViewer) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent) Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-655055617-1888823773-2012408708-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Wiederherstellungspunkte ========================= 25-11-2015 19:22:27 Windows Update 29-11-2015 14:03:54 JRT Pre-Junkware Removal ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {1F0CFFF0-5B0F-4D02-9C88-D3E666FD98E7} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS) Task: {3A2AD2F5-DA33-44B9-8C81-C905B39BF7D5} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-11-19] () Task: {40DEE9C9-64DA-4D89-82E8-7B52375748BA} - \Crossbrowse -> Keine Datei <==== ACHTUNG Task: {7BEEB586-4055-4005-ACD4-3741E7307D83} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] () Task: {A0E0B8E2-D8E5-4332-841E-DD1B00E9E122} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.) Task: {A75A6BF7-3D66-49C0-8EA5-BA7084B338A1} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {AB15EBB1-52E2-495B-9D6E-F6939F7D96B8} - System32\Tasks\DocControl => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: {AF26F9D7-CA93-4E30-A419-366551E45487} - \ProfessionalPCCleaner_Start -> Keine Datei <==== ACHTUNG Task: {B740C971-DDB5-4ECF-B4E3-B9F4026B1D7C} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.) Task: {BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD} - \Papuir -> Keine Datei <==== ACHTUNG Task: {CB808FC9-7655-4728-A744-E4FA33F32F7C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.) Task: {D1403659-1623-4CAE-8D62-2ACEDCB42A2A} - \cfr3011 -> Keine Datei <==== ACHTUNG Task: {DC74E85A-D091-4963-A838-170EDE4E5868} - \ProfessionalPCCleaner_Popup -> Keine Datei <==== ACHTUNG Task: {E1DF7755-472E-4882-99D2-8B1E335E1C79} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-26] (Microsoft Corporation) Task: {ECF238FA-98A6-4D1A-A33C-EEB7D1318599} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek) Task: {F59FBF87-D889-4982-A23A-97410AB1FA03} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {FB1C8FF6-2F5A-4E80-B1B8-EA4E448A7476} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor) Task: {FE41704B-1D34-48B0-8172-4D01B87B1A47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.) Task: {FFF22234-81DA-49C7-AC22-3EEA6ECAA36E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\DocControl.job => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2014-04-02 14:46 - 2014-04-02 14:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll 2015-11-25 00:03 - 2015-09-21 10:49 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2015-11-25 00:21 - 2015-11-25 00:21 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "3D BubbleSound" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "rec_de_70" HKLM\...\StartupApproved\Run32: => "YTDownloader" HKLM\...\StartupApproved\Run32: => "rec_de_74" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\StartupFolder: => "crossbrowse.lnk" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_98557E2CC4C9D57801F5B3619084BEF7" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "Gameo" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_EC762B715C225D87E1C23535A3EDCE73" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "SPDriver" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "YTDownloader" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{192477CF-8B53-4A83-B511-06315D696FA8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{A46D567D-5F9A-45CE-8BD6-890EC3EB6BC7}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{DF697040-F386-4FF9-B8B3-78333930FC9E}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{68136F48-6499-49A1-B039-D32581004614}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{2F937C3E-8AFD-44AD-AB66-AE5762095737}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{3CD82484-EE38-472E-9304-DAC40B574B8D}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [{53D0D9B3-2293-428B-881D-FD2BA123DB9B}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [{5E0942ED-7728-4D3C-B997-F4DC8F76EF73}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{23E7DC91-7F7C-444F-BF78-4833B471F527}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{69A2C892-1AFE-40E8-91D8-E0DAB77503C0}] => (Allow) C:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe FirewallRules: [{55F25D8D-8DC3-47AB-9370-5B9593DCCC26}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{4071443B-2F56-4F46-86CD-B1B1FC0429F0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{F3F8E757-1B34-4FE5-82E2-9C3701D6C78B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{4215CA2E-7145-4E56-AD68-0032B44420D8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{7B88681B-E215-46FD-BF11-263AB3B8CB12}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F0E6401B-A50B-4641-B255-86120DCB97ED}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F016DAB6-D3AF-4775-A4A9-7CB3A3E73ECC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{27EFDCE1-6AA4-4DEA-90A0-FA328EE8F9AC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{2E15FED7-83FB-403E-B89F-C8B8E33DEB4F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{19BB4360-F6DD-453A-BA17-807357334F7E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{8A3BFD11-35B7-4038-B5A1-EDCBB7A78719}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{46646FC2-AB53-4F77-9989-36D04CD46239}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{395BDA37-E1A7-4B45-A446-5414A351B475}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/02/2015 00:27:39 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:56:24 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:56:21 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:56:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:56:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:55:26 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (11/25/2015 06:34:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xfa8 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Vollständiger Name des fehlerhaften Pakets: mbam.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5 Error: (11/25/2015 02:39:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.8.0, Zeitstempel: 0x53f64d6c Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.8.0, Zeitstempel: 0x53f64d6c Ausnahmecode: 0x40000015 Fehleroffset: 0x0008f746 ID des fehlerhaften Prozesses: 0x1340 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5 Error: (11/25/2015 00:11:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_Schedule, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: iSafeSrvMon64.dll, Version: 6.1.45.23411, Zeitstempel: 0x5500213f Ausnahmecode: 0xc0000409 Fehleroffset: 0x0000000000005ceb ID des fehlerhaften Prozesses: 0x358 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Schedule0 Pfad der fehlerhaften Anwendung: svchost.exe_Schedule1 Pfad des fehlerhaften Moduls: svchost.exe_Schedule2 Berichtskennung: svchost.exe_Schedule3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_Schedule4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Schedule5 Error: (11/24/2015 11:57:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Systemfehler: ============= Error: (12/02/2015 00:30:42 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (12/01/2015 06:58:28 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\tokoma\AppData\Local\Temp\ehdrv.sys Error: (12/01/2015 06:58:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/01/2015 06:58:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/01/2015 06:58:27 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\tokoma\AppData\Local\Temp\ehdrv.sys Error: (12/01/2015 06:58:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/01/2015 06:58:27 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\tokoma\AppData\Local\Temp\ehdrv.sys Error: (12/01/2015 06:15:53 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (12/01/2015 05:45:10 AM) (Source: DCOM) (EventID: 10010) (User: toko) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/01/2015 05:44:40 AM) (Source: DCOM) (EventID: 10010) (User: toko) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} CodeIntegrity: =================================== Date: 2015-12-01 18:36:22.272 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-29 14:01:29.712 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-29 13:47:07.860 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-29 13:42:23.564 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-29 13:18:23.523 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:39.909 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:38.894 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:37.893 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:36.831 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:35.690 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz Prozentuale Nutzung des RAM: 22% Installierter physikalischer RAM: 8078.54 MB Verfügbarer physikalischer RAM: 6256.07 MB Summe virtueller Speicher: 10766.54 MB Verfügbarer virtueller Speicher: 8784 MB ==================== Laufwerke ================================ Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:307.64 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.5 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 61ECA0B9) Partition: GPT. ==================== Ende von Addition.txt ============================ Laptop verhält sich ziemlich normal bis jetz |
02.12.2015, 16:59 | #10 |
/// the machine /// TB-Ausbilder | Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung Popup Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\tokoma\AppData\Local\Microsoft\Windows\INetCache\IE\CI7AN55R\RevoUninstaller_Setup.exe C:\Users\tokoma\AppData\Local\Microsoft\Windows\INetCache\IE\V0MU0RU6\Web_Bar_Setup_2.0.5749.22382[1].exe C:\Users\tokoma\AppData\Local\Temp\nsb224C.tmp C:\Users\tokoma\AppData\Local\Temp\nse6793.tmp C:\Users\tokoma\AppData\Local\Temp\nsfB377.tmp C:\Users\tokoma\AppData\Local\Temp\nshAF85.tmp C:\Users\tokoma\AppData\Local\Temp\nsi616B.tmp C:\Users\tokoma\AppData\Local\Temp\nsiDA70.tmp C:\Users\tokoma\AppData\Local\Temp\nsj1FC8.tmp C:\Users\tokoma\AppData\Local\Temp\nskA6E3.tmp C:\Users\tokoma\AppData\Local\Temp\nsn7F0.tmp C:\Users\tokoma\AppData\Local\Temp\nsp68F7.tmp C:\Users\tokoma\AppData\Local\Temp\nsqACB5.tmp C:\Users\tokoma\AppData\Local\Temp\nsr3DF7.tmp C:\Users\tokoma\AppData\Local\Temp\nst16E5.tmp C:\Users\tokoma\AppData\Local\Temp\nsvD5AC.tmp C:\Users\tokoma\AppData\Local\Temp\nsxBC16.tmp C:\Users\tokoma\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881517_Silence.exe C:\Users\tokoma\AppData\Local\Temp\2197\chrome.packed.7z C:\Users\tokoma\AppData\Local\Temp\Install_17492\ins_ytd.exe C:\Users\tokoma\AppData\Local\Temp\Install_19017\ins_ytd.exe C:\Users\tokoma\AppData\Local\Temp\is-NT7JL.tmp\package_vuupc_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is-O2AI9.tmp\package_vuupc_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is-OLF5U.tmp\600.exe C:\Users\tokoma\AppData\Local\Temp\is-OLF5U.tmp\package_BubbleSound_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is-QKKNE.tmp\package_secprotwhite_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is-QKKNE.tmp\package_vuupc_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is45637729\1600539_stp\RAM.dll C:\Users\tokoma\AppData\Local\Temp\is45637729\1600727_stp\icba.dll C:\Users\tokoma\AppData\Local\Temp\is981565047\0CC2D40F_stp\TaskScheduler.dll C:\Users\tokoma\AppData\Local\Temp\is981565047\4A562C14_stp\CreateShortcut.dll C:\Users\tokoma\AppData\Local\Temp\nsh3538.tmp\inter_silent_nt.exe C:\Users\tokoma\AppData\Local\Temp\st484A.tmp\dup.exe C:\Users\tokoma\AppData\Local\Temp\st916F.tmp\dup.exe C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\dup.exe C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\Picexa.exe C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\PicexaSvc.exe C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\uninstall.exe C:\Windows\Temp\isdk3oGYm5Lu\ISightSDK.dll C:\Windows\Temp\isdkC8Q9xDfz\ISightSDK.dll C:\Windows\Temp\isdkKlDiRoZn\ISightSDK.dll C:\Windows\Temp\isdkKozIHZNP\ISightSDK.dll C:\Windows\Temp\isdkKQeYfx3V\ISightSDK.dll C:\Windows\Temp\isdkL0TdFMU7\ISightSDK.dll C:\Windows\Temp\isdkmWqSxz0V\ISightSDK.dll C:\Windows\Temp\isdkppd4LIct\ISightSDK.dll C:\Windows\Temp\isdkPSUgkHf5\ISightSDK.dll C:\Windows\Temp\isdksyDpXrHS\ISightSDK.dll C:\Windows\Temp\isdkwnDucLcD\ISightSDK.dll C:\Windows\Temp\isdkXu54z9Pd\ISightSDK.dll C:\Windows\Temp\isdkZi4cBEUU\ISightSDK.dll Task: {40DEE9C9-64DA-4D89-82E8-7B52375748BA} - \Crossbrowse -> Keine Datei <==== ACHTUNG Task: {AB15EBB1-52E2-495B-9D6E-F6939F7D96B8} - System32\Tasks\DocControl => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: {AF26F9D7-CA93-4E30-A419-366551E45487} - \ProfessionalPCCleaner_Start -> Keine Datei <==== ACHTUNG Task: {BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD} - \Papuir -> Keine Datei <==== ACHTUNG Task: {D1403659-1623-4CAE-8D62-2ACEDCB42A2A} - \cfr3011 -> Keine Datei <==== ACHTUNG Task: {DC74E85A-D091-4963-A838-170EDE4E5868} - \ProfessionalPCCleaner_Popup -> Keine Datei <==== ACHTUNG Task: C:\Windows\Tasks\DocControl.job => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ACHTUNG Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frische FRST logs bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.12.2015, 21:07 | #11 |
| Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung PopupCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015 durchgeführt von tokoma (2015-12-02 20:57:26) Run:1 Gestartet von C:\Users\tokoma\Desktop Geladene Profile: tokoma (Verfügbare Profile: tokoma) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** C:\Users\tokoma\AppData\Local\Microsoft\Windows\INetCache\IE\CI7AN55R\RevoUninstaller_Setup.exe C:\Users\tokoma\AppData\Local\Microsoft\Windows\INetCache\IE\V0MU0RU6\Web_Bar_Setup_2.0.5749.22382[1].exe C:\Users\tokoma\AppData\Local\Temp\nsb224C.tmp C:\Users\tokoma\AppData\Local\Temp\nse6793.tmp C:\Users\tokoma\AppData\Local\Temp\nsfB377.tmp C:\Users\tokoma\AppData\Local\Temp\nshAF85.tmp C:\Users\tokoma\AppData\Local\Temp\nsi616B.tmp C:\Users\tokoma\AppData\Local\Temp\nsiDA70.tmp C:\Users\tokoma\AppData\Local\Temp\nsj1FC8.tmp C:\Users\tokoma\AppData\Local\Temp\nskA6E3.tmp C:\Users\tokoma\AppData\Local\Temp\nsn7F0.tmp C:\Users\tokoma\AppData\Local\Temp\nsp68F7.tmp C:\Users\tokoma\AppData\Local\Temp\nsqACB5.tmp C:\Users\tokoma\AppData\Local\Temp\nsr3DF7.tmp C:\Users\tokoma\AppData\Local\Temp\nst16E5.tmp C:\Users\tokoma\AppData\Local\Temp\nsvD5AC.tmp C:\Users\tokoma\AppData\Local\Temp\nsxBC16.tmp C:\Users\tokoma\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881517_Silence.exe C:\Users\tokoma\AppData\Local\Temp\2197\chrome.packed.7z C:\Users\tokoma\AppData\Local\Temp\Install_17492\ins_ytd.exe C:\Users\tokoma\AppData\Local\Temp\Install_19017\ins_ytd.exe C:\Users\tokoma\AppData\Local\Temp\is-NT7JL.tmp\package_vuupc_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is-O2AI9.tmp\package_vuupc_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is-OLF5U.tmp\600.exe C:\Users\tokoma\AppData\Local\Temp\is-OLF5U.tmp\package_BubbleSound_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is-QKKNE.tmp\package_secprotwhite_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is-QKKNE.tmp\package_vuupc_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is45637729\1600539_stp\RAM.dll C:\Users\tokoma\AppData\Local\Temp\is45637729\1600727_stp\icba.dll C:\Users\tokoma\AppData\Local\Temp\is981565047\0CC2D40F_stp\TaskScheduler.dll C:\Users\tokoma\AppData\Local\Temp\is981565047\4A562C14_stp\CreateShortcut.dll C:\Users\tokoma\AppData\Local\Temp\nsh3538.tmp\inter_silent_nt.exe C:\Users\tokoma\AppData\Local\Temp\st484A.tmp\dup.exe C:\Users\tokoma\AppData\Local\Temp\st916F.tmp\dup.exe C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\dup.exe C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\Picexa.exe C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\PicexaSvc.exe C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\uninstall.exe C:\Windows\Temp\isdk3oGYm5Lu\ISightSDK.dll C:\Windows\Temp\isdkC8Q9xDfz\ISightSDK.dll C:\Windows\Temp\isdkKlDiRoZn\ISightSDK.dll C:\Windows\Temp\isdkKozIHZNP\ISightSDK.dll C:\Windows\Temp\isdkKQeYfx3V\ISightSDK.dll C:\Windows\Temp\isdkL0TdFMU7\ISightSDK.dll C:\Windows\Temp\isdkmWqSxz0V\ISightSDK.dll C:\Windows\Temp\isdkppd4LIct\ISightSDK.dll C:\Windows\Temp\isdkPSUgkHf5\ISightSDK.dll C:\Windows\Temp\isdksyDpXrHS\ISightSDK.dll C:\Windows\Temp\isdkwnDucLcD\ISightSDK.dll C:\Windows\Temp\isdkXu54z9Pd\ISightSDK.dll C:\Windows\Temp\isdkZi4cBEUU\ISightSDK.dll Task: {40DEE9C9-64DA-4D89-82E8-7B52375748BA} - \Crossbrowse -> Keine Datei <==== ACHTUNG Task: {AB15EBB1-52E2-495B-9D6E-F6939F7D96B8} - System32\Tasks\DocControl => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: {AF26F9D7-CA93-4E30-A419-366551E45487} - \ProfessionalPCCleaner_Start -> Keine Datei <==== ACHTUNG Task: {BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD} - \Papuir -> Keine Datei <==== ACHTUNG Task: {D1403659-1623-4CAE-8D62-2ACEDCB42A2A} - \cfr3011 -> Keine Datei <==== ACHTUNG Task: {DC74E85A-D091-4963-A838-170EDE4E5868} - \ProfessionalPCCleaner_Popup -> Keine Datei <==== ACHTUNG Task: C:\Windows\Tasks\DocControl.job => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ACHTUNG Emptytemp: ***************** C:\Users\tokoma\AppData\Local\Microsoft\Windows\INetCache\IE\CI7AN55R\RevoUninstaller_Setup.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Microsoft\Windows\INetCache\IE\V0MU0RU6\Web_Bar_Setup_2.0.5749.22382[1].exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsb224C.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nse6793.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsfB377.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nshAF85.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsi616B.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsiDA70.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsj1FC8.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nskA6E3.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsn7F0.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsp68F7.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsqACB5.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsr3DF7.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nst16E5.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsvD5AC.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsxBC16.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881517_Silence.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\2197\chrome.packed.7z => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\Install_17492\ins_ytd.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\Install_19017\ins_ytd.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is-NT7JL.tmp\package_vuupc_installer_multilang.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is-O2AI9.tmp\package_vuupc_installer_multilang.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is-OLF5U.tmp\600.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is-OLF5U.tmp\package_BubbleSound_installer_multilang.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is-QKKNE.tmp\package_secprotwhite_installer_multilang.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is-QKKNE.tmp\package_vuupc_installer_multilang.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is45637729\1600539_stp\RAM.dll => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is45637729\1600727_stp\icba.dll => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is981565047\0CC2D40F_stp\TaskScheduler.dll => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is981565047\4A562C14_stp\CreateShortcut.dll => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsh3538.tmp\inter_silent_nt.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\st484A.tmp\dup.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\st916F.tmp\dup.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\dup.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\Picexa.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\PicexaSvc.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\uninstall.exe => erfolgreich verschoben C:\Windows\Temp\isdk3oGYm5Lu\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkC8Q9xDfz\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkKlDiRoZn\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkKozIHZNP\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkKQeYfx3V\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkL0TdFMU7\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkmWqSxz0V\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkppd4LIct\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkPSUgkHf5\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdksyDpXrHS\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkwnDucLcD\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkXu54z9Pd\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkZi4cBEUU\ISightSDK.dll => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40DEE9C9-64DA-4D89-82E8-7B52375748BA}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40DEE9C9-64DA-4D89-82E8-7B52375748BA}" => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse => Schlüssel nicht gefunden. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB15EBB1-52E2-495B-9D6E-F6939F7D96B8}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB15EBB1-52E2-495B-9D6E-F6939F7D96B8}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\DocControl => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DocControl" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AF26F9D7-CA93-4E30-A419-366551E45487}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF26F9D7-CA93-4E30-A419-366551E45487}" => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Start => Schlüssel nicht gefunden. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD}" => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Papuir => Schlüssel nicht gefunden. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1403659-1623-4CAE-8D62-2ACEDCB42A2A}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1403659-1623-4CAE-8D62-2ACEDCB42A2A}" => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cfr3011 => Schlüssel nicht gefunden. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC74E85A-D091-4963-A838-170EDE4E5868}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC74E85A-D091-4963-A838-170EDE4E5868}" => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Popup => Schlüssel nicht gefunden. C:\Windows\Tasks\DocControl.job => erfolgreich verschoben "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CMWFP" => Schlüssel erfolgreich entfernt EmptyTemp: => 2.2 GB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende von Fixlog 20:59:41 ==== Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015 durchgeführt von tokoma (2015-12-02 20:57:26) Run:1 Gestartet von C:\Users\tokoma\Desktop Geladene Profile: tokoma (Verfügbare Profile: tokoma) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** C:\Users\tokoma\AppData\Local\Microsoft\Windows\INetCache\IE\CI7AN55R\RevoUninstaller_Setup.exe C:\Users\tokoma\AppData\Local\Microsoft\Windows\INetCache\IE\V0MU0RU6\Web_Bar_Setup_2.0.5749.22382[1].exe C:\Users\tokoma\AppData\Local\Temp\nsb224C.tmp C:\Users\tokoma\AppData\Local\Temp\nse6793.tmp C:\Users\tokoma\AppData\Local\Temp\nsfB377.tmp C:\Users\tokoma\AppData\Local\Temp\nshAF85.tmp C:\Users\tokoma\AppData\Local\Temp\nsi616B.tmp C:\Users\tokoma\AppData\Local\Temp\nsiDA70.tmp C:\Users\tokoma\AppData\Local\Temp\nsj1FC8.tmp C:\Users\tokoma\AppData\Local\Temp\nskA6E3.tmp C:\Users\tokoma\AppData\Local\Temp\nsn7F0.tmp C:\Users\tokoma\AppData\Local\Temp\nsp68F7.tmp C:\Users\tokoma\AppData\Local\Temp\nsqACB5.tmp C:\Users\tokoma\AppData\Local\Temp\nsr3DF7.tmp C:\Users\tokoma\AppData\Local\Temp\nst16E5.tmp C:\Users\tokoma\AppData\Local\Temp\nsvD5AC.tmp C:\Users\tokoma\AppData\Local\Temp\nsxBC16.tmp C:\Users\tokoma\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881517_Silence.exe C:\Users\tokoma\AppData\Local\Temp\2197\chrome.packed.7z C:\Users\tokoma\AppData\Local\Temp\Install_17492\ins_ytd.exe C:\Users\tokoma\AppData\Local\Temp\Install_19017\ins_ytd.exe C:\Users\tokoma\AppData\Local\Temp\is-NT7JL.tmp\package_vuupc_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is-O2AI9.tmp\package_vuupc_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is-OLF5U.tmp\600.exe C:\Users\tokoma\AppData\Local\Temp\is-OLF5U.tmp\package_BubbleSound_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is-QKKNE.tmp\package_secprotwhite_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is-QKKNE.tmp\package_vuupc_installer_multilang.exe C:\Users\tokoma\AppData\Local\Temp\is45637729\1600539_stp\RAM.dll C:\Users\tokoma\AppData\Local\Temp\is45637729\1600727_stp\icba.dll C:\Users\tokoma\AppData\Local\Temp\is981565047\0CC2D40F_stp\TaskScheduler.dll C:\Users\tokoma\AppData\Local\Temp\is981565047\4A562C14_stp\CreateShortcut.dll C:\Users\tokoma\AppData\Local\Temp\nsh3538.tmp\inter_silent_nt.exe C:\Users\tokoma\AppData\Local\Temp\st484A.tmp\dup.exe C:\Users\tokoma\AppData\Local\Temp\st916F.tmp\dup.exe C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\dup.exe C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\Picexa.exe C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\PicexaSvc.exe C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\uninstall.exe C:\Windows\Temp\isdk3oGYm5Lu\ISightSDK.dll C:\Windows\Temp\isdkC8Q9xDfz\ISightSDK.dll C:\Windows\Temp\isdkKlDiRoZn\ISightSDK.dll C:\Windows\Temp\isdkKozIHZNP\ISightSDK.dll C:\Windows\Temp\isdkKQeYfx3V\ISightSDK.dll C:\Windows\Temp\isdkL0TdFMU7\ISightSDK.dll C:\Windows\Temp\isdkmWqSxz0V\ISightSDK.dll C:\Windows\Temp\isdkppd4LIct\ISightSDK.dll C:\Windows\Temp\isdkPSUgkHf5\ISightSDK.dll C:\Windows\Temp\isdksyDpXrHS\ISightSDK.dll C:\Windows\Temp\isdkwnDucLcD\ISightSDK.dll C:\Windows\Temp\isdkXu54z9Pd\ISightSDK.dll C:\Windows\Temp\isdkZi4cBEUU\ISightSDK.dll Task: {40DEE9C9-64DA-4D89-82E8-7B52375748BA} - \Crossbrowse -> Keine Datei <==== ACHTUNG Task: {AB15EBB1-52E2-495B-9D6E-F6939F7D96B8} - System32\Tasks\DocControl => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: {AF26F9D7-CA93-4E30-A419-366551E45487} - \ProfessionalPCCleaner_Start -> Keine Datei <==== ACHTUNG Task: {BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD} - \Papuir -> Keine Datei <==== ACHTUNG Task: {D1403659-1623-4CAE-8D62-2ACEDCB42A2A} - \cfr3011 -> Keine Datei <==== ACHTUNG Task: {DC74E85A-D091-4963-A838-170EDE4E5868} - \ProfessionalPCCleaner_Popup -> Keine Datei <==== ACHTUNG Task: C:\Windows\Tasks\DocControl.job => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ACHTUNG Emptytemp: ***************** C:\Users\tokoma\AppData\Local\Microsoft\Windows\INetCache\IE\CI7AN55R\RevoUninstaller_Setup.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Microsoft\Windows\INetCache\IE\V0MU0RU6\Web_Bar_Setup_2.0.5749.22382[1].exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsb224C.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nse6793.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsfB377.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nshAF85.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsi616B.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsiDA70.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsj1FC8.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nskA6E3.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsn7F0.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsp68F7.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsqACB5.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsr3DF7.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nst16E5.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsvD5AC.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsxBC16.tmp => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881517_Silence.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\2197\chrome.packed.7z => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\Install_17492\ins_ytd.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\Install_19017\ins_ytd.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is-NT7JL.tmp\package_vuupc_installer_multilang.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is-O2AI9.tmp\package_vuupc_installer_multilang.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is-OLF5U.tmp\600.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is-OLF5U.tmp\package_BubbleSound_installer_multilang.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is-QKKNE.tmp\package_secprotwhite_installer_multilang.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is-QKKNE.tmp\package_vuupc_installer_multilang.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is45637729\1600539_stp\RAM.dll => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is45637729\1600727_stp\icba.dll => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is981565047\0CC2D40F_stp\TaskScheduler.dll => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\is981565047\4A562C14_stp\CreateShortcut.dll => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\nsh3538.tmp\inter_silent_nt.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\st484A.tmp\dup.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\st916F.tmp\dup.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\dup.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\Picexa.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\PicexaSvc.exe => erfolgreich verschoben C:\Users\tokoma\AppData\Local\Temp\stA54D.tmp\uninstall.exe => erfolgreich verschoben C:\Windows\Temp\isdk3oGYm5Lu\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkC8Q9xDfz\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkKlDiRoZn\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkKozIHZNP\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkKQeYfx3V\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkL0TdFMU7\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkmWqSxz0V\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkppd4LIct\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkPSUgkHf5\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdksyDpXrHS\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkwnDucLcD\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkXu54z9Pd\ISightSDK.dll => erfolgreich verschoben C:\Windows\Temp\isdkZi4cBEUU\ISightSDK.dll => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40DEE9C9-64DA-4D89-82E8-7B52375748BA}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40DEE9C9-64DA-4D89-82E8-7B52375748BA}" => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse => Schlüssel nicht gefunden. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB15EBB1-52E2-495B-9D6E-F6939F7D96B8}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB15EBB1-52E2-495B-9D6E-F6939F7D96B8}" => Schlüssel erfolgreich entfernt C:\Windows\System32\Tasks\DocControl => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DocControl" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AF26F9D7-CA93-4E30-A419-366551E45487}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF26F9D7-CA93-4E30-A419-366551E45487}" => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Start => Schlüssel nicht gefunden. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD}" => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Papuir => Schlüssel nicht gefunden. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1403659-1623-4CAE-8D62-2ACEDCB42A2A}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1403659-1623-4CAE-8D62-2ACEDCB42A2A}" => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cfr3011 => Schlüssel nicht gefunden. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC74E85A-D091-4963-A838-170EDE4E5868}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC74E85A-D091-4963-A838-170EDE4E5868}" => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Popup => Schlüssel nicht gefunden. C:\Windows\Tasks\DocControl.job => erfolgreich verschoben "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CMWFP" => Schlüssel erfolgreich entfernt EmptyTemp: => 2.2 GB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende von Fixlog 20:59:41 ==== |
03.12.2015, 15:49 | #12 |
/// the machine /// TB-Ausbilder | Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung Popup Das frische FRST log?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.12.2015, 19:11 | #13 |
| Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung PopupCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015 durchgeführt von tokoma (Administrator) auf TOKO (02-12-2015 00:30:40) Gestartet von C:\Users\tokoma\Desktop Geladene Profile: tokoma (Verfügbare Profile: tokoma) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (TeamViewer) C:\Program Files (x86)\ITbrain Agent\itbrain_agent.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-15] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] () HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\MountPoints2: {02627817-285f-11e4-8252-806e6f6e6963} - "E:\autorun.exe" ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{5C8B1A66-6F46-4E47-B6CF-280D94F05E04}: [DhcpNameServer] 192.13.128.24 Tcpip\..\Interfaces\{E72CCE24-6189-43F5-9E5E-5EC6FB4BB621}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-26] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-26] (Oracle Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-26] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-26] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () Chrome: ======= CHR Profile: C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-29] CHR Extension: (Google Drive) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25] CHR Extension: (YouTube) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25] CHR Extension: (Google-Suche) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25] CHR Extension: (Google Docs Offline) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-27] CHR Extension: (Google Mail) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [Datei ist nicht signiert] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 ITbrain Agent; C:\Program Files (x86)\ITbrain Agent\itbrain_agent.exe [5567488 2013-08-22] (TeamViewer) [Datei ist nicht signiert] R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6849808 2015-11-10] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-25] (Atheros) [Datei ist nicht signiert] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-28] (Intel Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-28 14:20 - 2016-07-28 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-07-28 14:18 - 2015-11-25 01:25 - 00000000 ____D C:\Program Files (x86)\BrowserPro App 2016-07-28 14:15 - 2016-07-28 14:20 - 00000000 ____D C:\Program Files (x86)\Google 2016-07-28 14:15 - 2015-11-24 23:53 - 00000000 ____D C:\Users\tokoma\AppData\Local\Google 2016-07-24 15:31 - 2015-11-25 00:34 - 00000000 ____D C:\Program Files\Common Files\AV 2016-06-19 14:45 - 2016-07-28 13:29 - 00000000 ____D C:\Windows\Minidump 2016-06-19 14:45 - 2016-07-27 15:16 - 640785184 _____ C:\Windows\MEMORY.DMP 2016-06-18 17:52 - 2015-08-01 06:52 - 00000226 _____ C:\Users\tokoma\AppData\Roaming\WB.CFG 2016-06-18 15:53 - 2016-06-18 15:54 - 00000000 ____D C:\Users\tokoma\AppData\Local\Chromium 2015-12-02 00:30 - 2015-12-02 00:31 - 00015346 _____ C:\Users\tokoma\Desktop\FRST.txt 2015-12-01 18:54 - 2015-12-01 18:55 - 02870984 _____ (ESET) C:\Users\tokoma\Desktop\esetsmartinstaller_deu (1).exe 2015-12-01 18:54 - 2015-12-01 18:54 - 00852771 _____ C:\Users\tokoma\Desktop\SecurityCheck.exe 2015-12-01 18:35 - 2015-12-01 18:35 - 00000081 _____ C:\Users\tokoma\AppData\Roaming\sp_data.sys 2015-12-01 18:31 - 2015-12-01 18:31 - 00001090 _____ C:\Users\tokoma\Desktop\GWX Control Panel.lnk 2015-12-01 18:31 - 2015-12-01 18:31 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GWX Control Panel 2015-12-01 18:31 - 2015-12-01 18:31 - 00000000 ____D C:\Program Files (x86)\UltimateOutsider 2015-12-01 09:35 - 2015-12-01 09:35 - 00000000 ____D C:\Users\tokoma\AppData\Local\GWX 2015-11-30 19:41 - 2015-11-30 19:42 - 02393976 _____ C:\Users\tokoma\Desktop\GwxControlPanelSetup.exe 2015-11-30 02:02 - 2015-11-30 02:02 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\ProductData 2015-11-29 14:07 - 2015-11-29 14:07 - 00000827 _____ C:\Users\tokoma\Desktop\JRT.txt 2015-11-29 14:02 - 2015-11-29 14:02 - 00002663 _____ C:\Users\tokoma\Desktop\AdwCleaner[C3].txt 2015-11-29 13:19 - 2015-11-29 13:19 - 01733632 _____ C:\Users\tokoma\Desktop\AdwCleaner_5.022.exe 2015-11-29 13:16 - 2015-11-29 13:17 - 01599336 _____ (Malwarebytes) C:\Users\tokoma\Desktop\JRT.exe 2015-11-27 23:33 - 2015-07-28 02:09 - 00484552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2015-11-27 23:33 - 2015-07-28 02:08 - 00690016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2015-11-27 21:38 - 2015-11-29 13:44 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2015-11-27 21:38 - 2015-11-29 13:43 - 00000967 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2015-11-27 21:33 - 2015-11-27 21:36 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\TeamViewer 2015-11-27 21:14 - 2015-11-27 21:14 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2015-11-27 21:14 - 2015-11-27 21:14 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software 2015-11-27 21:11 - 2015-12-02 00:30 - 00000000 ____D C:\Program Files (x86)\ITbrain Agent 2015-11-27 21:11 - 2015-11-27 21:11 - 00000000 __HDC C:\ProgramData\{651038AD-E038-410A-BD90-28FB006FD850} 2015-11-27 21:11 - 2015-11-27 21:11 - 00000000 ____D C:\Users\Default\AppData\Local\PackageAware 2015-11-27 21:11 - 2015-11-27 21:11 - 00000000 ____D C:\Users\Default User\AppData\Local\PackageAware 2015-11-27 20:51 - 2015-11-29 13:43 - 00001110 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-11-27 20:51 - 2015-11-27 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-27 20:51 - 2015-11-27 20:51 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-27 20:51 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-27 20:51 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-27 20:49 - 2015-11-27 20:50 - 22908888 _____ (Malwarebytes ) C:\Users\tokoma\Downloads\mbam-setup-2.2.0.1024.exe 2015-11-27 20:49 - 2015-11-27 20:50 - 22908888 _____ (Malwarebytes ) C:\Users\tokoma\Downloads\mbam-setup-2.2.0.1024 (1).exe 2015-11-27 00:04 - 2015-11-03 01:23 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-27 00:04 - 2015-11-03 01:23 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-26 23:07 - 2015-11-26 23:07 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2015-11-26 23:07 - 2015-11-26 23:07 - 00027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2015-11-26 23:00 - 2015-11-29 13:43 - 00001213 _____ C:\Users\Public\Desktop\Media Player Classic.lnk 2015-11-26 23:00 - 2015-11-26 23:00 - 00003790 _____ C:\Windows\System32\Tasks\klcp_update 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\Program Files\7-Zip 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2015-11-26 22:59 - 2015-11-26 23:00 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2015-11-26 22:58 - 2015-11-26 22:59 - 00000000 ____D C:\Users\tokoma\.oracle_jre_usage 2015-11-26 22:58 - 2015-11-26 22:58 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-11-26 22:58 - 2015-11-26 22:58 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Sun 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Users\tokoma\AppData\Local\Adobe 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-11-26 22:55 - 2015-11-29 13:43 - 00000080 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-26 22:55 - 2015-11-26 22:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-11-26 22:55 - 2015-11-26 22:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-11-26 22:54 - 2015-12-01 23:59 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-26 22:54 - 2015-12-01 22:59 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-26 22:54 - 2015-11-26 22:54 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-11-26 22:54 - 2015-11-26 22:54 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-11-26 22:52 - 2015-11-26 22:52 - 00307200 _____ (Secure By Design Inc.) C:\Users\tokoma\Downloads\Ninite 7Zip Air Chrome Java 8 Installer.exe 2015-11-26 20:49 - 2015-07-30 15:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-11-26 20:49 - 2015-07-30 14:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-11-26 19:43 - 2015-12-02 00:30 - 00000000 ____D C:\Users\tokoma\Desktop\FRST-OlderVersion 2015-11-25 21:20 - 2015-11-29 13:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-25 21:20 - 2015-11-27 00:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-25 21:17 - 2015-11-25 22:23 - 00000000 ____D C:\Users\tokoma\Desktop\mbar 2015-11-25 21:17 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-25 21:12 - 2015-11-25 21:12 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\tokoma\Desktop\tdsskiller.exe 2015-11-25 21:07 - 2015-11-25 21:09 - 16563352 _____ (Malwarebytes Corp.) C:\Users\tokoma\Desktop\mbar-1.09.3.1001.exe 2015-11-25 20:49 - 2015-11-25 20:49 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2015-11-25 20:49 - 2015-11-25 20:49 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-11-25 20:48 - 2015-11-25 20:48 - 00000000 ____D C:\Users\tokoma\Documents\ProfessionalPCCleaner 2015-11-25 19:09 - 2015-12-02 00:30 - 00000000 ____D C:\FRST 2015-11-25 19:08 - 2015-11-25 19:08 - 00380416 _____ C:\Users\tokoma\Desktop\Gmer-19357.exe 2015-11-25 19:06 - 2015-12-02 00:30 - 02350080 _____ (Farbar) C:\Users\tokoma\Desktop\FRST64.exe 2015-11-25 19:05 - 2015-11-25 19:05 - 00000000 _____ C:\Users\tokoma\defogger_reenable 2015-11-25 19:03 - 2015-11-25 19:03 - 00050477 _____ C:\Users\tokoma\Desktop\Defogger.exe 2015-11-25 18:44 - 2015-11-25 18:44 - 00000000 ____D C:\Users\tokoma\AppData\Local\TeamViewer 2015-11-25 18:43 - 2015-12-02 00:28 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-11-25 18:42 - 2015-11-25 18:43 - 08202040 _____ (TeamViewer GmbH) C:\Users\tokoma\Downloads\TeamViewer_Setup_de.exe 2015-11-25 02:53 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-25 02:53 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-25 02:53 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-25 02:53 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-25 02:53 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-25 02:53 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-25 02:53 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-25 02:53 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-25 02:53 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-11-25 02:53 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-25 02:53 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-25 02:53 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-25 02:53 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-25 02:53 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-25 02:53 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-25 02:53 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-11-25 02:53 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-25 02:53 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-25 02:53 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-25 02:53 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-25 02:53 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-25 02:53 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-25 02:53 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-25 02:47 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-25 02:47 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-25 02:47 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2015-11-25 02:47 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-25 02:47 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-25 02:47 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-25 02:47 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-25 02:47 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-11-25 02:47 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-25 02:47 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-25 02:47 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-11-25 02:47 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-25 02:47 - 2015-09-29 13:24 - 00155480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2015-11-25 02:47 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll 2015-11-25 02:47 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2015-11-25 02:47 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2015-11-25 02:47 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2015-11-25 02:47 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-11-25 02:47 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys 2015-11-25 02:47 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe 2015-11-25 02:47 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-11-25 02:47 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-11-25 02:47 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2015-11-25 02:47 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2015-11-25 02:46 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-25 02:46 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-25 02:46 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-25 02:46 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-11-25 02:46 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-11-25 02:46 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-11-25 02:46 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-11-25 02:46 - 2015-09-12 14:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml 2015-11-25 02:46 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-25 02:46 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-25 02:43 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-25 02:43 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-25 02:43 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-25 02:43 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-25 02:43 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-11-25 02:43 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-25 02:43 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-25 02:43 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-25 02:43 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-25 02:43 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-25 02:43 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-25 02:43 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-25 02:37 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-25 02:35 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2015-11-25 02:35 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2015-11-25 02:35 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2015-11-25 02:35 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2015-11-25 02:35 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2015-11-25 02:35 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2015-11-25 02:35 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys 2015-11-25 00:35 - 2015-11-25 00:35 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\AVG 2015-11-25 00:34 - 2015-11-27 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-11-25 00:34 - 2015-11-25 00:34 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\TuneUp Software 2015-11-25 00:31 - 2015-11-25 00:31 - 00000000 ___HD C:\$AVG 2015-11-25 00:24 - 2015-12-01 20:53 - 00000000 ____D C:\ProgramData\MFAData 2015-11-25 00:24 - 2015-11-29 13:43 - 00000922 _____ C:\Users\Public\Desktop\AVG.lnk 2015-11-25 00:24 - 2015-11-25 00:24 - 00000000 ____D C:\Users\tokoma\AppData\Local\MFAData 2015-11-25 00:24 - 2015-11-25 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-11-25 00:21 - 2015-11-25 00:31 - 00000000 ____D C:\ProgramData\Avg 2015-11-25 00:21 - 2015-11-25 00:28 - 00000000 ____D C:\Program Files (x86)\AVG 2015-11-25 00:20 - 2015-11-27 21:13 - 00000000 ____D C:\Users\tokoma\AppData\Local\Avg 2015-11-25 00:20 - 2015-11-25 00:23 - 00000000 ____D C:\Users\tokoma\AppData\Local\AvgSetupLog 2015-11-25 00:19 - 2015-11-25 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\LocalLow\IObit 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\ProgramData\IObit 2015-11-25 00:02 - 2015-11-25 22:11 - 00000000 ____D C:\Program Files (x86)\IObit 2015-11-25 00:02 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\IObit 2015-11-24 23:31 - 2015-11-24 23:31 - 00000000 _____ C:\Recovery.txt 2015-11-24 22:54 - 2015-11-29 13:58 - 00000000 ____D C:\AdwCleaner 2015-11-24 22:37 - 2015-11-24 22:37 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\kingsoft ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-28 12:47 - 2014-09-30 16:23 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{165E99F4-4F00-4F10-8F2D-DEE576ACF2BD} 2016-07-28 12:46 - 2015-05-13 16:19 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1 2016-07-28 12:46 - 2015-05-13 16:19 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2 2016-07-19 19:29 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports 2016-07-17 17:32 - 2014-10-30 14:52 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2015 2016-07-02 14:23 - 2015-01-19 15:16 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-01 19:25 - 2015-08-05 12:25 - 00000374 _____ C:\Windows\Tasks\DocControl.job 2015-12-01 18:46 - 2014-09-30 16:12 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-655055617-1888823773-2012408708-1001 2015-12-01 18:39 - 2014-05-16 00:45 - 00765582 _____ C:\Windows\system32\perfh007.dat 2015-12-01 18:39 - 2014-05-16 00:45 - 00159366 _____ C:\Windows\system32\perfc007.dat 2015-12-01 18:39 - 2014-03-18 16:26 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-01 18:39 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2015-12-01 18:35 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-01 18:34 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-01 05:44 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-01 05:44 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2015-11-29 14:13 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-11-29 13:44 - 2014-08-20 12:58 - 00001316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk 2015-11-29 13:44 - 2014-08-20 12:55 - 00000712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk 2015-11-29 13:44 - 2014-05-15 16:59 - 00002468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk 2015-11-29 13:44 - 2014-05-15 16:54 - 00001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2015-11-29 13:43 - 2015-05-24 08:44 - 00001273 _____ C:\Users\Public\Desktop\Air Traffic Control.lnk 2015-11-29 13:43 - 2015-02-18 13:49 - 00000969 _____ C:\Users\Public\Desktop\Minecraft.lnk 2015-11-29 13:43 - 2015-02-07 18:49 - 00001170 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2015-11-29 13:43 - 2014-10-30 15:03 - 00001293 _____ C:\Users\tokoma\Desktop\Landwirtschafts Simulator 15 .lnk 2015-11-29 13:43 - 2014-09-30 16:06 - 00000469 _____ C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-11-29 13:43 - 2014-09-30 16:06 - 00000467 _____ C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-11-29 13:42 - 2013-08-22 15:44 - 00338072 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-29 13:40 - 2014-10-22 19:13 - 00000000 ___RD C:\Windows\BrowserChoice 2015-11-28 04:41 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache 2015-11-27 23:33 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2015-11-26 23:58 - 2015-04-05 10:05 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-11-26 23:58 - 2015-04-05 10:05 - 00000000 ___SD C:\Windows\system32\GWX 2015-11-26 23:58 - 2014-03-18 16:10 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-26 23:58 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData 2015-11-26 23:58 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-11-26 23:58 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-11-26 23:45 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-11-26 22:59 - 2015-05-14 12:51 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-11-26 22:59 - 2015-05-14 12:51 - 00000000 ____D C:\Program Files\Java 2015-11-26 22:59 - 2015-01-31 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-26 22:58 - 2014-09-30 16:06 - 00000000 ____D C:\Users\tokoma 2015-11-26 22:57 - 2015-05-24 09:34 - 00000000 ____D C:\ProgramData\Adobe 2015-11-26 22:57 - 2015-01-31 18:04 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-26 22:57 - 2014-09-30 16:07 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Adobe 2015-11-26 20:14 - 2014-10-22 19:10 - 00000000 ____D C:\Windows\system32\MRT 2015-11-26 20:08 - 2014-10-22 19:10 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-26 00:20 - 2015-10-30 19:06 - 00001125 _____ C:\Users\tokoma\Desktop\nativelog.txt 2015-11-25 19:13 - 2015-05-01 14:13 - 00206848 ___SH C:\Users\tokoma\Desktop\Thumbs.db 2015-11-25 19:01 - 2014-09-30 16:06 - 00000000 ____D C:\Users\tokoma\AppData\Local\Packages 2015-11-25 18:40 - 2014-12-09 20:51 - 00000000 ____D C:\Users\tokoma\AppData\Local\CrashDumps 2015-11-25 01:25 - 2015-08-05 12:32 - 00000000 ____D C:\Program Files (x86)\Ghostery 2015-11-25 00:33 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-11-25 00:15 - 2014-08-20 13:12 - 00000000 ____D C:\Program Files\Common Files\mcafee 2015-11-25 00:15 - 2014-08-20 13:12 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-11-25 00:15 - 2014-08-20 13:11 - 00000000 ____D C:\ProgramData\McAfee 2015-11-24 23:43 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System 2015-11-24 23:22 - 2015-05-29 13:11 - 00000000 ____D C:\Windows\system32\log ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-12-01 18:35 - 2015-12-01 18:35 - 0000081 _____ () C:\Users\tokoma\AppData\Roaming\sp_data.sys 2016-06-18 17:52 - 2015-08-01 06:52 - 0000226 _____ () C:\Users\tokoma\AppData\Roaming\WB.CFG 2014-08-20 12:58 - 2014-08-20 12:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-05-15 16:58 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2014-05-15 16:58 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-05-15 16:58 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS 2015-09-14 20:18 - 2015-09-14 20:18 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Einige Dateien in TEMP: ==================== C:\Users\tokoma\AppData\Local\Temp\apptemp.1.exe C:\Users\tokoma\AppData\Local\Temp\atdl.exe C:\Users\tokoma\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\tokoma\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe C:\Users\tokoma\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881517_Silence.exe C:\Users\tokoma\AppData\Local\Temp\Quarantine.exe C:\Users\tokoma\AppData\Local\Temp\SpOrder.dll C:\Users\tokoma\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-25 19:22 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015 durchgeführt von tokoma (2015-12-02 00:32:03) Gestartet von C:\Users\tokoma\Desktop Windows 8.1 (X64) (2014-09-30 15:06:34) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-655055617-1888823773-2012408708-500 - Administrator - Disabled) Gast (S-1-5-21-655055617-1888823773-2012408708-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-655055617-1888823773-2012408708-1003 - Limited - Enabled) tokoma (S-1-5-21-655055617-1888823773-2012408708-1001 - Administrator - Enabled) => C:\Users\tokoma ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.) Air Traffic Control (HKLM-x32\...\Air Traffic Control_is1) (Version: - Nemesys Team Studio) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS) ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS) AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies) AVG (Version: 16.7.7227 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4477 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies) AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.) Geländewagen-Simulator 2012 (Nur entfernen) (HKLM-x32\...\{50747054-5F94-4BBC-B189-4D3F4D22C094}_is1) (Version: 1.1.1.0 - Rondomedia Marketing & Vertriebs GmbH) GIANTS Editor 6.0.2 32-bit (HKLM-x32\...\giants_editor_6.0.2_win32_is1) (Version: 6.0.2 - GIANTS Software GmbH) Google Chrome (HKLM-x32\...\{9CED8BD3-5E1F-3B87-97E3-0A3D5B7E49BA}) (Version: 46.0.2490.86 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) ITbrain Agent (HKLM-x32\...\ITbrain Agent) (Version: 1.0.0 - TeamViewer) ITbrain Agent (x32 Version: 1.0 - InstallAware Software Corporation) Hidden ITbrain Agent (x32 Version: 1.0.0 - TeamViewer) Hidden Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) K-Lite Codec Pack 11.7.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.0 - ) Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.2.0.0 - GIANTS Software) Let's go 2 Sprachtrainer (HKLM-x32\...\{33DA5B25-479B-431E-9691-650D7293B31F}) (Version: 1.00.000 - Klett) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MediaPlayerVid2.4 (HKLM-x32\...\MediaPlayerVid2.4) (Version: 1.36.01.22 - NewPlayerVideo+) <==== ACHTUNG Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Phonetik (HKLM-x32\...\{626B7EA2-B7C2-4277-AE30-A8B452A92B6C}) (Version: 1.0.0 - Ernst Klett Verlag) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.51091 Beta - TeamViewer) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent) Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-655055617-1888823773-2012408708-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Wiederherstellungspunkte ========================= 25-11-2015 19:22:27 Windows Update 29-11-2015 14:03:54 JRT Pre-Junkware Removal ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {1F0CFFF0-5B0F-4D02-9C88-D3E666FD98E7} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS) Task: {3A2AD2F5-DA33-44B9-8C81-C905B39BF7D5} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-11-19] () Task: {40DEE9C9-64DA-4D89-82E8-7B52375748BA} - \Crossbrowse -> Keine Datei <==== ACHTUNG Task: {7BEEB586-4055-4005-ACD4-3741E7307D83} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] () Task: {A0E0B8E2-D8E5-4332-841E-DD1B00E9E122} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.) Task: {A75A6BF7-3D66-49C0-8EA5-BA7084B338A1} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {AB15EBB1-52E2-495B-9D6E-F6939F7D96B8} - System32\Tasks\DocControl => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: {AF26F9D7-CA93-4E30-A419-366551E45487} - \ProfessionalPCCleaner_Start -> Keine Datei <==== ACHTUNG Task: {B740C971-DDB5-4ECF-B4E3-B9F4026B1D7C} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.) Task: {BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD} - \Papuir -> Keine Datei <==== ACHTUNG Task: {CB808FC9-7655-4728-A744-E4FA33F32F7C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.) Task: {D1403659-1623-4CAE-8D62-2ACEDCB42A2A} - \cfr3011 -> Keine Datei <==== ACHTUNG Task: {DC74E85A-D091-4963-A838-170EDE4E5868} - \ProfessionalPCCleaner_Popup -> Keine Datei <==== ACHTUNG Task: {E1DF7755-472E-4882-99D2-8B1E335E1C79} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-26] (Microsoft Corporation) Task: {ECF238FA-98A6-4D1A-A33C-EEB7D1318599} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek) Task: {F59FBF87-D889-4982-A23A-97410AB1FA03} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {FB1C8FF6-2F5A-4E80-B1B8-EA4E448A7476} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor) Task: {FE41704B-1D34-48B0-8172-4D01B87B1A47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.) Task: {FFF22234-81DA-49C7-AC22-3EEA6ECAA36E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\DocControl.job => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2014-04-02 14:46 - 2014-04-02 14:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll 2015-11-25 00:03 - 2015-09-21 10:49 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2015-11-25 00:21 - 2015-11-25 00:21 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "3D BubbleSound" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "rec_de_70" HKLM\...\StartupApproved\Run32: => "YTDownloader" HKLM\...\StartupApproved\Run32: => "rec_de_74" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\StartupFolder: => "crossbrowse.lnk" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_98557E2CC4C9D57801F5B3619084BEF7" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "Gameo" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_EC762B715C225D87E1C23535A3EDCE73" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "SPDriver" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "YTDownloader" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{192477CF-8B53-4A83-B511-06315D696FA8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{A46D567D-5F9A-45CE-8BD6-890EC3EB6BC7}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{DF697040-F386-4FF9-B8B3-78333930FC9E}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{68136F48-6499-49A1-B039-D32581004614}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{2F937C3E-8AFD-44AD-AB66-AE5762095737}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{3CD82484-EE38-472E-9304-DAC40B574B8D}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [{53D0D9B3-2293-428B-881D-FD2BA123DB9B}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [{5E0942ED-7728-4D3C-B997-F4DC8F76EF73}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{23E7DC91-7F7C-444F-BF78-4833B471F527}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{69A2C892-1AFE-40E8-91D8-E0DAB77503C0}] => (Allow) C:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe FirewallRules: [{55F25D8D-8DC3-47AB-9370-5B9593DCCC26}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{4071443B-2F56-4F46-86CD-B1B1FC0429F0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{F3F8E757-1B34-4FE5-82E2-9C3701D6C78B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{4215CA2E-7145-4E56-AD68-0032B44420D8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{7B88681B-E215-46FD-BF11-263AB3B8CB12}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F0E6401B-A50B-4641-B255-86120DCB97ED}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F016DAB6-D3AF-4775-A4A9-7CB3A3E73ECC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{27EFDCE1-6AA4-4DEA-90A0-FA328EE8F9AC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{2E15FED7-83FB-403E-B89F-C8B8E33DEB4F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{19BB4360-F6DD-453A-BA17-807357334F7E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{8A3BFD11-35B7-4038-B5A1-EDCBB7A78719}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{46646FC2-AB53-4F77-9989-36D04CD46239}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{395BDA37-E1A7-4B45-A446-5414A351B475}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/02/2015 00:27:39 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:56:24 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:56:21 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:56:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:56:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:55:26 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (11/25/2015 06:34:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xfa8 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Vollständiger Name des fehlerhaften Pakets: mbam.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5 Error: (11/25/2015 02:39:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.8.0, Zeitstempel: 0x53f64d6c Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.8.0, Zeitstempel: 0x53f64d6c Ausnahmecode: 0x40000015 Fehleroffset: 0x0008f746 ID des fehlerhaften Prozesses: 0x1340 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5 Error: (11/25/2015 00:11:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_Schedule, Version: 6.3.9600.17415, Zeitstempel: 0x54504177 Name des fehlerhaften Moduls: iSafeSrvMon64.dll, Version: 6.1.45.23411, Zeitstempel: 0x5500213f Ausnahmecode: 0xc0000409 Fehleroffset: 0x0000000000005ceb ID des fehlerhaften Prozesses: 0x358 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Schedule0 Pfad der fehlerhaften Anwendung: svchost.exe_Schedule1 Pfad des fehlerhaften Moduls: svchost.exe_Schedule2 Berichtskennung: svchost.exe_Schedule3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_Schedule4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Schedule5 Error: (11/24/2015 11:57:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest. Systemfehler: ============= Error: (12/02/2015 00:30:42 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (12/01/2015 06:58:28 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\tokoma\AppData\Local\Temp\ehdrv.sys Error: (12/01/2015 06:58:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/01/2015 06:58:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/01/2015 06:58:27 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\tokoma\AppData\Local\Temp\ehdrv.sys Error: (12/01/2015 06:58:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/01/2015 06:58:27 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\tokoma\AppData\Local\Temp\ehdrv.sys Error: (12/01/2015 06:15:53 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (12/01/2015 05:45:10 AM) (Source: DCOM) (EventID: 10010) (User: toko) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/01/2015 05:44:40 AM) (Source: DCOM) (EventID: 10010) (User: toko) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} CodeIntegrity: =================================== Date: 2015-12-01 18:36:22.272 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-29 14:01:29.712 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-29 13:47:07.860 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-29 13:42:23.564 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-29 13:18:23.523 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:39.909 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:38.894 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:37.893 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:36.831 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-27 21:16:35.690 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz Prozentuale Nutzung des RAM: 22% Installierter physikalischer RAM: 8078.54 MB Verfügbarer physikalischer RAM: 6256.07 MB Summe virtueller Speicher: 10766.54 MB Verfügbarer virtueller Speicher: 8784 MB ==================== Laufwerke ================================ Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:307.64 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.5 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 61ECA0B9) Partition: GPT. ==================== Ende von Addition.txt ============================ |
04.12.2015, 15:39 | #14 |
/// the machine /// TB-Ausbilder | Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung Popup Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {40DEE9C9-64DA-4D89-82E8-7B52375748BA} - \Crossbrowse -> Keine Datei <==== ACHTUNG Task: {AB15EBB1-52E2-495B-9D6E-F6939F7D96B8} - System32\Tasks\DocControl => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: {AF26F9D7-CA93-4E30-A419-366551E45487} - \ProfessionalPCCleaner_Start -> Keine Datei <==== ACHTUNG Task: {BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD} - \Papuir -> Keine Datei <==== ACHTUNG Task: {D1403659-1623-4CAE-8D62-2ACEDCB42A2A} - \cfr3011 -> Keine Datei <==== ACHTUNG Task: {DC74E85A-D091-4963-A838-170EDE4E5868} - \ProfessionalPCCleaner_Popup -> Keine Datei <==== ACHTUNG Task: C:\Windows\Tasks\DocControl.job => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ACHTUNG Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Nochmal frische FRST logs bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.12.2015, 17:36 | #15 |
| Windows 8.1, lange Startzeit, seltsame Prozesse, Werbung PopupCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015 durchgeführt von tokoma (2015-12-04 17:31:01) Run:2 Gestartet von C:\Users\tokoma\Desktop Geladene Profile: tokoma (Verfügbare Profile: tokoma) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** Task: {40DEE9C9-64DA-4D89-82E8-7B52375748BA} - \Crossbrowse -> Keine Datei <==== ACHTUNG Task: {AB15EBB1-52E2-495B-9D6E-F6939F7D96B8} - System32\Tasks\DocControl => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG Task: {AF26F9D7-CA93-4E30-A419-366551E45487} - \ProfessionalPCCleaner_Start -> Keine Datei <==== ACHTUNG Task: {BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD} - \Papuir -> Keine Datei <==== ACHTUNG Task: {D1403659-1623-4CAE-8D62-2ACEDCB42A2A} - \cfr3011 -> Keine Datei <==== ACHTUNG Task: {DC74E85A-D091-4963-A838-170EDE4E5868} - \ProfessionalPCCleaner_Popup -> Keine Datei <==== ACHTUNG Task: C:\Windows\Tasks\DocControl.job => c:\programdata\{0fbc1b97-694d-daee-0fbc-c1b976946e5d}\priceless_p_soft_partner.exe <==== ACHTUNG HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver" <==== ACHTUNG ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40DEE9C9-64DA-4D89-82E8-7B52375748BA} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB15EBB1-52E2-495B-9D6E-F6939F7D96B8} => Schlüssel nicht gefunden. C:\Windows\System32\Tasks\DocControl => nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DocControl => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF26F9D7-CA93-4E30-A419-366551E45487} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Start => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFA6DC98-1F51-4DC8-AFCA-D8B0C467EDAD} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Papuir => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1403659-1623-4CAE-8D62-2ACEDCB42A2A} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cfr3011 => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC74E85A-D091-4963-A838-170EDE4E5868} => Schlüssel nicht gefunden. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Popup => Schlüssel nicht gefunden. C:\Windows\Tasks\DocControl.job => nicht gefunden. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CMWFP => Schlüssel nicht gefunden. ==== Ende von Fixlog 17:31:05 ==== Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015 durchgeführt von tokoma (Administrator) auf TOKO (04-12-2015 17:31:16) Gestartet von C:\Users\tokoma\Desktop Geladene Profile: tokoma (Verfügbare Profile: tokoma) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (TeamViewer) C:\Program Files (x86)\ITbrain Agent\itbrain_agent.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-15] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] () HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\MountPoints2: {02627817-285f-11e4-8252-806e6f6e6963} - "E:\autorun.exe" ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{5C8B1A66-6F46-4E47-B6CF-280D94F05E04}: [DhcpNameServer] 192.13.128.24 Tcpip\..\Interfaces\{E72CCE24-6189-43F5-9E5E-5EC6FB4BB621}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-26] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-26] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-26] (Oracle Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () Chrome: ======= CHR Profile: C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-29] CHR Extension: (Google Drive) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25] CHR Extension: (YouTube) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25] CHR Extension: (Google-Suche) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25] CHR Extension: (Google Docs Offline) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-27] CHR Extension: (Google Mail) - C:\Users\tokoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [Datei ist nicht signiert] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 ITbrain Agent; C:\Program Files (x86)\ITbrain Agent\itbrain_agent.exe [5567488 2013-08-22] (TeamViewer) [Datei ist nicht signiert] R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-25] (Atheros) [Datei ist nicht signiert] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-28] (Intel Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-28 14:20 - 2016-07-28 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-07-28 14:18 - 2015-11-25 01:25 - 00000000 ____D C:\Program Files (x86)\BrowserPro App 2016-07-28 14:15 - 2016-07-28 14:20 - 00000000 ____D C:\Program Files (x86)\Google 2016-07-28 14:15 - 2015-11-24 23:53 - 00000000 ____D C:\Users\tokoma\AppData\Local\Google 2016-07-24 15:31 - 2015-11-25 00:34 - 00000000 ____D C:\Program Files\Common Files\AV 2016-06-19 14:45 - 2016-07-28 13:29 - 00000000 ____D C:\Windows\Minidump 2016-06-19 14:45 - 2016-07-27 15:16 - 640785184 _____ C:\Windows\MEMORY.DMP 2016-06-18 17:52 - 2015-08-01 06:52 - 00000226 _____ C:\Users\tokoma\AppData\Roaming\WB.CFG 2016-06-18 15:53 - 2016-06-18 15:54 - 00000000 ____D C:\Users\tokoma\AppData\Local\Chromium 2015-12-04 17:31 - 2015-12-04 17:32 - 00015712 _____ C:\Users\tokoma\Desktop\FRST.txt 2015-12-04 17:31 - 2015-12-04 17:31 - 00003090 _____ C:\Users\tokoma\Desktop\Fixlog.txt 2015-12-01 18:54 - 2015-12-01 18:55 - 02870984 _____ (ESET) C:\Users\tokoma\Desktop\esetsmartinstaller_deu (1).exe 2015-12-01 18:54 - 2015-12-01 18:54 - 00852771 _____ C:\Users\tokoma\Desktop\SecurityCheck.exe 2015-12-01 18:35 - 2015-12-03 17:40 - 00000081 _____ C:\Users\tokoma\AppData\Roaming\sp_data.sys 2015-12-01 18:31 - 2015-12-01 18:31 - 00001090 _____ C:\Users\tokoma\Desktop\GWX Control Panel.lnk 2015-12-01 18:31 - 2015-12-01 18:31 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GWX Control Panel 2015-12-01 18:31 - 2015-12-01 18:31 - 00000000 ____D C:\Program Files (x86)\UltimateOutsider 2015-12-01 09:35 - 2015-12-01 09:35 - 00000000 ____D C:\Users\tokoma\AppData\Local\GWX 2015-11-30 19:41 - 2015-11-30 19:42 - 02393976 _____ C:\Users\tokoma\Desktop\GwxControlPanelSetup.exe 2015-11-30 02:02 - 2015-11-30 02:02 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\ProductData 2015-11-29 13:19 - 2015-11-29 13:19 - 01733632 _____ C:\Users\tokoma\Desktop\AdwCleaner_5.022.exe 2015-11-29 13:16 - 2015-11-29 13:17 - 01599336 _____ (Malwarebytes) C:\Users\tokoma\Desktop\JRT.exe 2015-11-27 23:33 - 2015-07-28 02:09 - 00484552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2015-11-27 23:33 - 2015-07-28 02:08 - 00690016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2015-11-27 21:38 - 2015-12-03 20:54 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2015-11-27 21:38 - 2015-12-03 20:54 - 00000973 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2015-11-27 21:33 - 2015-11-27 21:36 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\TeamViewer 2015-11-27 21:14 - 2015-11-27 21:14 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2015-11-27 21:14 - 2015-11-27 21:14 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software 2015-11-27 21:11 - 2015-12-04 17:29 - 00000000 ____D C:\Program Files (x86)\ITbrain Agent 2015-11-27 21:11 - 2015-11-27 21:11 - 00000000 __HDC C:\ProgramData\{651038AD-E038-410A-BD90-28FB006FD850} 2015-11-27 21:11 - 2015-11-27 21:11 - 00000000 ____D C:\Users\Default\AppData\Local\PackageAware 2015-11-27 21:11 - 2015-11-27 21:11 - 00000000 ____D C:\Users\Default User\AppData\Local\PackageAware 2015-11-27 20:51 - 2015-11-29 13:43 - 00001110 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-11-27 20:51 - 2015-11-27 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-27 20:51 - 2015-11-27 20:51 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-27 20:51 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-27 20:51 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-27 20:49 - 2015-11-27 20:50 - 22908888 _____ (Malwarebytes ) C:\Users\tokoma\Downloads\mbam-setup-2.2.0.1024.exe 2015-11-27 20:49 - 2015-11-27 20:50 - 22908888 _____ (Malwarebytes ) C:\Users\tokoma\Downloads\mbam-setup-2.2.0.1024 (1).exe 2015-11-27 00:04 - 2015-11-03 01:23 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-27 00:04 - 2015-11-03 01:23 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-26 23:07 - 2015-11-26 23:07 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll 2015-11-26 23:07 - 2015-11-26 23:07 - 00027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2015-11-26 23:00 - 2015-11-29 13:43 - 00001213 _____ C:\Users\Public\Desktop\Media Player Classic.lnk 2015-11-26 23:00 - 2015-11-26 23:00 - 00003790 _____ C:\Windows\System32\Tasks\klcp_update 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\Program Files\7-Zip 2015-11-26 23:00 - 2015-11-26 23:00 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2015-11-26 22:59 - 2015-11-26 23:00 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2015-11-26 22:58 - 2015-11-26 22:59 - 00000000 ____D C:\Users\tokoma\.oracle_jre_usage 2015-11-26 22:58 - 2015-11-26 22:58 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-11-26 22:58 - 2015-11-26 22:58 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Sun 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Users\tokoma\AppData\Local\Adobe 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-26 22:57 - 2015-11-26 22:57 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-11-26 22:55 - 2015-12-04 14:07 - 00002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-11-26 22:55 - 2015-11-26 22:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-11-26 22:55 - 2015-11-26 22:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-11-26 22:54 - 2015-12-04 17:05 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-26 22:54 - 2015-12-04 07:05 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-26 22:54 - 2015-12-02 07:00 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-11-26 22:54 - 2015-12-02 07:00 - 00003864 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-11-26 22:52 - 2015-11-26 22:52 - 00307200 _____ (Secure By Design Inc.) C:\Users\tokoma\Downloads\Ninite 7Zip Air Chrome Java 8 Installer.exe 2015-11-26 20:49 - 2015-07-30 15:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-11-26 20:49 - 2015-07-30 14:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-11-26 19:43 - 2015-12-02 00:30 - 00000000 ____D C:\Users\tokoma\Desktop\FRST-OlderVersion 2015-11-25 21:20 - 2015-11-29 13:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-25 21:20 - 2015-11-27 00:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-25 21:17 - 2015-11-25 22:23 - 00000000 ____D C:\Users\tokoma\Desktop\mbar 2015-11-25 21:17 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-25 21:12 - 2015-11-25 21:12 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\tokoma\Desktop\tdsskiller.exe 2015-11-25 21:07 - 2015-11-25 21:09 - 16563352 _____ (Malwarebytes Corp.) C:\Users\tokoma\Desktop\mbar-1.09.3.1001.exe 2015-11-25 20:49 - 2015-11-25 20:49 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2015-11-25 20:49 - 2015-11-25 20:49 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-11-25 20:48 - 2015-11-25 20:48 - 00000000 ____D C:\Users\tokoma\Documents\ProfessionalPCCleaner 2015-11-25 19:09 - 2015-12-04 17:31 - 00000000 ____D C:\FRST 2015-11-25 19:08 - 2015-11-25 19:08 - 00380416 _____ C:\Users\tokoma\Desktop\Gmer-19357.exe 2015-11-25 19:06 - 2015-12-02 00:30 - 02350080 _____ (Farbar) C:\Users\tokoma\Desktop\FRST64.exe 2015-11-25 19:05 - 2015-11-25 19:05 - 00000000 _____ C:\Users\tokoma\defogger_reenable 2015-11-25 19:03 - 2015-11-25 19:03 - 00050477 _____ C:\Users\tokoma\Desktop\Defogger.exe 2015-11-25 18:44 - 2015-11-25 18:44 - 00000000 ____D C:\Users\tokoma\AppData\Local\TeamViewer 2015-11-25 18:43 - 2015-12-03 20:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-11-25 18:42 - 2015-11-25 18:43 - 08202040 _____ (TeamViewer GmbH) C:\Users\tokoma\Downloads\TeamViewer_Setup_de.exe 2015-11-25 02:53 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-25 02:53 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-25 02:53 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-25 02:53 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-25 02:53 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-25 02:53 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-25 02:53 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-25 02:53 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-25 02:53 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-11-25 02:53 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-25 02:53 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-25 02:53 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-25 02:53 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-25 02:53 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-25 02:53 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-25 02:53 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-11-25 02:53 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-25 02:53 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-25 02:53 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-25 02:53 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-25 02:53 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-25 02:53 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-25 02:53 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-25 02:47 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-25 02:47 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-25 02:47 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2015-11-25 02:47 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2015-11-25 02:47 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-25 02:47 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-25 02:47 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-25 02:47 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-25 02:47 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-11-25 02:47 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-25 02:47 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-25 02:47 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-11-25 02:47 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-25 02:47 - 2015-09-29 13:24 - 00155480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2015-11-25 02:47 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll 2015-11-25 02:47 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2015-11-25 02:47 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2015-11-25 02:47 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2015-11-25 02:47 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-11-25 02:47 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys 2015-11-25 02:47 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe 2015-11-25 02:47 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-11-25 02:47 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-11-25 02:47 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2015-11-25 02:47 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2015-11-25 02:46 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-25 02:46 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-25 02:46 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-25 02:46 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-11-25 02:46 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-11-25 02:46 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-11-25 02:46 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-11-25 02:46 - 2015-09-12 14:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml 2015-11-25 02:46 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-25 02:46 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-25 02:43 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-25 02:43 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-25 02:43 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-25 02:43 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-25 02:43 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-11-25 02:43 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-25 02:43 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-25 02:43 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-25 02:43 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-25 02:43 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-25 02:43 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-25 02:43 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-25 02:37 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-25 02:35 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2015-11-25 02:35 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2015-11-25 02:35 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2015-11-25 02:35 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2015-11-25 02:35 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2015-11-25 02:35 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2015-11-25 02:35 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys 2015-11-25 00:35 - 2015-11-25 00:35 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\AVG 2015-11-25 00:34 - 2015-11-27 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-11-25 00:34 - 2015-11-25 00:34 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\TuneUp Software 2015-11-25 00:31 - 2015-11-25 00:31 - 00000000 ___HD C:\$AVG 2015-11-25 00:24 - 2015-12-04 14:39 - 00000000 ____D C:\ProgramData\MFAData 2015-11-25 00:24 - 2015-11-29 13:43 - 00000922 _____ C:\Users\Public\Desktop\AVG.lnk 2015-11-25 00:24 - 2015-11-25 00:24 - 00000000 ____D C:\Users\tokoma\AppData\Local\MFAData 2015-11-25 00:24 - 2015-11-25 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-11-25 00:21 - 2015-11-25 00:31 - 00000000 ____D C:\ProgramData\Avg 2015-11-25 00:21 - 2015-11-25 00:28 - 00000000 ____D C:\Program Files (x86)\AVG 2015-11-25 00:20 - 2015-11-27 21:13 - 00000000 ____D C:\Users\tokoma\AppData\Local\Avg 2015-11-25 00:20 - 2015-11-25 00:23 - 00000000 ____D C:\Users\tokoma\AppData\Local\AvgSetupLog 2015-11-25 00:19 - 2015-11-25 21:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\LocalLow\IObit 2015-11-25 00:03 - 2015-11-25 00:03 - 00000000 ____D C:\ProgramData\IObit 2015-11-25 00:02 - 2015-11-25 22:11 - 00000000 ____D C:\Program Files (x86)\IObit 2015-11-25 00:02 - 2015-11-25 00:03 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\IObit 2015-11-24 23:31 - 2015-11-24 23:31 - 00000000 _____ C:\Recovery.txt 2015-11-24 22:54 - 2015-11-29 13:58 - 00000000 ____D C:\AdwCleaner 2015-11-24 22:37 - 2015-11-24 22:37 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\kingsoft ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-07-28 12:47 - 2014-09-30 16:23 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{165E99F4-4F00-4F10-8F2D-DEE576ACF2BD} 2016-07-28 12:46 - 2015-05-13 16:19 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1 2016-07-28 12:46 - 2015-05-13 16:19 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2 2016-07-19 19:29 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports 2016-07-17 17:32 - 2014-10-30 14:52 - 00000000 ____D C:\Program Files (x86)\Landwirtschafts Simulator 2015 2016-07-02 14:23 - 2015-01-19 15:16 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-04 02:00 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-12-03 22:19 - 2014-09-30 16:12 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-655055617-1888823773-2012408708-1001 2015-12-02 21:07 - 2014-05-16 00:45 - 00765582 _____ C:\Windows\system32\perfh007.dat 2015-12-02 21:07 - 2014-05-16 00:45 - 00159366 _____ C:\Windows\system32\perfc007.dat 2015-12-02 21:07 - 2014-03-18 16:26 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-02 21:07 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2015-12-02 21:03 - 2015-05-01 14:13 - 00206848 ___SH C:\Users\tokoma\Desktop\Thumbs.db 2015-12-02 21:02 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-02 00:32 - 2013-08-22 14:36 - 00000000 ____D C:\Windows 2015-12-01 18:34 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-12-01 05:44 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2015-12-01 05:44 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2015-11-29 13:44 - 2014-08-20 12:58 - 00001316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk 2015-11-29 13:44 - 2014-08-20 12:55 - 00000712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk 2015-11-29 13:44 - 2014-05-15 16:59 - 00002468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk 2015-11-29 13:44 - 2014-05-15 16:54 - 00001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2015-11-29 13:43 - 2015-05-24 08:44 - 00001273 _____ C:\Users\Public\Desktop\Air Traffic Control.lnk 2015-11-29 13:43 - 2015-02-18 13:49 - 00000969 _____ C:\Users\Public\Desktop\Minecraft.lnk 2015-11-29 13:43 - 2015-02-07 18:49 - 00001170 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2015-11-29 13:43 - 2014-10-30 15:03 - 00001293 _____ C:\Users\tokoma\Desktop\Landwirtschafts Simulator 15 .lnk 2015-11-29 13:43 - 2014-09-30 16:06 - 00000469 _____ C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-11-29 13:43 - 2014-09-30 16:06 - 00000467 _____ C:\Users\tokoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-11-29 13:42 - 2013-08-22 15:44 - 00338072 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-29 13:40 - 2014-10-22 19:13 - 00000000 ___RD C:\Windows\BrowserChoice 2015-11-28 04:41 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache 2015-11-27 23:33 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2015-11-26 23:58 - 2015-04-05 10:05 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-11-26 23:58 - 2015-04-05 10:05 - 00000000 ___SD C:\Windows\system32\GWX 2015-11-26 23:58 - 2014-03-18 16:10 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-26 23:58 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData 2015-11-26 23:58 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender 2015-11-26 23:58 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-11-26 22:59 - 2015-05-14 12:51 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-11-26 22:59 - 2015-05-14 12:51 - 00000000 ____D C:\Program Files\Java 2015-11-26 22:59 - 2015-01-31 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-26 22:58 - 2014-09-30 16:06 - 00000000 ____D C:\Users\tokoma 2015-11-26 22:57 - 2015-05-24 09:34 - 00000000 ____D C:\ProgramData\Adobe 2015-11-26 22:57 - 2015-01-31 18:04 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-26 22:57 - 2014-09-30 16:07 - 00000000 ____D C:\Users\tokoma\AppData\Roaming\Adobe 2015-11-26 20:14 - 2014-10-22 19:10 - 00000000 ____D C:\Windows\system32\MRT 2015-11-26 20:08 - 2014-10-22 19:10 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-26 00:20 - 2015-10-30 19:06 - 00001125 _____ C:\Users\tokoma\Desktop\nativelog.txt 2015-11-25 19:01 - 2014-09-30 16:06 - 00000000 ____D C:\Users\tokoma\AppData\Local\Packages 2015-11-25 18:40 - 2014-12-09 20:51 - 00000000 ____D C:\Users\tokoma\AppData\Local\CrashDumps 2015-11-25 01:25 - 2015-08-05 12:32 - 00000000 ____D C:\Program Files (x86)\Ghostery 2015-11-25 00:33 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-11-25 00:15 - 2014-08-20 13:12 - 00000000 ____D C:\Program Files\Common Files\mcafee 2015-11-25 00:15 - 2014-08-20 13:12 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-11-25 00:15 - 2014-08-20 13:11 - 00000000 ____D C:\ProgramData\McAfee 2015-11-24 23:43 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System 2015-11-24 23:22 - 2015-05-29 13:11 - 00000000 ____D C:\Windows\system32\log ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-12-01 18:35 - 2015-12-03 17:40 - 0000081 _____ () C:\Users\tokoma\AppData\Roaming\sp_data.sys 2016-06-18 17:52 - 2015-08-01 06:52 - 0000226 _____ () C:\Users\tokoma\AppData\Roaming\WB.CFG 2014-08-20 12:58 - 2014-08-20 12:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-05-15 16:58 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2014-05-15 16:58 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-05-15 16:58 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS 2015-09-14 20:18 - 2015-09-14 20:18 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-25 19:22 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015 durchgeführt von tokoma (2015-12-04 17:33:05) Gestartet von C:\Users\tokoma\Desktop Windows 8.1 (X64) (2014-09-30 15:06:34) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-655055617-1888823773-2012408708-500 - Administrator - Disabled) Gast (S-1-5-21-655055617-1888823773-2012408708-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-655055617-1888823773-2012408708-1003 - Limited - Enabled) tokoma (S-1-5-21-655055617-1888823773-2012408708-1001 - Administrator - Enabled) => C:\Users\tokoma ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.) Air Traffic Control (HKLM-x32\...\Air Traffic Control_is1) (Version: - Nemesys Team Studio) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS) ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS) AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies) AVG (Version: 16.7.7227 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4477 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies) AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.) Geländewagen-Simulator 2012 (Nur entfernen) (HKLM-x32\...\{50747054-5F94-4BBC-B189-4D3F4D22C094}_is1) (Version: 1.1.1.0 - Rondomedia Marketing & Vertriebs GmbH) GIANTS Editor 6.0.2 32-bit (HKLM-x32\...\giants_editor_6.0.2_win32_is1) (Version: 6.0.2 - GIANTS Software GmbH) Google Chrome (HKLM-x32\...\{9CED8BD3-5E1F-3B87-97E3-0A3D5B7E49BA}) (Version: 47.0.2526.73 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) ITbrain Agent (HKLM-x32\...\ITbrain Agent) (Version: 1.0.0 - TeamViewer) ITbrain Agent (x32 Version: 1.0 - InstallAware Software Corporation) Hidden ITbrain Agent (x32 Version: 1.0.0 - TeamViewer) Hidden Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) K-Lite Codec Pack 11.7.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.0 - ) Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.2.0.0 - GIANTS Software) Let's go 2 Sprachtrainer (HKLM-x32\...\{33DA5B25-479B-431E-9691-650D7293B31F}) (Version: 1.00.000 - Klett) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MediaPlayerVid2.4 (HKLM-x32\...\MediaPlayerVid2.4) (Version: 1.36.01.22 - NewPlayerVideo+) <==== ACHTUNG Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Phonetik (HKLM-x32\...\{626B7EA2-B7C2-4277-AE30-A8B452A92B6C}) (Version: 1.0.0 - Ernst Klett Verlag) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.52465 - TeamViewer) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent) Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-655055617-1888823773-2012408708-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Wiederherstellungspunkte ========================= 25-11-2015 19:22:27 Windows Update 29-11-2015 14:03:54 JRT Pre-Junkware Removal ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {1F0CFFF0-5B0F-4D02-9C88-D3E666FD98E7} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS) Task: {3A2AD2F5-DA33-44B9-8C81-C905B39BF7D5} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-11-19] () Task: {4B539BBB-C1B2-42EB-9B40-6BE0B42D41B7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-26] (Microsoft Corporation) Task: {7BEEB586-4055-4005-ACD4-3741E7307D83} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] () Task: {A0E0B8E2-D8E5-4332-841E-DD1B00E9E122} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.) Task: {A75A6BF7-3D66-49C0-8EA5-BA7084B338A1} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {B740C971-DDB5-4ECF-B4E3-B9F4026B1D7C} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.) Task: {CB808FC9-7655-4728-A744-E4FA33F32F7C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.) Task: {ECF238FA-98A6-4D1A-A33C-EEB7D1318599} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek) Task: {F59FBF87-D889-4982-A23A-97410AB1FA03} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {FB1C8FF6-2F5A-4E80-B1B8-EA4E448A7476} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor) Task: {FE41704B-1D34-48B0-8172-4D01B87B1A47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.) Task: {FFF22234-81DA-49C7-AC22-3EEA6ECAA36E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2014-04-02 14:46 - 2014-04-02 14:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll 2015-11-25 00:03 - 2015-09-21 10:49 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2015-11-25 00:21 - 2015-11-25 00:21 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-655055617-1888823773-2012408708-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "3D BubbleSound" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "rec_de_70" HKLM\...\StartupApproved\Run32: => "YTDownloader" HKLM\...\StartupApproved\Run32: => "rec_de_74" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\StartupFolder: => "crossbrowse.lnk" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_98557E2CC4C9D57801F5B3619084BEF7" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "Gameo" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_EC762B715C225D87E1C23535A3EDCE73" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "SPDriver" HKU\S-1-5-21-655055617-1888823773-2012408708-1001\...\StartupApproved\Run: => "YTDownloader" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{192477CF-8B53-4A83-B511-06315D696FA8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{A46D567D-5F9A-45CE-8BD6-890EC3EB6BC7}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{DF697040-F386-4FF9-B8B3-78333930FC9E}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{68136F48-6499-49A1-B039-D32581004614}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{2F937C3E-8AFD-44AD-AB66-AE5762095737}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{3CD82484-EE38-472E-9304-DAC40B574B8D}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [{53D0D9B3-2293-428B-881D-FD2BA123DB9B}] => (Allow) C:\Program Files (x86)\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [{5E0942ED-7728-4D3C-B997-F4DC8F76EF73}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{23E7DC91-7F7C-444F-BF78-4833B471F527}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{69A2C892-1AFE-40E8-91D8-E0DAB77503C0}] => (Allow) C:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe FirewallRules: [{55F25D8D-8DC3-47AB-9370-5B9593DCCC26}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{4071443B-2F56-4F46-86CD-B1B1FC0429F0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{F3F8E757-1B34-4FE5-82E2-9C3701D6C78B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{4215CA2E-7145-4E56-AD68-0032B44420D8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{7B88681B-E215-46FD-BF11-263AB3B8CB12}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F0E6401B-A50B-4641-B255-86120DCB97ED}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F016DAB6-D3AF-4775-A4A9-7CB3A3E73ECC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{27EFDCE1-6AA4-4DEA-90A0-FA328EE8F9AC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{C3C34E25-D03B-462A-A3DF-7D9FFE4A39CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{053B046C-6ABE-4FBE-98B4-FD8C6E1BFDA6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{A63F3869-9D53-414E-A1B8-BE0C46D4B21C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{9BADD26F-12E6-4C9E-9C42-D45E62005CED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{3F7B9700-05F2-47BF-AF89-B3A5A932BE23}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/02/2015 09:03:29 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/02/2015 03:45:19 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/02/2015 00:27:39 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:56:24 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:56:21 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:56:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:56:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (12/01/2015 06:55:26 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest. Error: (11/25/2015 06:34:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xfa8 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Vollständiger Name des fehlerhaften Pakets: mbam.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5 Error: (11/25/2015 02:39:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.8.0, Zeitstempel: 0x53f64d6c Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.8.0, Zeitstempel: 0x53f64d6c Ausnahmecode: 0x40000015 Fehleroffset: 0x0008f746 ID des fehlerhaften Prozesses: 0x1340 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5 Systemfehler: ============= Error: (12/04/2015 04:33:43 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (12/04/2015 05:41:17 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Error: (12/04/2015 02:37:37 AM) (Source: DCOM) (EventID: 10010) (User: toko) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/04/2015 02:37:07 AM) (Source: DCOM) (EventID: 10010) (User: toko) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/03/2015 05:40:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ITbrain Agent erreicht. Error: (12/03/2015 02:59:06 AM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT) Description: In der Dateisystemstruktur auf Volume "OS" wurde eine Beschädigung erkannt. In einer Indexstruktur des Dateisystems wurde eine Beschädigung gefunden. Die Dateireferenznummer ist 0x1000000001d64. Der Name der Datei ist "\Windows\servicing\Packages". Das Attribut des beschädigten Indexes ist ":$I30:$INDEX_ALLOCATION". Error: (12/03/2015 02:58:22 AM) (Source: DCOM) (EventID: 10010) (User: toko) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/03/2015 02:57:52 AM) (Source: DCOM) (EventID: 10010) (User: toko) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/02/2015 08:47:13 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FRITZ-NAS", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{E72CCE24-6189-43F5-9E5E-5EC6FB4BB621}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (12/02/2015 01:35:48 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. CodeIntegrity: =================================== Date: 2015-12-04 14:39:09.346 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-04 14:39:08.252 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-04 14:38:52.736 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-04 14:38:51.596 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-04 14:38:49.970 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-04 14:38:48.923 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-04 14:38:47.939 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-04 12:29:45.073 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-04 12:29:43.932 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-04 12:29:24.338 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz Prozentuale Nutzung des RAM: 22% Installierter physikalischer RAM: 8078.54 MB Verfügbarer physikalischer RAM: 6263.79 MB Summe virtueller Speicher: 10766.54 MB Verfügbarer virtueller Speicher: 8936.24 MB ==================== Laufwerke ================================ Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:309.47 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:537.5 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 61ECA0B9) Partition: GPT. ==================== Ende von Addition.txt ============================ |