Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.12.2015, 16:05   #1
silaries
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Icon27

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Hallo, mir ist gestern etwas ziemlich blödes passiert... ich bekam eine E-Mail namens "Rechnungsstelle Onlinepay24 GmbH" in welcher stand dass eine Rechnung offen hätte zu der sich mehr im Anhang befindet... dummerweise habe ich den Anhang geöffnet und auf die Anwendung geklickt...
Ich habe die Datei sofort gelöscht, Avast über meinen PC laufen lassen welcher ein Win32 Malware Gen namens itujcder.exe fand, ich habe die Datei löschen lassen.
Allerdings kriege ich heute am laufenden Band (alle paar Sekunden) Meldungen vom Avast-web-Schutz, als Infektion ist immer URL:Mal angegeben, während das Objekt und der Prozess immer anders sind.
Letzte Nacht habe ich einen komplett Scan durchlaufen lassen, welcher nichts fand.
Heute nochmal zwei Scans gemacht, er erste fand einen Virus, der zweite zwei weitere.
Der erste Virus war der selbe itujcder.exe.
Die zwei weiteren waren einmal onewire-5.exe und kelvin-0.exe.
itujcder.exe habe ich löschen lassen während die andere beiden momentan im Virus Container verweilen, doch die Meldungen gehen nicht weg, nebenbei stürzt mein Chrome auch immer wieder ab, manchmal mit, manchmal ohne Fehlermeldung.
Ich habe Windows 7 und der Trojaner ist nach Internet Recherche zu dem Onlinepay24 Virus ein Backdoor-Trojaner


Vielen Dank schonmal

Geändert von silaries (10.12.2015 um 16:22 Uhr)

Alt 10.12.2015, 20:09   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 10.12.2015, 22:44   #3
silaries
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Während ich auf eine Antwort wartete ließ ich nochmal einen Scan durchlaufen... sorry... er ergab einen windows32 malware-gen namens static-1.exe, allerdings änderte sich nich an den Fehlermeldungen.

Hier FRST.txt :

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
durchgeführt von MadlinNoxXedalia (Administrator) auf JIMMY (10-12-2015 22:36:00)
Gestartet von C:\Users\MadlinNoxXedalia\Desktop
Geladene Profile: MadlinNoxXedalia (Verfügbare Profile: MadlinNoxXedalia & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Akamai Technologies, Inc.) C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMAE.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Akamai Technologies, Inc.) C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\sc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\grpconv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\chkntfs.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-03-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-22] (Avast Software s.r.o.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-06-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-06-01] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [Akamai NetSession Interface] => C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMAE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [zone-read] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Zonecoast\zonetrain.exe [113664 2015-12-09] () <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [bridge-admit] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Bridge-tank\bridge-panic.exe [160328 2015-12-10] (Paragon Software Group) <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [money-come] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Moneymiss\money-prove.exe [133960 2015-12-10] () <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [model-wrap] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Model-settle\model_judge.exe [137288 2015-12-10] () <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [zone-read] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Zonecoast\zonetrain.exe [113664 2015-12-09] () <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [model-wrap] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Model-settle\model_judge.exe [137288 2015-12-10] () <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [money-come] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Moneymiss\money-prove.exe [133960 2015-12-10] () <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [mosfet-6] => C:\Users\MadlinNoxXedalia\AppData\Roaming\mosfet-1\mosfet-78.exe [624128 2015-12-10] (American Megatrendz, Inc)
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\MountPoints2: {0f09794a-7876-11e3-a376-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\MountPoints2: {7085169a-77d0-11e3-92d4-806e6f6e6963} - D:\CDSetup.exe
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Keine Datei
AppInit_DLLs:  C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-22] (Avast Software s.r.o.)
BootExecute: autocheck autochk * aswBoot.exe /M:db3059cc7 /wow /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{8E59BC53-669B-4B6F-ACA7-963EE04C58DF}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{EE7416E6-35C3-4E97-9310-BA4AA4C50EE9}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1408159751&from=cor&uid=HGSTXHTS545050A7E680_TMA55C4T2492WL2492WLX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1408159751&from=cor&uid=HGSTXHTS545050A7E680_TMA55C4T2492WL2492WLX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0B77C6FD-6C10-4D0E-A7F5-1E667CD92B85&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => Keine Datei
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-07-05] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-07-05] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-10-21] (Perfect World Entertainment Inc)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-11-13] ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-07-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-07-05] (Oracle Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [Keine Datei]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-10-21] (Perfect World Entertainment Inc)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MadlinNoxXedalia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-25] ()
FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Kein Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Kein Name - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-10] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Präsentationen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28]
CHR Extension: (Google Docs) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28]
CHR Extension: (Google Drive) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (AdBlock) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blipnejacaoebmeelgjgifelpnikhiec [2015-02-28]
CHR Extension: (YouTube) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-Suche) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Tabellen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28]
CHR Extension: (Google Docs Offline) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Noiz yE) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oniglohbipbekimgjdmgbbllgnejffbm [2015-02-28]
CHR Extension: (Google Mail) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-10]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-10]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-08-17] (Adobe Systems) [Datei ist nicht signiert]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-22] (Avast Software)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-04-02] (Realtek Semiconductor Corporation) [Datei ist nicht signiert]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [Datei ist nicht signiert]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
S4 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-10] (Electronic Arts)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [654528 2015-05-26] (Wacom Technology, Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-10] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [535624 2013-03-28] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-22] (Avast Software)
S3 cpuz137; \??\C:\Users\MADLIN~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-10 22:34 - 2015-12-10 22:35 - 00062868 _____ C:\Users\MadlinNoxXedalia\Desktop\Addition.txt
2015-12-10 22:33 - 2015-12-10 22:36 - 00027554 _____ C:\Users\MadlinNoxXedalia\Desktop\FRST.txt
2015-12-10 22:33 - 2015-12-10 22:36 - 00000000 ____D C:\FRST
2015-12-10 22:31 - 2015-12-10 22:32 - 02369024 _____ (Farbar) C:\Users\MadlinNoxXedalia\Desktop\FRST64.exe
2015-12-10 14:47 - 2015-12-10 14:40 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswD9CC.tmp
2015-12-10 14:47 - 2015-12-10 14:40 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3FD.tmp
2015-12-10 14:47 - 2015-12-10 14:40 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-10 14:47 - 2015-12-10 14:40 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw832.tmp
2015-12-10 14:47 - 2015-12-10 14:40 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw131B.tmp
2015-12-10 14:47 - 2015-12-10 14:40 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFA89.tmp
2015-12-10 14:47 - 2015-12-10 14:40 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswE764.tmp
2015-12-10 14:47 - 2015-12-10 14:40 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFF5A.tmp
2015-12-10 14:47 - 2015-12-10 14:40 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswEF03.tmp
2015-12-10 14:41 - 2015-12-10 14:48 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-12-10 14:40 - 2015-12-10 14:40 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-10 14:40 - 2015-06-26 17:10 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswB1FB.tmp
2015-12-10 14:40 - 2015-06-22 17:29 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw9BC7.tmp
2015-12-10 14:40 - 2015-06-22 17:29 - 00272248 _____ C:\Windows\system32\Drivers\aswB862.tmp
2015-12-10 14:40 - 2015-06-22 17:29 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswBBFB.tmp
2015-12-10 14:40 - 2015-06-22 17:29 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswA20F.tmp
2015-12-10 14:40 - 2015-06-22 17:29 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswA9AF.tmp
2015-12-10 14:40 - 2015-06-22 17:29 - 00065736 _____ C:\Windows\system32\Drivers\aswAD49.tmp
2015-12-10 14:40 - 2015-06-22 17:29 - 00029168 _____ C:\Windows\system32\Drivers\aswA73E.tmp
2015-12-10 14:36 - 2015-12-10 14:37 - 05080288 _____ (AVAST Software) C:\Users\MadlinNoxXedalia\Desktop\avast_free_antivirus_setup_online.exe
2015-12-10 11:32 - 2015-12-10 11:32 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\mosfet-1
2015-12-10 00:42 - 2015-12-10 00:42 - 00000554 _____ C:\Windows\SysWOW64\out.bin
2015-12-10 00:40 - 2015-12-10 15:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\kelvin-56
2015-12-10 00:39 - 2015-12-10 22:28 - 00000000 ____D C:\ProgramData\statics-07
2015-12-10 00:34 - 2015-12-10 15:38 - 00000000 ____D C:\ProgramData\onewire-05
2015-12-10 00:32 - 2015-12-10 00:42 - 00000000 ____D C:\ProgramData\ko
2015-12-07 11:01 - 2015-12-07 11:01 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst.url
2015-12-07 10:39 - 2015-12-07 10:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-12-07 10:35 - 2015-12-07 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-12-07 10:35 - 2015-12-07 10:35 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2015-12-05 17:59 - 2015-12-05 17:59 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\Rocket League.url
2015-12-05 13:25 - 2013-08-21 16:13 - 00018803 _____ C:\Users\MadlinNoxXedalia\Desktop\110986_smile-dog.jpeg
2015-12-04 19:26 - 2015-12-04 19:42 - 00000085 _____ C:\Users\MadlinNoxXedalia\Desktop\wunsch.txt
2015-12-04 02:09 - 2015-12-04 02:09 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-12-04 02:09 - 2015-12-04 02:09 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-12-04 02:09 - 2015-12-04 02:09 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-12-04 02:09 - 2015-12-04 02:09 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-12-04 02:09 - 2015-12-04 02:09 - 00000000 ____D C:\Program Files (x86)\OpenAL
2015-12-04 02:04 - 2015-06-07 00:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-12-04 00:57 - 2015-12-04 00:57 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\The Isle.url
2015-12-03 14:58 - 2015-12-03 14:58 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 14:57 - 2015-12-03 14:57 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-01 00:24 - 2015-12-01 13:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-01 00:22 - 2015-12-01 13:20 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-30 23:29 - 2015-12-10 22:29 - 00000911 _____ C:\Windows\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574}.job
2015-11-30 23:29 - 2015-11-30 23:29 - 00003978 _____ C:\Windows\System32\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574}
2015-11-30 23:29 - 2015-11-30 23:29 - 00000000 ____D C:\Program Files\Common Files\EPSON
2015-11-30 23:14 - 2015-11-30 23:14 - 00000000 ____D C:\Program Files\EpsonNet
2015-11-30 22:50 - 2015-11-30 22:51 - 00000123 _____ C:\Users\Public\Desktop\Epson Connect Site.url
2015-11-30 22:50 - 2015-11-30 22:50 - 00001148 _____ C:\Users\Public\Desktop\EPSON-Handbücher.lnk
2015-11-30 22:47 - 2015-11-30 23:53 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Epson
2015-11-30 22:47 - 2015-11-30 23:38 - 00000000 ____D C:\Program Files (x86)\Epson Software
2015-11-30 22:47 - 2015-11-30 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-11-30 22:45 - 2015-11-30 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-11-30 22:45 - 2015-11-30 22:51 - 00000000 ____D C:\Program Files (x86)\epson
2015-11-30 22:45 - 2015-11-30 22:45 - 00000934 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-11-30 22:45 - 2014-02-25 00:00 - 00466944 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2015-11-30 22:45 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2015-11-30 22:45 - 2010-11-22 13:27 - 00147472 _____ (TWAIN Working Group) C:\Windows\SysWOW64\twaindsm.dll
2015-11-30 22:44 - 2013-12-06 04:05 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMBMAE.DLL
2015-11-30 22:44 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BMAE.DLL
2015-11-30 22:44 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2015-11-30 22:36 - 2015-11-30 23:31 - 00000000 ____D C:\ProgramData\Epson
2015-11-20 19:58 - 2015-11-25 22:08 - 00000000 ____D C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499
2015-11-17 22:01 - 2015-11-17 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-11-17 22:01 - 2015-11-17 22:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-11-17 02:57 - 2015-11-17 02:57 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\Samsung
2015-11-17 02:57 - 2015-11-17 02:57 - 00000000 ____D C:\ProgramData\Samsung
2015-11-17 02:55 - 2015-11-17 02:55 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-17 02:55 - 2015-11-17 02:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-11-17 02:53 - 2015-11-17 02:55 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Samsung
2015-11-17 02:53 - 2015-11-17 02:53 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-11-17 02:53 - 2015-09-11 11:54 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2015-11-14 22:01 - 2015-11-14 22:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablett
2015-11-14 22:00 - 2015-11-14 22:00 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Wacom Help
2015-11-11 20:09 - 2015-11-11 20:09 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Wacom
2015-11-11 19:56 - 2015-05-26 23:33 - 01952448 ____N (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2015-11-11 19:56 - 2015-05-26 23:33 - 01583296 ____N (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2015-11-11 19:55 - 2015-05-26 23:33 - 01959616 ____N (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2015-11-11 19:55 - 2015-05-26 23:33 - 01590464 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-10 22:35 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows
2015-12-10 22:01 - 2014-01-11 09:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-10 18:10 - 2014-01-11 09:02 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 14:47 - 2015-06-22 17:30 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-10 14:40 - 2015-06-22 17:30 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-10 14:27 - 2014-08-07 21:49 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\CrashDumps
2015-12-10 12:02 - 2014-04-04 22:40 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-10 11:44 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-10 11:44 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-10 11:30 - 2014-05-29 15:01 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\LogMeIn Hamachi
2015-12-10 11:30 - 2014-01-07 20:08 - 00000000 ____D C:\ProgramData\Realtek
2015-12-10 11:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-10 11:27 - 2015-06-12 11:45 - 00000000 __SHD C:\Users\MadlinNoxXedalia\AppData\Roaming\ggfgacfg
2015-12-10 11:25 - 2014-01-19 19:23 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Skype
2015-12-08 00:39 - 2014-08-28 02:08 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\ElevatedDiagnostics
2015-12-07 23:14 - 2015-04-28 14:49 - 00000000 ____D C:\kein programm ber bilder von handy
2015-12-07 10:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-05 18:54 - 2014-07-18 16:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\My Games
2015-12-05 17:53 - 2014-01-11 09:02 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 17:53 - 2014-01-11 09:02 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 15:57 - 2014-11-05 18:35 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\osu!
2015-12-04 02:08 - 2014-08-02 19:56 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-04 00:17 - 2011-04-12 08:43 - 00760088 _____ C:\Windows\system32\perfh007.dat
2015-12-04 00:17 - 2011-04-12 08:43 - 00173736 _____ C:\Windows\system32\perfc007.dat
2015-12-04 00:17 - 2009-07-14 06:13 - 01797514 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-01 13:16 - 2014-08-17 18:18 - 00000000 ____D C:\ProgramData\Adobe
2015-12-01 12:35 - 2014-01-07 13:27 - 00000000 ____D C:\Users\MadlinNoxXedalia
2015-12-01 00:31 - 2014-08-17 18:30 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Adobe
2015-12-01 00:30 - 2014-07-26 18:10 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\LocalLow\Adobe
2015-12-01 00:30 - 2014-01-09 04:50 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Adobe
2015-12-01 00:21 - 2014-08-17 18:17 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-30 22:51 - 2014-01-07 19:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-21 18:34 - 2014-11-07 17:43 - 00000000 ____D C:\PaintToolSAI
2015-11-20 21:49 - 2014-12-14 16:15 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\CELSYS_EN
2015-11-20 20:19 - 2015-03-20 23:29 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\CELSYS
2015-11-19 16:31 - 2014-05-02 03:26 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-11-19 16:31 - 2014-05-02 03:10 - 00000000 ____D C:\AeriaGames
2015-11-19 16:28 - 2014-05-02 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-11-19 16:08 - 2014-06-19 13:51 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\ZU VIELE ORDNER
2015-11-14 21:59 - 2014-10-21 19:04 - 00000000 ____D C:\Program Files\Tablet
2015-11-14 21:58 - 2014-10-21 19:04 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\WTablet
2015-11-14 21:56 - 2014-01-15 14:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\TS3Client
2015-11-14 20:55 - 2014-01-15 14:37 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\TeamSpeak 3 Client
2015-11-14 20:22 - 2014-02-04 14:10 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\LolClient
2015-11-12 15:16 - 2014-02-25 21:13 - 00000000 ____D C:\ProgramData\Origin
2015-11-12 11:51 - 2014-07-05 09:33 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-11-11 20:10 - 2014-01-22 20:42 - 00000000 ____D C:\Users\MadlinNoxXedalia\.android
2015-11-10 22:10 - 2014-02-25 21:13 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-11-10 22:05 - 2014-02-25 21:17 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Origin
2015-11-10 21:35 - 2014-02-25 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-11-10 21:35 - 2014-02-25 21:13 - 00000000 ____D C:\Program Files (x86)\Origin

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-01-07 20:10 - 2015-12-10 11:30 - 0060223 _____ () C:\Users\MadlinNoxXedalia\AppData\Local\BTServer.log

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Zonecoast\zonetrain.exe
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Bridge-tank\bridge-panic.exe
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Moneymiss\money-prove.exe
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Model-settle\model_judge.exe
C:\Users\MadlinNoxXedalia\Setup.exe


Einige Dateien in TEMP:
====================
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\avgnt.exe
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\DllMonoCtrl.dll
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\NGM.exe
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\NGMDll.dll
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\NGMResource.dll
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\raptrpatch.exe
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\SkypeSetup.exe
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\StereoControl.dll
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\tempmessage.bfg
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\_is92EC.exe
C:\Users\MadlinNoxXedalia\AppData\Local\Temp\_isAA53.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-10 06:38

==================== Ende von FRST.txt ============================
         

und hier addition.txt

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-12-2015
durchgeführt von MadlinNoxXedalia (2015-12-10 22:36:17)
Gestartet von C:\Users\MadlinNoxXedalia\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-07 12:27:02)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1264982542-3644169772-3020182689-500 - Administrator - Disabled)
Gast (S-1-5-21-1264982542-3644169772-3020182689-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1264982542-3644169772-3020182689-1003 - Limited - Enabled)
MadlinNoxXedalia (S-1-5-21-1264982542-3644169772-3020182689-1000 - Administrator - Enabled) => C:\Users\MadlinNoxXedalia

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Dragon's Prophet (HKLM-x32\...\{C31556D7-F2B9-4787-B223-F7A035067E89}_is1) (Version: 2.1.1409.26 - Infernum Productions AG)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.60.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR コンポーネント (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.20.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF 機能拡張 (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON WF-2660 Series Printer Uninstall (HKLM\...\EPSON WF-2660 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.13.2.4_WHQL (HKLM\...\Elantech) (Version: 11.13.2.4 - ELAN Microelectronic Corp.)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Gameforge Live 2.0.7 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.7 - Gameforge)
GamersFirst LIVE! (HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
IMVU Avatar Chat Software (HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
Lucent Heart EN (HKLM-x32\...\{3C05F539-3641-4ED1-B88F-DEA9DAD620E3}) (Version: 7.02.0700 - Suba Games)
m2tools CheeseWare EmoteMovieMaker (HKLM-x32\...\m2tools CheeseWare EmoteMovieMaker) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.4.3 - Steganos Software GmbH)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{4096d8e4-186c-47a3-accd-262b001792cf}) (Version: latest - ppy Pty Ltd)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
Primal Carnage (HKLM-x32\...\Steam App 215470) (Version:  - Lukewarm Media)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.728.728.042813 - )
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0212 - )
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Hidden
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) <==== ACHTUNG
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.04.0000 - Electronic Arts)
SPORE™ Galaktische Abenteuer (HKLM-x32\...\{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}) (Version: 1.00.0000 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Endless Forest (HKLM-x32\...\The Endless Forest_is1) (Version:  - Tale of Tales)
The Isle (HKLM-x32\...\Steam App 376210) (Version:  - The Isle Development Team)
Unity Web Player (HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.12-2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Wildlife Park 2 - Meine Haustiere WildlifePark2_MeineHaustiere_DE_v2.1 (HKLM-x32\...\Wildlife Park 2 - Meine Haustiere_is1) (Version:  - Deep Silver)
Wildlife Park 3 v1.0 (HKLM-x32\...\Wildlife Park 3_is1) (Version:  - bitComposer Games)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Zoo Tycoon 2 - Ultimate Collection (HKLM-x32\...\InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}) (Version: 1.00.0000 - Microsoft Game Studios)
Zoo Tycoon 2 - Ultimate Collection (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Wiederherstellungspunkte =========================

05-12-2015 21:05:24 Geplanter Prüfpunkt
07-12-2015 10:34:49 DirectX wurde installiert

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {4F927475-525A-4AB6-9514-C699942BD8C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {7E9DD196-B61B-43AD-865F-0C7EC4420F2F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-10] (AVAST Software)
Task: {82235F78-4935-4157-8D6E-6A87E14BE13D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software)
Task: {AE418D2D-6DDD-4F0D-9649-5F0D4882195E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {BB727D35-D552-4D51-A387-1D5FB77299E2} - System32\Tasks\{042C2C75-2E01-4633-8542-120740C2A0F4} => pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\SPORE\Support\SPORE(TM)_code.exe" -d "C:\Program Files (x86)\Electronic Arts\SPORE\Support"
Task: {CC6D44EC-D7D9-4760-9892-633919DF18D6} - System32\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMAE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {F216768D-FEF3-4172-A177-945E9A791EB1} - System32\Tasks\{49BAD341-D73C-4D29-A03C-BF96CC53373A} => pcalua.exe -a "C:\Users\MadlinNoxXedalia\Documents\ZU VIELE ORDNER\DUMP\dxtbmpx.exe" -d "C:\Users\MadlinNoxXedalia\Documents\ZU VIELE ORDNER\DUMP"
Task: {F7DB6D5D-0F7C-40B0-9D0E-78BD0F96EB2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMAE.EXE:/EXE:{2BAE1787-6CC2-432C-A807-F4A75FEC7574} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-01-08 15:32 - 2015-07-23 05:06 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-08 15:33 - 2015-07-23 02:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-07 20:08 - 2013-04-25 16:32 - 00047104 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-11-11 19:55 - 2015-05-26 23:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-10-21 19:04 - 2014-08-19 20:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-01-07 20:08 - 2013-04-09 14:42 - 00265728 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe
2015-06-22 17:29 - 2015-06-22 17:29 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-22 17:29 - 2015-06-22 17:29 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-09 23:14 - 2015-12-09 23:14 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15120901\algo.dll
2015-12-10 14:40 - 2015-12-10 14:40 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15121000\algo.dll
2014-01-08 15:32 - 2015-07-23 05:06 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-07-25 15:34 - 2015-08-27 01:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-06-22 17:29 - 2015-06-22 17:29 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-08 16:07 - 2013-02-15 16:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-04-04 22:55 - 2015-10-05 17:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-30 17:26 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-30 17:26 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-30 17:26 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-29 15:08 - 2015-11-10 03:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 22:29 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 22:29 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 22:29 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 22:29 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 22:29 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-04-04 22:55 - 2015-11-10 03:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 10:35 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2014-04-04 22:55 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:3BCA993F
AlternateDataStreams: C:\ProgramData\TEMP:FACB65E7

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\100sexlinks.com -> 100sexlinks.com

Da befinden sich 4788 mehr Seiten.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MadlinNoxXedalia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: OkayFreedom VPN Starter Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: WinDefend => 3
MSCONFIG\startupfolder: C:^Users^MadlinNoxXedalia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MadlinNoxXedalia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: OKAYFREEDOM_Agent => "C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{5C87342B-3B93-4F94-A5E1-89505EF91BFA}] => (Allow) C:\Program Files\Dragons Prophet\dp_x64.exe
FirewallRules: [{72BB572B-85B6-4636-ADE9-2C59C1D33AC5}] => (Allow) C:\Program Files\Dragons Prophet\launcher.exe
FirewallRules: [{BB4ABAA1-B187-4CDB-9307-4A3E75620252}] => (Allow) C:\Program Files\Dragons Prophet\dp_x64.exe
FirewallRules: [{7FF67731-A801-4740-B7F2-6C351FB8D811}] => (Allow) C:\Program Files\Dragons Prophet\launcher.exe
FirewallRules: [{4C85592A-480C-4B63-9CA3-0751707CA5A5}] => (Allow) C:\Program Files\Dragons Prophet\dp_x86.exe
FirewallRules: [{8E54E5AC-65C8-4ACA-A2BC-7C8FC05A21BA}] => (Allow) C:\Program Files\Dragons Prophet\dp_x86.exe
FirewallRules: [{1E9B8AFB-5A17-48BE-8BE5-85F5DE493D7D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{28388365-AD4E-4DDF-9764-C9FE6D40A744}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{27991959-10B4-4262-B19B-9D6BDF0361D5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{C2D3B8E9-3F21-46D3-A20E-263B0D8F578F}C:\program files (x86)\tale of tales\the endless forest 3\forestviewer.exe] => (Block) C:\program files (x86)\tale of tales\the endless forest 3\forestviewer.exe
FirewallRules: [UDP Query User{9F68B486-820A-4729-98DC-E4CC98E89DAB}C:\program files (x86)\tale of tales\the endless forest 3\forestviewer.exe] => (Block) C:\program files (x86)\tale of tales\the endless forest 3\forestviewer.exe
FirewallRules: [TCP Query User{A8B86F7D-440B-4E94-89B4-0C3F1C4F547F}C:\program files (x86)\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [UDP Query User{F9CAA656-7DBC-46AC-8722-D27EF0F141B3}C:\program files (x86)\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [{CC55E0DA-EADB-4FC2-A1C0-B0A5D3A2B0AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{B846C810-EE52-489D-8832-899F952EAF82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{E0FD47FF-F9CF-47F1-8AA8-47B5C41E2AF7}C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5F1C4052-B350-48A7-89FF-B45FDAE61E46}C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe
FirewallRules: [{1850CB42-4BCD-4B24-8FBC-CD56A723EF9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{33A568F3-7903-4F35-94D4-0635D42108B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [TCP Query User{A9BF4C9E-81A7-4C95-801C-28AC33EE282E}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{BE4C4297-5BF0-44BA-8472-8302A69EA7A0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{1F656D5F-4E98-4AC0-926C-71295FC6295F}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{0556B9AA-C486-48F2-9A2E-4914E9F7A246}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [TCP Query User{7B129B4E-8C87-4800-B63E-671A4B40AE93}C:\program files (x86)\perfect world entertainment\swordsman_de\patcher\patcher.exe] => (Allow) C:\program files (x86)\perfect world entertainment\swordsman_de\patcher\patcher.exe
FirewallRules: [UDP Query User{1787D24B-A7B6-4CE9-895C-F0BEAD3A9E7C}C:\program files (x86)\perfect world entertainment\swordsman_de\patcher\patcher.exe] => (Allow) C:\program files (x86)\perfect world entertainment\swordsman_de\patcher\patcher.exe
FirewallRules: [TCP Query User{0CA0CD75-DD75-4684-87D3-C2F96F65154B}C:\program files\java\jre8\bin\javaw.exe] => (Allow) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [UDP Query User{EB55F337-4BB9-46A4-B912-071366981AF6}C:\program files\java\jre8\bin\javaw.exe] => (Allow) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [{CF959F01-794A-47BF-A67D-2D65436FDA8A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{0B6FDBAB-F719-4861-A8F0-BDAEC8169662}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{215CE42D-3D07-4D5B-8011-DC920BD23A5B}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\S.K.I.L.L\Binaries\Win32\sf2.exe
FirewallRules: [{E43B49C4-0A78-4729-8436-4C2B7F98A57B}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\S.K.I.L.L\Binaries\Win32\sf2.exe
FirewallRules: [{03E64D40-5FCD-47D7-B5DA-74EA9650A8EC}] => (Allow) C:\Program Files (x86)\Dragon's Prophet Vendetta\dp_x86.exe
FirewallRules: [{1F9BC9EE-445B-4E72-8A56-195812D35660}] => (Allow) C:\Program Files (x86)\Dragon's Prophet Vendetta\launcher.exe
FirewallRules: [{A0B5D773-8E31-4752-A295-22F5C66EECFA}] => (Allow) C:\Program Files (x86)\Dragon's Prophet Vendetta\launcher.exe
FirewallRules: [{4DC0174D-E81A-4AC8-889C-7535F298C946}] => (Allow) C:\Program Files (x86)\Dragon's Prophet Vendetta\dp_x64.exe
FirewallRules: [{49D5EE15-C5EA-4AE2-AB4E-F0A8422A47A5}] => (Allow) C:\Program Files (x86)\Dragon's Prophet Vendetta\dp_x86.exe
FirewallRules: [{AD4399D8-7F57-48B7-807D-5B7EA8E7B5D4}] => (Allow) C:\Program Files (x86)\Dragon's Prophet Vendetta\dp_x64.exe
FirewallRules: [{9FBC3489-F3BF-415C-8416-B980A88835FF}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{4A0ED87E-4507-4598-9D08-E50E95C08A62}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe
FirewallRules: [{FF0DF88D-9CBB-454D-AB03-28522DCD3A3B}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{BF8AA4FD-0E4F-4790-82A3-6E205EC79615}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{DAB962A3-67FF-4B00-AF32-89542D4CC2C2}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{F7060CA6-AD36-40D0-A167-1D485D3B857A}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{11C250D0-CCBE-4416-A661-FFFA66228A0A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1FD62E01-7739-4FE7-95E0-46CB4462E013}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{3F4461C4-B580-4A81-B282-BCA9C823EF4D}C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{011F890B-B316-4695-BE21-167D703F71E4}C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe
FirewallRules: [{8CD250D3-B8C3-4559-BC74-D09C2790B9CE}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe
FirewallRules: [{72E390E4-77E5-4F41-97B4-6AD001E8009E}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe
FirewallRules: [{108A1A1A-DF0F-4FB3-8B80-97C0EA0D4735}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe
FirewallRules: [{26013C2A-3D36-4B63-A47A-923988F96C64}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe
FirewallRules: [{4B7344D5-A25C-45AA-B1AB-603B88AF3DAA}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe
FirewallRules: [{8C723D19-617E-4E44-8511-7E2EA97B9556}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe
FirewallRules: [{8863D2C3-2BC0-4A20-9C7B-A5DD5F2B460A}] => (Allow) LPort=49189
FirewallRules: [{8DC5B86A-B5A1-483C-8C8A-8006E675AA27}] => (Allow) LPort=5000
FirewallRules: [{41D89219-9FD8-41ED-B175-8D66ACBBF6A1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ECEE8FB2-5FAB-402E-93A0-18A73D53AE7A}] => (Allow) LPort=2869
FirewallRules: [{A47C1DF1-B86A-4477-B5A7-CBFF4BB0DCA1}] => (Allow) LPort=1900
FirewallRules: [{CC0F7DED-7B98-49CA-8B07-8DC91E44FD11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{1A0E0717-19C1-441B-B70D-5E704963F869}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{61517417-9E8D-4BE9-91C8-CD6240CD6B77}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3E699339-A8C7-4B19-8451-94C0EA9B9C34}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D61F1958-1F5B-46E8-B040-B4740762B98A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{69D2C889-2D21-4C70-8EA7-BDCB7697077F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{485D9403-D9EA-4B5F-9D43-F91B538B212A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{2AE7C7A3-9BCD-46B1-A5AB-4DEE6ADBE242}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{C7D30DED-E287-4AD5-9D4C-0E3BC2E0F97E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{942C9055-2CAC-4472-8A75-EADA0391BDB0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [TCP Query User{DE38EBC3-BB42-4D6F-8DD5-833098B149E8}C:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{F1CCF053-B96C-4D91-88F4-A92030DC12DD}C:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [TCP Query User{49D79621-AF80-46DC-BA1C-6525FA2D950E}C:\program files\java\jre8\bin\javaw.exe] => (Block) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [UDP Query User{0ABE3B8C-533C-4C5C-9242-8437816803EA}C:\program files\java\jre8\bin\javaw.exe] => (Block) C:\program files\java\jre8\bin\javaw.exe
FirewallRules: [{2D70971C-3382-4811-8A74-A13F5A638431}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A68EA6A3-4256-4221-9950-44C72C7F4BBB}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{480977EB-822A-458D-960E-9E329DC5DD21}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{79528D55-E0C1-47E0-97E9-070E3CE65E27}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{A2D0505C-360A-4079-ADCF-9810B618D066}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{99D2531D-F50D-413F-83FB-4977B89801A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D6E0FF65-3BCF-4668-A39D-EF1D8CBE2B15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{7D804D47-6131-40C0-81D3-06A487C38941}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{4FC96207-CB34-416F-AA5F-8F3FBA139008}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{5964B060-06F1-4D1F-BCB0-14C431FEF97A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{A77D1059-14E0-4227-A55B-2BAB27399D02}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{36FFF2A0-411B-4D08-BEFA-DB508AD381C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{C8353428-4FE1-483E-A0B8-BA8D8B26E74E}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{AAAD2727-10C6-4C39-A5B9-051A336CF1AD}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{2D954142-204B-4735-A1F1-E636645CCD1A}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{62C69564-DB53-47B6-9957-58CF037426AB}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [{EB14C50A-8921-48C2-8834-FA9880427276}] => (Block) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [{8E256257-F389-4853-8518-EDA33352137E}] => (Block) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DF0D3495-B170-406D-9E2A-B15CB5A6B2BB}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2A207326-5460-4F08-824E-8497DB3316BB}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C2DD02FE-22FA-4DE0-A30A-459A8485B401}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [UDP Query User{BE94431A-0525-4470-AE8E-1871AF17A93E}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe
FirewallRules: [TCP Query User{FB4C00CC-997C-421D-AB3E-352C82EE2952}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [UDP Query User{29902F37-5F8D-42D3-BA96-D2BE79ED087B}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe
FirewallRules: [{61E2B217-E7DC-41D0-9DA3-28D3805FEBEE}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [{84DFEF6E-E747-4E9E-8A38-E5124F23B035}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin
FirewallRules: [TCP Query User{FEEEFB04-224B-4D54-9500-1C1875889239}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C79277D6-1E86-4D45-881F-3ECE71D83723}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{0E9BDDB5-6318-4684-A141-4A3DEF863840}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{2118F336-F503-459B-8E56-8C38D3794D97}] => (Allow) C:\Program Files\Java\jre8\bin\javacpl.exe
FirewallRules: [{FD3BA9EF-989F-4E0F-8970-61E786BA005B}] => (Allow) C:\Program Files\Java\jre8\bin\javacpl.exe
FirewallRules: [{F8775F61-8E2B-4973-8EDC-7E4306E19DEF}] => (Allow) C:\Program Files\Java\jre8\bin\javacpl.exe
FirewallRules: [{29FE01D6-2B9C-4D86-978D-C89D2C0B32F5}] => (Allow) C:\Program Files\Java\jre8\bin\javacpl.exe
FirewallRules: [{7FF2164A-6782-49CC-A5E6-AF0918767238}] => (Allow) C:\Users\MadlinNoxXedalia\AppData\Local\GamersFirst\LIVE!\Live.exe
FirewallRules: [{F1CF6F63-66B9-482A-994E-E5EBA29195D4}] => (Allow) C:\Users\MadlinNoxXedalia\AppData\Local\GamersFirst\LIVE!\Live.exe
FirewallRules: [{2B6E9599-06C9-4669-860C-F25D93CCA078}] => (Allow) C:\Users\MadlinNoxXedalia\AppData\Local\GamersFirst\LIVE!\Live.exe
FirewallRules: [{957CDED5-1887-4414-BEDA-3B6A0A39AF52}] => (Allow) C:\Users\MadlinNoxXedalia\AppData\Local\GamersFirst\LIVE!\Live.exe
FirewallRules: [{F8D6C16A-69C7-470A-B69E-54D6D71A56F7}] => (Allow) C:\ProgramData\gamigo\Fiesta Online DE\FiestaOnline.exe
FirewallRules: [{1DFC9006-5204-4440-83C2-6FF498F19650}] => (Allow) C:\ProgramData\gamigo\Fiesta Online DE\FiestaOnline.exe
FirewallRules: [{8C1F5B0D-0A90-479D-9A91-267E35CC908E}] => (Allow) C:\ProgramData\gamigo\Fiesta Online DE\FiestaOnline.exe
FirewallRules: [{0E6F1F52-40F5-46E7-A55F-7A91104AEA6D}] => (Allow) C:\ProgramData\gamigo\Fiesta Online DE\FiestaOnline.exe
FirewallRules: [{5AA3CEAB-6CBD-4A9A-9312-6CB2727C3384}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7AF1485D-71C4-4428-9F03-6A2288E456DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{490A8A66-797B-4E4C-B7E4-C6869BED1B6D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{447A44DD-1496-4B8E-A5E7-A3DDE4BA04B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6388DF06-7215-407C-A153-5ED8C37ABDD2}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{E4FE105B-4C41-40FF-B738-B5AFCFD2CBEA}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{23C129D3-1D4F-437B-8553-8B408EAE5D7C}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{3B265F29-E020-42FD-B1B2-9ECBA53A97AC}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{BE595346-E7B8-4123-918A-D31FD6B37AC4}] => (Allow) C:\Program Files\OBS\OBS.exe
FirewallRules: [{CA3F7991-69EE-45E0-AD39-C106D4374752}] => (Allow) C:\Program Files\OBS\OBS.exe
FirewallRules: [{A17A1E2E-6B36-4433-A20C-8A35EE1D86FC}] => (Allow) C:\Program Files\OBS\OBS.exe
FirewallRules: [{BFD6B32B-81CA-46C6-BE1D-78655F79671E}] => (Allow) C:\Program Files\OBS\OBS.exe
FirewallRules: [{818D8158-1E6E-4775-A700-23CFB7E8BDCB}] => (Allow) C:\GOG Games\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe
FirewallRules: [{66C8EC46-945D-4DB8-A7ED-766F824466FF}] => (Allow) C:\GOG Games\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe
FirewallRules: [{4B4163B0-D626-45D4-80DD-7826798EEB21}] => (Allow) C:\GOG Games\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe
FirewallRules: [{B55A7F65-98E2-4A75-9F4D-1D3090919D4E}] => (Allow) C:\GOG Games\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe
FirewallRules: [{61060715-B824-45C2-AA42-A046F4F812A3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2C2A7C9B-ECCF-4B47-9893-E39446CBA435}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9C735C37-FD56-46C5-A2B6-F4C44EC69305}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{83FAD9E1-5049-40F4-BB48-F3936C48E99E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FA8FBB30-5DCF-4E2C-A213-18556852C97D}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto San Andreas\gta_sa.exe
FirewallRules: [{7F2EEC97-E86A-49C4-9071-DF2C93075632}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto San Andreas\gta_sa.exe
FirewallRules: [{A0C0EF4C-B6FE-47C3-ADA4-6A7FA80D5788}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto San Andreas\gta_sa.exe
FirewallRules: [{562BC2EE-0E50-4C6F-89D9-95B2F757B1EA}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto San Andreas\gta_sa.exe
FirewallRules: [{C7C6345D-55C1-43D5-B82E-031D619819B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{4AF5EAC4-4D73-4573-B661-10D6FBE93B4A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{DA5E2D70-9DB4-44EE-8A0E-EE75BCB34F18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{81B8AE51-5DCE-4462-A01B-3193FB8568CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [TCP Query User{9EADF9D6-9AB7-4834-838B-C5614332A268}C:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe
FirewallRules: [UDP Query User{A98CBF5F-84E7-4B99-A667-50D9D6427627}C:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe
FirewallRules: [{FE3FF99A-905E-4C98-89AF-B16BEF4A0B68}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F66BA742-2E30-4C71-9C99-AFF3F7A4CC27}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AB61B7BA-0AD8-421B-8F99-C75883512633}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3434E4BE-282F-4F81-86AF-235F29010197}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{99BFBA92-BAB7-4AB6-84B6-7024A6C97B8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{CC7A1D1A-5C46-4C4C-81F2-D418395986C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CD5A7076-FFC2-4B17-A156-6096EA6C496B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{33ACFDF6-CEAA-41F6-BAB5-755098BA949A}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{F3C48A12-C394-4C1D-884C-D9068FEB90B1}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{AA32A684-51EE-4581-9A0A-B09C2DADB199}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{8EDAC7DF-05C9-4EB2-BBA9-04AE09DE4F94}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [{CAC71CA6-6EE8-40CB-8495-BBBA12013DA3}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{2D800C0E-6CDD-4339-9948-2B8865EF908A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{617A06BA-3BF6-4ED5-A15F-D1DB4E6DFDC3}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{2F74536E-FD2F-4445-B745-8D5362CBD60B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{70619D12-BADE-47B3-ABCB-59BA8D3F1E85}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{B5E8830E-07AB-47C5-AA6F-D5F7BCD6B413}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{FB9FE1C5-28A9-4600-8FAC-BB359AFE2C9E}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{8C4B3A43-B16E-4C8B-AA3D-4DBB867437F4}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{27C94D1B-FF0D-4581-89F0-E0E1101B8C18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [{9AE6E3D3-2031-4258-86C8-621B9028551D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [{55D29DBB-3C6D-499E-B775-97B20F24700B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2332B60E-8EB0-40ED-A4E6-504ADC05472D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{01669386-3377-4FB0-A866-3A5F4C2BFF26}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [{8B9F5F01-B425-4331-B594-B995493DF27E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [{851C697A-9B62-45B4-A68A-E51968E50A86}] => (Allow) LPort=57490
FirewallRules: [{AD4E2727-4A17-4CF6-99F0-EDE19AEA3D9F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D0F9ECE0-1863-475E-9C92-A1804DD128DA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{50C70679-97EB-4A10-B172-9F659E37DF71}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A6753B4C-652C-4EC8-9BCE-DDDC8CFE3739}] => (Allow) LPort=57304
FirewallRules: [{15ED5F8E-FC87-4B6E-95FC-125DB52E7B2E}] => (Allow) LPort=5000

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/10/2015 04:24:01 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf dem Schattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Die Routine hat E_INVALIDARG zurückgegeben.
Routinedetails GetSnapshot({00000000-0000-0000-0000-000000000000},000000000036DAE0).


Vorgang:
   Eigenschaften der Schattenkopie abrufen

Kontext:
   Ausführungskontext: Coordinator

Error: (12/10/2015 02:27:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661f059
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000cea5f
ID des fehlerhaften Prozesses: 0x2370
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (12/10/2015 02:27:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661f059
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000cea5f
ID des fehlerhaften Prozesses: 0x490
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (12/10/2015 02:14:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661f059
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039e33
ID des fehlerhaften Prozesses: 0x20f0
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (12/10/2015 12:06:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661f059
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039e33
ID des fehlerhaften Prozesses: 0xa3c
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (12/10/2015 11:29:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2015 07:13:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2015 11:41:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2015 07:03:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2015 09:09:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (12/10/2015 11:26:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/09/2015 07:12:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/09/2015 07:12:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (12/09/2015 07:11:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎09.‎12.‎2015 um 19:10:13 unerwartet heruntergefahren.

Error: (12/06/2015 07:45:56 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (12/06/2015 07:40:28 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.

Error: (12/05/2015 01:27:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (12/04/2015 09:00:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/04/2015 09:00:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (12/04/2015 08:58:33 PM) (Source: volsnap) (EventID: 27) (User: )
Description: Die Schattenkopien von Volume "C:" wurden während der Ermittlung abgebrochen, weil eine kritische Steuerungsdatei nicht geöffnet werden konnte.


CodeIntegrity:
===================================
  Date: 2015-02-24 19:55:16.350
  Description: Windows konnte die Abbildintegritat der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\wachidrouter.sys" nicht uberprufen, weil der Dateihash nicht im System gefunden wurde. Moglicherweise wurde durch eine kurzlich durchgefuhrte Hardware- oder Softwareanderung eine falsch signierte oder beschadigte Datei oder eine Datei, bei der es sich um schadliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-24 19:55:16.318
  Description: Windows konnte die Abbildintegritat der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\wachidrouter.sys" nicht uberprufen, weil der Dateihash nicht im System gefunden wurde. Moglicherweise wurde durch eine kurzlich durchgefuhrte Hardware- oder Softwareanderung eine falsch signierte oder beschadigte Datei oder eine Datei, bei der es sich um schadliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 4017.17 MB
Verfügbarer physikalischer RAM: 1764.3 MB
Summe virtueller Speicher: 8032.54 MB
Verfügbarer virtueller Speicher: 4828.99 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:463.9 GB) (Free:132.57 GB) NTFS
Drive d: (Xbox360_1_2) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 095DF725)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=463.9 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
__________________

Alt 11.12.2015, 06:41   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Keine sensiblen Logins mehr von diesem PC bis zum clean. Wichtige Online-Passwörter von einem anderen PC oder Handy ändern.

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
CloseProcesses:
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [zone-read] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Zonecoast\zonetrain.exe [113664 2015-12-09] () <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [bridge-admit] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Bridge-tank\bridge-panic.exe [160328 2015-12-10] (Paragon Software Group) <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [money-come] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Moneymiss\money-prove.exe [133960 2015-12-10] () <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [model-wrap] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Model-settle\model_judge.exe [137288 2015-12-10] () <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [zone-read] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Zonecoast\zonetrain.exe [113664 2015-12-09] () <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [model-wrap] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Model-settle\model_judge.exe [137288 2015-12-10] () <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [money-come] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Moneymiss\money-prove.exe [133960 2015-12-10] () <===== ACHTUNG
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [mosfet-6] => C:\Users\MadlinNoxXedalia\AppData\Roaming\mosfet-1\mosfet-78.exe [624128 2015-12-10] (American Megatrendz, Inc)
C:\Users\MadlinNoxXedalia\AppData\Roaming\mosfet-1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1408159751&from=cor&uid=HGSTXHTS545050A7E680_TMA55C4T2492WL2492WLX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1408159751&from=cor&uid=HGSTXHTS545050A7E680_TMA55C4T2492WL2492WLX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0B77C6FD-6C10-4D0E-A7F5-1E667CD92B85&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => Keine Datei
EmptyTemp:
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Entfernen-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Nach dem Reboot:

Schritt 2



Bitte starte FRST erneut, und drücke auf Untersuchen.
Bitte poste mir den Inhalt des Logs.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 11.12.2015, 12:12   #5
silaries
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Vielen Dank für die Hilfe erstmal

So hier die FRST.txt :

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
durchgeführt von MadlinNoxXedalia (Administrator) auf JIMMY (11-12-2015 12:04:05)
Gestartet von C:\Users\MadlinNoxXedalia\Desktop
Geladene Profile: MadlinNoxXedalia (Verfügbare Profile: MadlinNoxXedalia & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(AVAST Software) C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
(Akamai Technologies, Inc.) C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMAE.EXE
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Akamai Technologies, Inc.) C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-03-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-10] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-06-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-06-01] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [Akamai NetSession Interface] => C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMAE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\MountPoints2: {0f09794a-7876-11e3-a376-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\MountPoints2: {7085169a-77d0-11e3-92d4-806e6f6e6963} - D:\CDSetup.exe
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Keine Datei
AppInit_DLLs:  C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-10] (AVAST Software)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{8E59BC53-669B-4B6F-ACA7-963EE04C58DF}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{EE7416E6-35C3-4E97-9310-BA4AA4C50EE9}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-07-05] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-10] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-07-05] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-10-21] (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-10] (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-11-13] ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-07-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-07-05] (Oracle Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [Keine Datei]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-10-21] (Perfect World Entertainment Inc)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MadlinNoxXedalia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-25] ()
FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-11]

Chrome: 
=======
CHR Profile: C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Präsentationen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28]
CHR Extension: (Google Docs) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28]
CHR Extension: (Google Drive) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (AdBlock) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blipnejacaoebmeelgjgifelpnikhiec [2015-02-28]
CHR Extension: (YouTube) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-Suche) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Tabellen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28]
CHR Extension: (Google Docs Offline) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Noiz yE) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oniglohbipbekimgjdmgbbllgnejffbm [2015-02-28]
CHR Extension: (Google Mail) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-10]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-10]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-08-17] (Adobe Systems) [Datei ist nicht signiert]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-10] (AVAST Software)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-04-02] (Realtek Semiconductor Corporation) [Datei ist nicht signiert]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [Datei ist nicht signiert]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
S4 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-10] (Electronic Arts)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [Datei ist nicht signiert]
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [654528 2015-05-26] (Wacom Technology, Corp.)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-10] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [535624 2013-03-28] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
S3 cpuz137; \??\C:\Users\MADLIN~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-11 11:56 - 2015-12-11 11:59 - 00008662 _____ C:\Users\MadlinNoxXedalia\Desktop\Fixlog.txt
2015-12-10 22:34 - 2015-12-10 22:36 - 00062867 _____ C:\Users\MadlinNoxXedalia\Desktop\Addition.txt
2015-12-10 22:33 - 2015-12-11 12:04 - 00022627 _____ C:\Users\MadlinNoxXedalia\Desktop\FRST.txt
2015-12-10 22:33 - 2015-12-11 12:04 - 00000000 ____D C:\FRST
2015-12-10 22:31 - 2015-12-10 22:32 - 02369024 _____ (Farbar) C:\Users\MadlinNoxXedalia\Desktop\FRST64.exe
2015-12-10 14:47 - 2015-12-10 14:40 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-10 14:41 - 2015-12-10 14:48 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-12-10 14:40 - 2015-12-10 14:40 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-10 14:36 - 2015-12-10 14:37 - 05080288 _____ (AVAST Software) C:\Users\MadlinNoxXedalia\Desktop\avast_free_antivirus_setup_online.exe
2015-12-10 00:42 - 2015-12-10 00:42 - 00000554 _____ C:\Windows\SysWOW64\out.bin
2015-12-10 00:40 - 2015-12-10 15:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\kelvin-56
2015-12-10 00:39 - 2015-12-10 22:28 - 00000000 ____D C:\ProgramData\statics-07
2015-12-10 00:34 - 2015-12-10 15:38 - 00000000 ____D C:\ProgramData\onewire-05
2015-12-10 00:32 - 2015-12-10 00:42 - 00000000 ____D C:\ProgramData\ko
2015-12-07 11:01 - 2015-12-07 11:01 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst.url
2015-12-07 10:39 - 2015-12-07 10:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-12-07 10:35 - 2015-12-07 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-12-07 10:35 - 2015-12-07 10:35 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2015-12-05 17:59 - 2015-12-05 17:59 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\Rocket League.url
2015-12-05 13:25 - 2013-08-21 16:13 - 00018803 _____ C:\Users\MadlinNoxXedalia\Desktop\110986_smile-dog.jpeg
2015-12-04 19:26 - 2015-12-04 19:42 - 00000085 _____ C:\Users\MadlinNoxXedalia\Desktop\wunsch.txt
2015-12-04 02:09 - 2015-12-04 02:09 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-12-04 02:09 - 2015-12-04 02:09 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-12-04 02:09 - 2015-12-04 02:09 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-12-04 02:09 - 2015-12-04 02:09 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-12-04 02:09 - 2015-12-04 02:09 - 00000000 ____D C:\Program Files (x86)\OpenAL
2015-12-04 02:04 - 2015-06-07 00:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-12-04 00:57 - 2015-12-04 00:57 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\The Isle.url
2015-12-03 14:58 - 2015-12-03 14:58 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 14:57 - 2015-12-03 14:57 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-01 00:24 - 2015-12-01 13:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-01 00:22 - 2015-12-01 13:20 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-30 23:29 - 2015-12-11 00:29 - 00000911 _____ C:\Windows\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574}.job
2015-11-30 23:29 - 2015-11-30 23:29 - 00003978 _____ C:\Windows\System32\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574}
2015-11-30 23:29 - 2015-11-30 23:29 - 00000000 ____D C:\Program Files\Common Files\EPSON
2015-11-30 23:14 - 2015-11-30 23:14 - 00000000 ____D C:\Program Files\EpsonNet
2015-11-30 22:50 - 2015-11-30 22:51 - 00000123 _____ C:\Users\Public\Desktop\Epson Connect Site.url
2015-11-30 22:50 - 2015-11-30 22:50 - 00001148 _____ C:\Users\Public\Desktop\EPSON-Handbücher.lnk
2015-11-30 22:47 - 2015-11-30 23:53 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Epson
2015-11-30 22:47 - 2015-11-30 23:38 - 00000000 ____D C:\Program Files (x86)\Epson Software
2015-11-30 22:47 - 2015-11-30 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-11-30 22:45 - 2015-11-30 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-11-30 22:45 - 2015-11-30 22:51 - 00000000 ____D C:\Program Files (x86)\epson
2015-11-30 22:45 - 2015-11-30 22:45 - 00000934 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-11-30 22:45 - 2014-02-25 00:00 - 00466944 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2015-11-30 22:45 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2015-11-30 22:45 - 2010-11-22 13:27 - 00147472 _____ (TWAIN Working Group) C:\Windows\SysWOW64\twaindsm.dll
2015-11-30 22:44 - 2013-12-06 04:05 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMBMAE.DLL
2015-11-30 22:44 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BMAE.DLL
2015-11-30 22:44 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2015-11-30 22:36 - 2015-11-30 23:31 - 00000000 ____D C:\ProgramData\Epson
2015-11-20 19:58 - 2015-11-25 22:08 - 00000000 ____D C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499
2015-11-17 22:01 - 2015-11-17 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-11-17 22:01 - 2015-11-17 22:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-11-17 02:57 - 2015-11-17 02:57 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\Samsung
2015-11-17 02:57 - 2015-11-17 02:57 - 00000000 ____D C:\ProgramData\Samsung
2015-11-17 02:55 - 2015-11-17 02:55 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-17 02:55 - 2015-11-17 02:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-11-17 02:53 - 2015-11-17 02:55 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Samsung
2015-11-17 02:53 - 2015-11-17 02:53 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-11-17 02:53 - 2015-09-11 11:54 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2015-11-14 22:01 - 2015-11-14 22:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablett
2015-11-14 22:00 - 2015-11-14 22:00 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Wacom Help
2015-11-11 20:09 - 2015-11-11 20:09 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Wacom
2015-11-11 19:56 - 2015-05-26 23:33 - 01952448 ____N (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2015-11-11 19:56 - 2015-05-26 23:33 - 01583296 ____N (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2015-11-11 19:55 - 2015-05-26 23:33 - 01959616 ____N (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2015-11-11 19:55 - 2015-05-26 23:33 - 01590464 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-11 12:03 - 2014-05-29 15:01 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\LogMeIn Hamachi
2015-12-11 12:03 - 2014-01-11 09:02 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 12:02 - 2014-01-11 09:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-11 12:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-11 11:54 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-11 11:54 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-11 11:53 - 2015-06-22 17:30 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-11 11:39 - 2014-01-07 20:08 - 00000000 ____D C:\ProgramData\Realtek
2015-12-10 22:36 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows
2015-12-10 14:40 - 2015-06-22 17:30 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-10 14:27 - 2014-08-07 21:49 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\CrashDumps
2015-12-10 12:02 - 2014-04-04 22:40 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-10 11:27 - 2015-06-12 11:45 - 00000000 __SHD C:\Users\MadlinNoxXedalia\AppData\Roaming\ggfgacfg
2015-12-10 11:25 - 2014-01-19 19:23 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Skype
2015-12-08 00:39 - 2014-08-28 02:08 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\ElevatedDiagnostics
2015-12-07 23:14 - 2015-04-28 14:49 - 00000000 ____D C:\kein programm ber bilder von handy
2015-12-07 10:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-05 18:54 - 2014-07-18 16:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\My Games
2015-12-05 17:53 - 2014-01-11 09:02 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 17:53 - 2014-01-11 09:02 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 15:57 - 2014-11-05 18:35 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\osu!
2015-12-04 02:08 - 2014-08-02 19:56 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-04 00:17 - 2011-04-12 08:43 - 00760088 _____ C:\Windows\system32\perfh007.dat
2015-12-04 00:17 - 2011-04-12 08:43 - 00173736 _____ C:\Windows\system32\perfc007.dat
2015-12-04 00:17 - 2009-07-14 06:13 - 01797514 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-01 13:16 - 2014-08-17 18:18 - 00000000 ____D C:\ProgramData\Adobe
2015-12-01 12:35 - 2014-01-07 13:27 - 00000000 ____D C:\Users\MadlinNoxXedalia
2015-12-01 00:31 - 2014-08-17 18:30 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Adobe
2015-12-01 00:30 - 2014-07-26 18:10 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\LocalLow\Adobe
2015-12-01 00:30 - 2014-01-09 04:50 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Adobe
2015-12-01 00:21 - 2014-08-17 18:17 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-30 22:51 - 2014-01-07 19:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-21 18:34 - 2014-11-07 17:43 - 00000000 ____D C:\PaintToolSAI
2015-11-20 21:49 - 2014-12-14 16:15 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\CELSYS_EN
2015-11-20 20:19 - 2015-03-20 23:29 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\CELSYS
2015-11-19 16:31 - 2014-05-02 03:26 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-11-19 16:31 - 2014-05-02 03:10 - 00000000 ____D C:\AeriaGames
2015-11-19 16:28 - 2014-05-02 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-11-19 16:08 - 2014-06-19 13:51 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\ZU VIELE ORDNER
2015-11-14 21:59 - 2014-10-21 19:04 - 00000000 ____D C:\Program Files\Tablet
2015-11-14 21:58 - 2014-10-21 19:04 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\WTablet
2015-11-14 21:56 - 2014-01-15 14:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\TS3Client
2015-11-14 20:55 - 2014-01-15 14:37 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\TeamSpeak 3 Client
2015-11-14 20:22 - 2014-02-04 14:10 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\LolClient
2015-11-12 15:16 - 2014-02-25 21:13 - 00000000 ____D C:\ProgramData\Origin
2015-11-12 11:51 - 2014-07-05 09:33 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-11-11 20:10 - 2014-01-22 20:42 - 00000000 ____D C:\Users\MadlinNoxXedalia\.android

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-01-07 20:10 - 2015-12-11 12:03 - 0090132 _____ () C:\Users\MadlinNoxXedalia\AppData\Local\BTServer.log

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\MadlinNoxXedalia\Setup.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-10 06:38

==================== Ende von FRST.txt ============================
         


Alt 11.12.2015, 17:14   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Gerne.

Schritt 1
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.

Alt 11.12.2015, 18:02   #7
silaries
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Gesagt, getan .w.

Code:
ATTFilter
17:51:12.0248 0x115c  TDSS rootkit removing tool 3.1.0.8 Dec  5 2015 01:19:03
17:51:56.0989 0x115c  ============================================================
17:51:56.0989 0x115c  Current date / time: 2015/12/11 17:51:56.0989
17:51:56.0989 0x115c  SystemInfo:
17:51:56.0989 0x115c  
17:51:56.0989 0x115c  OS Version: 6.1.7601 ServicePack: 1.0
17:51:56.0989 0x115c  Product type: Workstation
17:51:56.0989 0x115c  ComputerName: JIMMY
17:51:56.0989 0x115c  UserName: MadlinNoxXedalia
17:51:56.0989 0x115c  Windows directory: C:\Windows
17:51:56.0989 0x115c  System windows directory: C:\Windows
17:51:56.0989 0x115c  Running under WOW64
17:51:56.0989 0x115c  Processor architecture: Intel x64
17:51:56.0989 0x115c  Number of processors: 8
17:51:56.0989 0x115c  Page size: 0x1000
17:51:56.0989 0x115c  Boot type: Normal boot
17:51:56.0989 0x115c  ============================================================
17:51:59.0687 0x115c  KLMD registered as C:\Windows\system32\drivers\67358763.sys
17:52:00.0218 0x115c  System UUID: {0E85BFAB-7B84-DF8C-0490-E5211F487F6C}
17:52:00.0857 0x115c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:52:00.0857 0x115c  Drive \Device\Harddisk1\DR2 - Size: 0x3C000000 ( 0.94 Gb ), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:52:00.0873 0x115c  ============================================================
17:52:00.0873 0x115c  \Device\Harddisk0\DR0:
17:52:00.0873 0x115c  MBR partitions:
17:52:00.0873 0x115c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3B90F4
17:52:00.0873 0x115c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B9800, BlocksNum 0x39FCC000
17:52:00.0873 0x115c  \Device\Harddisk1\DR2:
17:52:00.0873 0x115c  MBR partitions:
17:52:00.0873 0x115c  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1DFFC1
17:52:00.0873 0x115c  ============================================================
17:52:00.0889 0x115c  C: <-> \Device\Harddisk0\DR0\Partition2
17:52:00.0889 0x115c  E: <-> \Device\Harddisk1\DR2\Partition1
17:52:00.0889 0x115c  ============================================================
17:52:00.0889 0x115c  Initialize success
17:52:00.0889 0x115c  ============================================================
17:52:52.0572 0x139c  ============================================================
17:52:52.0572 0x139c  Scan started
17:52:52.0572 0x139c  Mode: Manual; SigCheck; TDLFS; 
17:52:52.0572 0x139c  ============================================================
17:52:52.0572 0x139c  KSN ping started
17:53:18.0280 0x139c  KSN ping finished: false
17:53:18.0826 0x139c  ================ Scan system memory ========================
17:53:18.0826 0x139c  System memory - ok
17:53:18.0826 0x139c  ================ Scan services =============================
17:53:18.0982 0x139c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:53:19.0060 0x139c  1394ohci - ok
17:53:19.0170 0x139c  [ A3769020F7E8A70FD3E824C050F33306, BAAB18DD28C753EC90E9552BD5FFC316AD8815505A7998BCE51D21448B373D86 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
17:53:19.0185 0x139c  acedrv11 - ok
17:53:19.0216 0x139c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:53:19.0263 0x139c  ACPI - ok
17:53:19.0310 0x139c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:53:19.0341 0x139c  AcpiPmi - ok
17:53:19.0513 0x139c  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
17:53:19.0528 0x139c  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
17:53:29.0575 0x139c  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
17:53:44.0473 0x139c  [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:53:44.0488 0x139c  AdobeARMservice - ok
17:53:44.0535 0x139c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:53:44.0582 0x139c  adp94xx - ok
17:53:44.0629 0x139c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:53:44.0660 0x139c  adpahci - ok
17:53:44.0676 0x139c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:53:44.0691 0x139c  adpu320 - ok
17:53:44.0785 0x139c  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:53:44.0816 0x139c  AeLookupSvc - ok
17:53:44.0894 0x139c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
17:53:44.0956 0x139c  AFD - ok
17:53:45.0003 0x139c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
17:53:45.0019 0x139c  agp440 - ok
17:53:45.0050 0x139c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
17:53:45.0112 0x139c  ALG - ok
17:53:45.0190 0x139c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:53:45.0253 0x139c  aliide - ok
17:53:45.0300 0x139c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:53:45.0315 0x139c  amdide - ok
17:53:45.0362 0x139c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:53:45.0378 0x139c  AmdK8 - ok
17:53:45.0393 0x139c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:53:45.0424 0x139c  AmdPPM - ok
17:53:45.0487 0x139c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:53:45.0502 0x139c  amdsata - ok
17:53:45.0518 0x139c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:53:45.0549 0x139c  amdsbs - ok
17:53:45.0627 0x139c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:53:45.0643 0x139c  amdxata - ok
17:53:45.0690 0x139c  [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
17:53:45.0705 0x139c  AppHostSvc - ok
17:53:45.0768 0x139c  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
17:53:45.0783 0x139c  AppID - ok
17:53:45.0814 0x139c  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:53:45.0846 0x139c  AppIDSvc - ok
17:53:45.0924 0x139c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
17:53:45.0955 0x139c  Appinfo - ok
17:53:46.0017 0x139c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
17:53:46.0033 0x139c  arc - ok
17:53:46.0033 0x139c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:53:46.0048 0x139c  arcsas - ok
17:53:46.0236 0x139c  [ 321696309BEBC2CEC04206F3989AF1F4, BE975589FDEC866099D32A82B5A6CF128885320583D6C1D3C55842A01A5E731C ] ArcService      C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe
17:53:46.0236 0x139c  ArcService - ok
17:53:46.0407 0x139c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:53:46.0407 0x139c  aspnet_state - ok
17:53:46.0516 0x139c  [ 7BC1F2FC2A9D79E1EBBBF6D69AC3BA1F, 236265BE3F1B2130025A3A10152893BD0D18AD8965732361058B775F010539A2 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
17:53:46.0516 0x139c  aswHwid - ok
17:53:46.0563 0x139c  [ 82065730918234A15A3A7AD6153FF8F2, 8426FF72512F7C7456E9A648100BFD35AC43FA8C01F98493B036F78F13C1F2C8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
17:53:46.0579 0x139c  aswMonFlt - ok
17:53:46.0657 0x139c  [ 2D6B49A071216796106E7804AB2BA7DC, 6A58A3B36EA05A24333482F87CFD315F73E56A64E46493E82E0FE9115E284168 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
17:53:46.0688 0x139c  aswRdr - ok
17:53:46.0782 0x139c  [ E46B51C99BB750A81AC6A68362475A5C, 2A61C09902B39696D151B9D5E6A60FFC3CF3EA02613EC64BBAB4DEE3C78838E2 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
17:53:46.0828 0x139c  aswRvrt - ok
17:53:46.0953 0x139c  [ A428CC308673A5E74F91D92E4A2B205D, 0A768AA4BD1CD22B5181EDA692F7CB9A43F627BB4FFEEFBB8CBC77A45107A443 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
17:53:47.0000 0x139c  aswSnx - ok
17:53:47.0078 0x139c  [ 5C0C4440A27074BBABC5D572DD29CA9B, 9545498B55994D427DB71F67B28C24804FECFE6BF225B24B067A7F0658429EDF ] aswSP           C:\Windows\system32\drivers\aswSP.sys
17:53:47.0109 0x139c  aswSP - ok
17:53:47.0187 0x139c  [ D9079E1A1C2A1F8ED5F37AF8E6CD3161, 629E3A642C5E3BEA65CDD2E08CAD69F9649A98BDA906678B51D3D2C9DB5BB253 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
17:53:47.0203 0x139c  aswStm - ok
17:53:47.0281 0x139c  [ 3BEC32A0B646D914921FD56AA39998C1, 8DB7CBF3DEF8EAE1D7D28C38B3A0FCD5C2A04D772078B907F35C66451355A04A ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
17:53:47.0312 0x139c  aswVmm - ok
17:53:47.0343 0x139c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:53:47.0390 0x139c  AsyncMac - ok
17:53:47.0452 0x139c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:53:47.0468 0x139c  atapi - ok
17:53:47.0546 0x139c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:53:47.0593 0x139c  AudioEndpointBuilder - ok
17:53:47.0608 0x139c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:53:47.0624 0x139c  AudioSrv - ok
17:53:47.0827 0x139c  [ F5CB8703A4F51EE30E5C090C78073AA4, 90683F39E9AA315FFB66A9F014AD1BEBF19EA62908247C133455815F6632E578 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:53:47.0842 0x139c  avast! Antivirus - ok
17:53:47.0874 0x139c  AvastVBoxSvc - ok
17:53:47.0920 0x139c  [ C4EEE661379D86429ACEAB31F3FD0391, D67F5D6863B066D974567521A00A48C50F0D9B6F6B16565FF8958E2020C651FD ] AvrcpService    C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe
17:53:47.0952 0x139c  AvrcpService - detected UnsignedFile.Multi.Generic ( 1 )
17:53:47.0952 0x139c  AvrcpService ( UnsignedFile.Multi.Generic ) - warning
17:53:47.0998 0x139c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:53:48.0045 0x139c  AxInstSV - ok
17:53:48.0108 0x139c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:53:48.0186 0x139c  b06bdrv - ok
17:53:48.0232 0x139c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:53:48.0279 0x139c  b57nd60a - ok
17:53:48.0310 0x139c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:53:48.0342 0x139c  BDESVC - ok
17:53:48.0388 0x139c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:53:48.0435 0x139c  Beep - ok
17:53:48.0513 0x139c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
17:53:48.0544 0x139c  BFE - ok
17:53:48.0607 0x139c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
17:53:48.0685 0x139c  BITS - ok
17:53:48.0732 0x139c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:53:48.0763 0x139c  blbdrive - ok
17:53:48.0856 0x139c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:53:48.0872 0x139c  bowser - ok
17:53:48.0888 0x139c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:53:48.0934 0x139c  BrFiltLo - ok
17:53:48.0966 0x139c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:53:48.0997 0x139c  BrFiltUp - ok
17:53:49.0090 0x139c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
17:53:49.0122 0x139c  Browser - ok
17:53:49.0168 0x139c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:53:49.0200 0x139c  Brserid - ok
17:53:49.0231 0x139c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:53:49.0262 0x139c  BrSerWdm - ok
17:53:49.0293 0x139c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:53:49.0324 0x139c  BrUsbMdm - ok
17:53:49.0340 0x139c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:53:49.0356 0x139c  BrUsbSer - ok
17:53:49.0402 0x139c  [ FB38F90DE58996A4906A04F1152C3C3B, DA4A226FAE045174891A0EBFA03E1905CAF0AA25ADDBBCFBE369A853A63A83C6 ] BTDevManager    C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
17:53:49.0434 0x139c  BTDevManager - detected UnsignedFile.Multi.Generic ( 1 )
17:53:49.0434 0x139c  BTDevManager ( UnsignedFile.Multi.Generic ) - warning
17:53:49.0512 0x139c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
17:53:49.0558 0x139c  BthEnum - ok
17:53:49.0605 0x139c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:53:49.0636 0x139c  BTHMODEM - ok
17:53:49.0683 0x139c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:53:49.0730 0x139c  BthPan - ok
17:53:49.0824 0x139c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
17:53:49.0886 0x139c  BTHPORT - ok
17:53:49.0933 0x139c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
17:53:49.0980 0x139c  bthserv - ok
17:53:50.0026 0x139c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
17:53:50.0058 0x139c  BTHUSB - ok
17:53:50.0120 0x139c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:53:50.0151 0x139c  cdfs - ok
17:53:50.0182 0x139c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:53:50.0198 0x139c  cdrom - ok
17:53:50.0229 0x139c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:53:50.0260 0x139c  CertPropSvc - ok
17:53:50.0292 0x139c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:53:50.0323 0x139c  circlass - ok
17:53:50.0416 0x139c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
17:53:50.0432 0x139c  CLFS - ok
17:53:50.0526 0x139c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:53:50.0526 0x139c  clr_optimization_v2.0.50727_32 - ok
17:53:50.0557 0x139c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:53:50.0572 0x139c  clr_optimization_v2.0.50727_64 - ok
17:53:50.0728 0x139c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:53:50.0744 0x139c  clr_optimization_v4.0.30319_32 - ok
17:53:50.0760 0x139c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:53:50.0775 0x139c  clr_optimization_v4.0.30319_64 - ok
17:53:50.0806 0x139c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:53:50.0853 0x139c  CmBatt - ok
17:53:50.0900 0x139c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:53:50.0916 0x139c  cmdide - ok
17:53:50.0994 0x139c  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
17:53:51.0009 0x139c  CNG - ok
17:53:51.0056 0x139c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:53:51.0072 0x139c  Compbatt - ok
17:53:51.0103 0x139c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:53:51.0150 0x139c  CompositeBus - ok
17:53:51.0165 0x139c  COMSysApp - ok
17:53:51.0259 0x139c  [ 3A92DDB2F7B7FE2E71AA1418804EBC3C, 1B84033A6DDB9D371AC34F8D65AB0F729E8A77B0D26C8DCA0965CE265474BD64 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
17:53:51.0274 0x139c  cphs - ok
17:53:51.0368 0x139c  cpuz137 - ok
17:53:51.0415 0x139c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:53:51.0415 0x139c  crcdisk - ok
17:53:51.0493 0x139c  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:53:51.0524 0x139c  CryptSvc - ok
17:53:51.0586 0x139c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:53:51.0649 0x139c  DcomLaunch - ok
17:53:51.0696 0x139c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:53:51.0727 0x139c  defragsvc - ok
17:53:51.0758 0x139c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:53:51.0836 0x139c  DfsC - ok
17:53:51.0883 0x139c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:53:51.0945 0x139c  Dhcp - ok
17:53:52.0023 0x139c  [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack       C:\Windows\system32\diagtrack.dll
17:53:52.0086 0x139c  DiagTrack - ok
17:53:52.0117 0x139c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
17:53:52.0179 0x139c  discache - ok
17:53:52.0273 0x139c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
17:53:52.0288 0x139c  Disk - ok
17:53:52.0351 0x139c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:53:52.0382 0x139c  Dnscache - ok
17:53:52.0429 0x139c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:53:52.0476 0x139c  dot3svc - ok
17:53:52.0507 0x139c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
17:53:52.0554 0x139c  DPS - ok
17:53:52.0616 0x139c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:53:52.0632 0x139c  drmkaud - ok
17:53:52.0710 0x139c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:53:52.0756 0x139c  DXGKrnl - ok
17:53:52.0772 0x139c  EagleX64 - ok
17:53:52.0803 0x139c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
17:53:52.0850 0x139c  EapHost - ok
17:53:52.0959 0x139c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:53:53.0084 0x139c  ebdrv - ok
17:53:53.0178 0x139c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS             C:\Windows\System32\lsass.exe
17:53:53.0178 0x139c  EFS - ok
17:53:53.0240 0x139c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:53:53.0271 0x139c  ehRecvr - ok
17:53:53.0287 0x139c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
17:53:53.0302 0x139c  ehSched - ok
17:53:53.0349 0x139c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:53:53.0380 0x139c  elxstor - ok
17:53:53.0443 0x139c  [ D315FF43E23DF424ECEC2F6C930203E4, 68940EDA34DC4945CDD0D8018D96A0DA8F99F16A930946D14E4FECEE033FCB80 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
17:53:53.0458 0x139c  EpsonScanSvc - ok
17:53:53.0474 0x139c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:53:53.0521 0x139c  ErrDev - ok
17:53:53.0599 0x139c  [ 39EC51A5BC3E1C0D438E8AC70956DE0A, 456AE9C6E059442CA627AAB667CA498AA6F6A6812A177DCCB36D9CC24F11231A ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
17:53:53.0630 0x139c  ETD - ok
17:53:53.0677 0x139c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
17:53:53.0708 0x139c  EventSystem - ok
17:53:53.0739 0x139c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:53:53.0802 0x139c  exfat - ok
17:53:53.0833 0x139c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:53:53.0895 0x139c  fastfat - ok
17:53:53.0973 0x139c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
17:53:54.0020 0x139c  Fax - ok
17:53:54.0082 0x139c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
17:53:54.0114 0x139c  fdc - ok
17:53:54.0176 0x139c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
17:53:54.0223 0x139c  fdPHost - ok
17:53:54.0238 0x139c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:53:54.0270 0x139c  FDResPub - ok
17:53:54.0301 0x139c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:53:54.0316 0x139c  FileInfo - ok
17:53:54.0332 0x139c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:53:54.0394 0x139c  Filetrace - ok
17:53:54.0426 0x139c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:53:54.0472 0x139c  flpydisk - ok
17:53:54.0504 0x139c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:53:54.0519 0x139c  FltMgr - ok
17:53:54.0613 0x139c  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
17:53:54.0675 0x139c  FontCache - ok
17:53:54.0738 0x139c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:53:54.0738 0x139c  FontCache3.0.0.0 - ok
17:53:54.0831 0x139c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:53:54.0847 0x139c  FsDepends - ok
17:53:54.0909 0x139c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:53:54.0909 0x139c  Fs_Rec - ok
17:53:54.0987 0x139c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:53:55.0003 0x139c  fvevol - ok
17:53:55.0050 0x139c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:53:55.0065 0x139c  gagp30kx - ok
17:53:55.0284 0x139c  [ 21931B9C5FDE6087F47F710AC1BE16E9, A727A8922A9769AAC77F5D85ED3475853655E9483C8DA091653D0B1F3D479398 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
17:53:55.0330 0x139c  GfExperienceService - ok
17:53:55.0377 0x139c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:53:55.0440 0x139c  gpsvc - ok
17:53:55.0596 0x139c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:53:55.0611 0x139c  gupdate - ok
17:53:55.0658 0x139c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:53:55.0674 0x139c  gupdatem - ok
17:53:55.0736 0x139c  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
17:53:55.0752 0x139c  hamachi - ok
17:53:55.0876 0x139c  [ C0EF69A59C13D9204D1D70434AA3D00C, 56BD4F7C74B2A36665677C32F30C4E1839DB9AAAC82FFA4A2622B4D261D865F2 ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
17:53:55.0939 0x139c  Hamachi2Svc - ok
17:53:55.0970 0x139c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:53:56.0017 0x139c  hcw85cir - ok
17:53:56.0079 0x139c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:53:56.0142 0x139c  HdAudAddService - ok
17:53:56.0204 0x139c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:53:56.0251 0x139c  HDAudBus - ok
17:53:56.0282 0x139c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:53:56.0329 0x139c  HidBatt - ok
17:53:56.0344 0x139c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:53:56.0391 0x139c  HidBth - ok
17:53:56.0438 0x139c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:53:56.0485 0x139c  HidIr - ok
17:53:56.0563 0x139c  [ C6AB0711E75F90B501F30260463CB026, B5CF27552A000D2BCE0C9B557F0FA2CE60FACAB596B262F07BED57D00422C388 ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
17:53:56.0578 0x139c  hidkmdf - ok
17:53:56.0625 0x139c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
17:53:56.0672 0x139c  hidserv - ok
17:53:56.0750 0x139c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:53:56.0781 0x139c  HidUsb - ok
17:53:56.0812 0x139c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:53:56.0875 0x139c  hkmsvc - ok
17:53:56.0906 0x139c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:53:56.0937 0x139c  HomeGroupListener - ok
17:53:56.0968 0x139c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:53:57.0015 0x139c  HomeGroupProvider - ok
17:53:57.0062 0x139c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:53:57.0078 0x139c  HpSAMD - ok
17:53:57.0187 0x139c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:53:57.0249 0x139c  HTTP - ok
17:53:57.0296 0x139c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:53:57.0296 0x139c  hwpolicy - ok
17:53:57.0343 0x139c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:53:57.0358 0x139c  i8042prt - ok
17:53:57.0436 0x139c  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
17:53:57.0483 0x139c  iaStorA - ok
17:53:57.0608 0x139c  [ 20E83F4632E15A5E9E716FF2E8AC7FAE, 7CA1A4924F432AD30ED7FA6247C6513DA173EE31132AE115E85C0ED7E5971029 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:53:57.0624 0x139c  IAStorDataMgrSvc - ok
17:53:57.0624 0x139c  [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
17:53:57.0655 0x139c  iaStorF - ok
17:53:57.0733 0x139c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:53:57.0748 0x139c  iaStorV - ok
17:53:57.0858 0x139c  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:53:57.0858 0x139c  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
17:53:57.0858 0x139c  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:53:57.0858 0x139c  Force sending object to P2P due to detect: IDriverT
17:53:57.0858 0x139c  Object send P2P result: false
17:53:57.0936 0x139c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:53:57.0967 0x139c  idsvc - ok
17:53:57.0998 0x139c  IEEtwCollectorService - ok
17:53:58.0123 0x139c  [ 5268F385C889BB942E0F9596DE83373F, 011280191EEF8053CD413734A0B08F5DF88CD8408CD8354AABF2216F4C59F921 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:53:58.0279 0x139c  igfx - ok
17:53:58.0341 0x139c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:53:58.0341 0x139c  iirsp - ok
17:53:58.0419 0x139c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
17:53:58.0482 0x139c  IKEEXT - ok
17:53:58.0653 0x139c  [ D739148367AAE1DA0C12160DE141ECED, 471E6EA03F2BD7DD1E2812B56EFB00EDDCAA87E974833B75114B8EE93DC358A5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:53:58.0794 0x139c  IntcAzAudAddService - ok
17:53:58.0903 0x139c  [ 0E0B99617ED3FDB6C5F0E2D62709B5DF, A656CA3A60E62BE16A015150B23136CE150F9876B4035E9E8D8E73D1707B37A4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
17:53:58.0950 0x139c  IntcDAud - ok
17:53:59.0059 0x139c  [ C6128F2E3DC6156C6F8828F9F1B96010, 612C1191AFB8F69BA5634E8C52BDDE608F57D98FA4C76C5A337676A5F1E8191D ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
17:53:59.0090 0x139c  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
17:53:59.0090 0x139c  Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - warning
17:53:59.0168 0x139c  [ 729AB4F0608E95EFF8FDEF23596283E2, 62A2091FF440C65505AB3E38436A86D9B0978BCB9485960EFCE0C5CBC8E06201 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
17:53:59.0184 0x139c  Intel(R) Capability Licensing Service TCP IP Interface - ok
17:53:59.0262 0x139c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:53:59.0277 0x139c  intelide - ok
17:53:59.0308 0x139c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:53:59.0386 0x139c  intelppm - ok
17:53:59.0418 0x139c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:53:59.0464 0x139c  IPBusEnum - ok
17:53:59.0496 0x139c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:53:59.0542 0x139c  IpFilterDriver - ok
17:53:59.0636 0x139c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:53:59.0683 0x139c  iphlpsvc - ok
17:53:59.0730 0x139c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:53:59.0808 0x139c  IPMIDRV - ok
17:53:59.0839 0x139c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:53:59.0886 0x139c  IPNAT - ok
17:53:59.0932 0x139c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:53:59.0964 0x139c  IRENUM - ok
17:54:00.0010 0x139c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:54:00.0026 0x139c  isapnp - ok
17:54:00.0073 0x139c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:54:00.0104 0x139c  iScsiPrt - ok
17:54:00.0182 0x139c  [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
17:54:00.0198 0x139c  iusb3hcs - ok
17:54:00.0213 0x139c  [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
17:54:00.0229 0x139c  iusb3hub - ok
17:54:00.0307 0x139c  [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
17:54:00.0354 0x139c  iusb3xhc - ok
17:54:00.0463 0x139c  [ 924019BC58FEDDE04A08C45EC1CF1847, F18C581FE5C25C5BE4514185AD44C561EB715B98AFBE81EF0D673E103EA8E8EE ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
17:54:00.0478 0x139c  jhi_service - ok
17:54:00.0510 0x139c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:54:00.0525 0x139c  kbdclass - ok
17:54:00.0556 0x139c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:54:00.0619 0x139c  kbdhid - ok
17:54:00.0634 0x139c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso          C:\Windows\system32\lsass.exe
17:54:00.0650 0x139c  KeyIso - ok
17:54:00.0697 0x139c  [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:54:00.0712 0x139c  KSecDD - ok
17:54:00.0728 0x139c  [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:54:00.0744 0x139c  KSecPkg - ok
17:54:00.0790 0x139c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:54:00.0853 0x139c  ksthunk - ok
17:54:00.0884 0x139c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:54:00.0946 0x139c  KtmRm - ok
17:54:01.0024 0x139c  [ A6131EE7C440992458688C7D0989C584, 94FEB4A6677262BAA590F77329141D9F539D3466D6E9473D639880AA6D5A103C ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
17:54:01.0040 0x139c  L1C - ok
17:54:01.0087 0x139c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:54:01.0134 0x139c  LanmanServer - ok
17:54:01.0149 0x139c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:54:01.0212 0x139c  LanmanWorkstation - ok
17:54:01.0258 0x139c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:54:01.0305 0x139c  lltdio - ok
17:54:01.0352 0x139c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:54:01.0399 0x139c  lltdsvc - ok
17:54:01.0430 0x139c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:54:01.0446 0x139c  lmhosts - ok
17:54:01.0539 0x139c  [ D6BF6FD055BD719F3D62E51B90857159, A7777D18E404164B4DA531AD94D2A712D9CC6A9288795B7388037752A558E96F ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
17:54:01.0555 0x139c  LMIGuardianSvc - ok
17:54:01.0617 0x139c  [ EC90A0554EAC7E37139F2DAD8C56FB04, F62DBB7B174A270700631EA590B3293FE558940FB72F84C242391530E1DF78B5 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:54:01.0633 0x139c  LMS - ok
17:54:01.0695 0x139c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:54:01.0726 0x139c  LSI_FC - ok
17:54:01.0758 0x139c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:54:01.0773 0x139c  LSI_SAS - ok
17:54:01.0773 0x139c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:54:01.0789 0x139c  LSI_SAS2 - ok
17:54:01.0836 0x139c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:54:01.0851 0x139c  LSI_SCSI - ok
17:54:01.0898 0x139c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:54:01.0945 0x139c  luafv - ok
17:54:02.0038 0x139c  [ C06234DCDB1BFC0CF7E25CFAC5B7F5FE, 149A3880E1D58CC0768A174DF4E884F3A4432F935D134B5AE536B7020788F5D5 ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv.sys
17:54:02.0038 0x139c  ManyCam - ok
17:54:02.0070 0x139c  [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
17:54:02.0085 0x139c  MBfilt - ok
17:54:02.0101 0x139c  [ 88B3BADFB02BE4471655EAF88DDC7EBD, F38D69B80A7670F85A9692A01D2D71A54BB413346C3523726E59D1282D349B83 ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv_x64.sys
17:54:02.0116 0x139c  mcaudrv_simple - ok
17:54:02.0148 0x139c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:54:02.0179 0x139c  Mcx2Svc - ok
17:54:02.0210 0x139c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:54:02.0226 0x139c  megasas - ok
17:54:02.0272 0x139c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:54:02.0304 0x139c  MegaSR - ok
17:54:02.0350 0x139c  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
17:54:02.0366 0x139c  MEIx64 - ok
17:54:02.0397 0x139c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
17:54:02.0428 0x139c  MMCSS - ok
17:54:02.0444 0x139c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
17:54:02.0491 0x139c  Modem - ok
17:54:02.0553 0x139c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:54:02.0569 0x139c  monitor - ok
17:54:02.0647 0x139c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:54:02.0662 0x139c  mouclass - ok
17:54:02.0694 0x139c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:54:02.0725 0x139c  mouhid - ok
17:54:02.0787 0x139c  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:54:02.0803 0x139c  mountmgr - ok
17:54:02.0850 0x139c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:54:02.0865 0x139c  mpio - ok
17:54:02.0881 0x139c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:54:02.0912 0x139c  mpsdrv - ok
17:54:02.0943 0x139c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:54:02.0990 0x139c  MpsSvc - ok
17:54:03.0037 0x139c  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:54:03.0099 0x139c  MRxDAV - ok
17:54:03.0146 0x139c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:54:03.0193 0x139c  mrxsmb - ok
17:54:03.0224 0x139c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:54:03.0271 0x139c  mrxsmb10 - ok
17:54:03.0333 0x139c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:54:03.0380 0x139c  mrxsmb20 - ok
17:54:03.0427 0x139c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:54:03.0442 0x139c  msahci - ok
17:54:03.0474 0x139c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:54:03.0489 0x139c  msdsm - ok
17:54:03.0505 0x139c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
17:54:03.0552 0x139c  MSDTC - ok
17:54:03.0583 0x139c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:54:03.0614 0x139c  Msfs - ok
17:54:03.0645 0x139c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:54:03.0708 0x139c  mshidkmdf - ok
17:54:03.0723 0x139c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:54:03.0739 0x139c  msisadrv - ok
17:54:03.0770 0x139c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:54:03.0817 0x139c  MSiSCSI - ok
17:54:03.0817 0x139c  msiserver - ok
17:54:03.0864 0x139c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:54:03.0910 0x139c  MSKSSRV - ok
17:54:03.0926 0x139c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:54:03.0957 0x139c  MSPCLOCK - ok
17:54:03.0973 0x139c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:54:04.0020 0x139c  MSPQM - ok
17:54:04.0051 0x139c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:54:04.0098 0x139c  MsRPC - ok
17:54:04.0113 0x139c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:54:04.0129 0x139c  mssmbios - ok
17:54:04.0160 0x139c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:54:04.0207 0x139c  MSTEE - ok
17:54:04.0223 0x139c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:54:04.0269 0x139c  MTConfig - ok
17:54:04.0285 0x139c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
17:54:04.0301 0x139c  Mup - ok
17:54:04.0332 0x139c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
17:54:04.0379 0x139c  napagent - ok
17:54:04.0441 0x139c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:54:04.0488 0x139c  NativeWifiP - ok
17:54:04.0597 0x139c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:54:04.0659 0x139c  NDIS - ok
17:54:04.0691 0x139c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:54:04.0722 0x139c  NdisCap - ok
17:54:04.0769 0x139c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:54:04.0815 0x139c  NdisTapi - ok
17:54:04.0847 0x139c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:54:04.0878 0x139c  Ndisuio - ok
17:54:04.0893 0x139c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:54:04.0925 0x139c  NdisWan - ok
17:54:04.0925 0x139c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:54:04.0987 0x139c  NDProxy - ok
17:54:05.0034 0x139c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:54:05.0096 0x139c  NetBIOS - ok
17:54:05.0127 0x139c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:54:05.0174 0x139c  NetBT - ok
17:54:05.0221 0x139c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon        C:\Windows\system32\lsass.exe
17:54:05.0221 0x139c  Netlogon - ok
17:54:05.0268 0x139c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
17:54:05.0315 0x139c  Netman - ok
17:54:05.0424 0x139c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:54:05.0439 0x139c  NetMsmqActivator - ok
17:54:05.0439 0x139c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:54:05.0455 0x139c  NetPipeActivator - ok
17:54:05.0486 0x139c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
17:54:05.0517 0x139c  netprofm - ok
17:54:05.0564 0x139c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:54:05.0564 0x139c  NetTcpActivator - ok
17:54:05.0580 0x139c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:54:05.0595 0x139c  NetTcpPortSharing - ok
17:54:05.0642 0x139c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:54:05.0689 0x139c  nfrd960 - ok
17:54:05.0783 0x139c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:54:05.0814 0x139c  NlaSvc - ok
17:54:05.0845 0x139c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:54:05.0876 0x139c  Npfs - ok
17:54:05.0907 0x139c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
17:54:05.0923 0x139c  nsi - ok
17:54:05.0939 0x139c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:54:05.0985 0x139c  nsiproxy - ok
17:54:06.0079 0x139c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:54:06.0173 0x139c  Ntfs - ok
17:54:06.0204 0x139c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
17:54:06.0266 0x139c  Null - ok
17:54:06.0578 0x139c  [ 45F83C99EDF3253D047F692A42C1A51A, 08EC3CE5F00C9B70F52577FAD0561A8ECCD6C04F96468DBA67B4D4C82C77FA6D ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:54:06.0859 0x139c  nvlddmkm - ok
17:54:07.0046 0x139c  [ 72DD6225BA6055472522195F96473639, 27C8F847B247645061C0CD6DFCC986DA27638A9DFE686040160DFDCF7B3A6E72 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
17:54:07.0093 0x139c  NvNetworkService - ok
17:54:07.0155 0x139c  [ 569EA1C59C4507536A6604C08E82B33D, E7A450B5F6660EDA7B177B9E20F13A2397597B8F039FAEFD0090EE25431960E1 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
17:54:07.0171 0x139c  nvpciflt - ok
17:54:07.0249 0x139c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:54:07.0280 0x139c  nvraid - ok
17:54:07.0296 0x139c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:54:07.0358 0x139c  nvstor - ok
17:54:07.0499 0x139c  [ 4680DDDDDBA1CB1D56D49B4A6134155C, BF6E538BC10B23F6D93143F5C48155245852798D4846F401E0DA70A5BCFC74E1 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
17:54:07.0514 0x139c  NvStreamKms - ok
17:54:07.0717 0x139c  [ E14F52B60581EE71849CD45186892046, 72B3E92CD34489306AB7D794C4C1F67513DE80C72A847DCF7A3EEFE2254762D0 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
17:54:07.0904 0x139c  NvStreamSvc - ok
17:54:07.0998 0x139c  [ 92C7B8287C185022F12253026FA33401, 96E466D17347DB3E789DD6DBF3604E51D4B86D3E49592B0EF6622BD278369F6C ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:54:08.0029 0x139c  nvsvc - ok
17:54:08.0138 0x139c  [ 35DFC12FD7E44B7CB8CCD7E5A2B3975A, 36E0E39646636F6E027691E5C3903C51479B3F707BDEA40F460FD27E357DA14E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
17:54:08.0169 0x139c  nvvad_WaveExtensible - ok
17:54:08.0201 0x139c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:54:08.0216 0x139c  nv_agp - ok
17:54:08.0232 0x139c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:54:08.0279 0x139c  ohci1394 - ok
17:54:08.0435 0x139c  [ 62B39B2B2DF993FB10E1DD05281AA65F, 92AA0DF346C8B1A474162F24EA27D8021FFC68A9A8B7954703CAD92D15A0C414 ] OkayFreedom VPN Starter Service C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
17:54:08.0450 0x139c  OkayFreedom VPN Starter Service - ok
17:54:08.0606 0x139c  [ 10202AD89DEF5E0F7CDCF2CE8C5EF1EE, F2A9CAC054A440EBF71D7372DAA7A57BC9DB1893C45EA01F21537CE714B7451B ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
17:54:08.0669 0x139c  Origin Client Service - ok
17:54:08.0700 0x139c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:54:08.0747 0x139c  p2pimsvc - ok
17:54:08.0793 0x139c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
17:54:08.0840 0x139c  p2psvc - ok
17:54:08.0871 0x139c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
17:54:08.0918 0x139c  Parport - ok
17:54:08.0965 0x139c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:54:08.0981 0x139c  partmgr - ok
17:54:09.0043 0x139c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:54:09.0043 0x139c  PcaSvc - ok
17:54:09.0059 0x139c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
17:54:09.0090 0x139c  pci - ok
17:54:09.0152 0x139c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:54:09.0152 0x139c  pciide - ok
17:54:09.0183 0x139c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:54:09.0199 0x139c  pcmcia - ok
17:54:09.0215 0x139c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:54:09.0230 0x139c  pcw - ok
17:54:09.0293 0x139c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:54:09.0308 0x139c  PEAUTH - ok
17:54:09.0371 0x139c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:54:09.0402 0x139c  PerfHost - ok
17:54:09.0464 0x139c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
17:54:09.0527 0x139c  pla - ok
17:54:09.0605 0x139c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:54:09.0636 0x139c  PlugPlay - ok
17:54:09.0667 0x139c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:54:09.0683 0x139c  PNRPAutoReg - ok
17:54:09.0714 0x139c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:54:09.0729 0x139c  PNRPsvc - ok
17:54:09.0776 0x139c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:54:09.0839 0x139c  PolicyAgent - ok
17:54:09.0932 0x139c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
17:54:09.0979 0x139c  Power - ok
17:54:10.0026 0x139c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:54:10.0057 0x139c  PptpMiniport - ok
17:54:10.0073 0x139c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
17:54:10.0104 0x139c  Processor - ok
17:54:10.0166 0x139c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:54:10.0197 0x139c  ProfSvc - ok
17:54:10.0229 0x139c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\Windows\system32\lsass.exe
17:54:10.0244 0x139c  ProtectedStorage - ok
17:54:10.0260 0x139c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:54:10.0307 0x139c  Psched - ok
17:54:10.0385 0x139c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:54:10.0431 0x139c  ql2300 - ok
17:54:10.0447 0x139c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:54:10.0463 0x139c  ql40xx - ok
17:54:10.0494 0x139c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
17:54:10.0509 0x139c  QWAVE - ok
17:54:10.0525 0x139c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:54:10.0541 0x139c  QWAVEdrv - ok
17:54:10.0572 0x139c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:54:10.0603 0x139c  RasAcd - ok
17:54:10.0634 0x139c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:54:10.0665 0x139c  RasAgileVpn - ok
17:54:10.0681 0x139c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
17:54:10.0743 0x139c  RasAuto - ok
17:54:10.0790 0x139c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:54:10.0853 0x139c  Rasl2tp - ok
17:54:10.0899 0x139c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
17:54:10.0946 0x139c  RasMan - ok
17:54:10.0993 0x139c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:54:11.0055 0x139c  RasPppoe - ok
17:54:11.0102 0x139c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:54:11.0133 0x139c  RasSstp - ok
17:54:11.0149 0x139c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:54:11.0196 0x139c  rdbss - ok
17:54:11.0227 0x139c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:54:11.0274 0x139c  rdpbus - ok
17:54:11.0289 0x139c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:54:11.0352 0x139c  RDPCDD - ok
17:54:11.0383 0x139c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:54:11.0414 0x139c  RDPENCDD - ok
17:54:11.0414 0x139c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:54:11.0445 0x139c  RDPREFMP - ok
17:54:11.0570 0x139c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:54:11.0601 0x139c  RdpVideoMiniport - ok
17:54:11.0664 0x139c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:54:11.0679 0x139c  RDPWD - ok
17:54:11.0726 0x139c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:54:11.0757 0x139c  rdyboost - ok
17:54:11.0773 0x139c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:54:11.0820 0x139c  RemoteAccess - ok
17:54:11.0851 0x139c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:54:11.0882 0x139c  RemoteRegistry - ok
17:54:11.0913 0x139c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:54:11.0945 0x139c  RFCOMM - ok
17:54:11.0976 0x139c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:54:12.0023 0x139c  RpcEptMapper - ok
17:54:12.0069 0x139c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
17:54:12.0069 0x139c  RpcLocator - ok
17:54:12.0116 0x139c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
17:54:12.0147 0x139c  RpcSs - ok
17:54:12.0179 0x139c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:54:12.0225 0x139c  rspndr - ok
17:54:12.0319 0x139c  [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
17:54:12.0335 0x139c  RSUSBSTOR - ok
17:54:12.0366 0x139c  [ 543AFFECD35CFABD4490661F83685A0D, 819C022284E54C950D1144B9260C944D493CB4646713B30790818EFC99B82CCB ] RtkBleServ      C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe
17:54:12.0381 0x139c  RtkBleServ - detected UnsignedFile.Multi.Generic ( 1 )
17:54:12.0381 0x139c  RtkBleServ ( UnsignedFile.Multi.Generic ) - warning
17:54:12.0413 0x139c  [ 0772C3A9B2AB1907FCB68F2109F18E3B, FECAF1916CE9224D1784F5F99267B95A21969937DB57833FCD6C6118D0A442DC ] RtkBtFilter     C:\Windows\system32\DRIVERS\RtkBtfilter.sys
17:54:12.0444 0x139c  RtkBtFilter - ok
17:54:12.0553 0x139c  [ F84917461BDB7C51B2ED7FF062B3A64A, 0DC81BA49BDDB4F425F526A21357E1CF70C94D67E99B3020E9FF14B680851EEC ] RTWlanE         C:\Windows\system32\DRIVERS\rtwlane.sys
17:54:12.0615 0x139c  RTWlanE - ok
17:54:12.0647 0x139c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs           C:\Windows\system32\lsass.exe
17:54:12.0647 0x139c  SamSs - ok
17:54:12.0678 0x139c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:54:12.0693 0x139c  sbp2port - ok
17:54:12.0740 0x139c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:54:12.0787 0x139c  SCardSvr - ok
17:54:12.0818 0x139c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:54:12.0849 0x139c  scfilter - ok
17:54:12.0881 0x139c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
17:54:12.0927 0x139c  Schedule - ok
17:54:12.0959 0x139c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:54:12.0974 0x139c  SCPolicySvc - ok
17:54:13.0005 0x139c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:54:13.0021 0x139c  SDRSVC - ok
17:54:13.0052 0x139c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:54:13.0099 0x139c  secdrv - ok
17:54:13.0130 0x139c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
17:54:13.0177 0x139c  seclogon - ok
17:54:13.0224 0x139c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
17:54:13.0239 0x139c  SENS - ok
17:54:13.0239 0x139c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:54:13.0286 0x139c  SensrSvc - ok
17:54:13.0333 0x139c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:54:13.0364 0x139c  Serenum - ok
17:54:13.0411 0x139c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
17:54:13.0458 0x139c  Serial - ok
17:54:13.0489 0x139c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:54:13.0520 0x139c  sermouse - ok
17:54:13.0567 0x139c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
17:54:13.0583 0x139c  SessionEnv - ok
17:54:13.0598 0x139c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:54:13.0629 0x139c  sffdisk - ok
17:54:13.0645 0x139c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:54:13.0661 0x139c  sffp_mmc - ok
17:54:13.0676 0x139c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:54:13.0692 0x139c  sffp_sd - ok
17:54:13.0707 0x139c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:54:13.0754 0x139c  sfloppy - ok
17:54:13.0801 0x139c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:54:13.0832 0x139c  SharedAccess - ok
17:54:13.0879 0x139c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:54:13.0926 0x139c  ShellHWDetection - ok
17:54:13.0973 0x139c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:54:13.0988 0x139c  SiSRaid2 - ok
17:54:14.0019 0x139c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:54:14.0035 0x139c  SiSRaid4 - ok
17:54:14.0144 0x139c  [ 0B70786BD1062CD4C6B58E412B9C3E55, 60ED027642FFF97BFFA55AE3EFFCCBB6D6AD8196D35E9ED06F9AF431E3C0402A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:54:14.0160 0x139c  SkypeUpdate - ok
17:54:14.0207 0x139c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:54:14.0253 0x139c  Smb - ok
17:54:14.0285 0x139c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:54:14.0331 0x139c  SNMPTRAP - ok
17:54:14.0363 0x139c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:54:14.0378 0x139c  spldr - ok
17:54:14.0456 0x139c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
17:54:14.0472 0x139c  Spooler - ok
17:54:14.0565 0x139c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:54:14.0721 0x139c  sppsvc - ok
17:54:14.0753 0x139c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:54:14.0784 0x139c  sppuinotify - ok
17:54:14.0862 0x139c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:54:14.0877 0x139c  srv - ok
17:54:14.0909 0x139c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:54:14.0955 0x139c  srv2 - ok
17:54:15.0002 0x139c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:54:15.0033 0x139c  srvnet - ok
17:54:15.0080 0x139c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:54:15.0127 0x139c  SSDPSRV - ok
17:54:15.0143 0x139c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:54:15.0174 0x139c  SstpSvc - ok
17:54:15.0252 0x139c  [ 5317D001B40EAF91ECA71644F1B984C6, 43F2D5E025527EE19483D0FCA1C8559740556B8F60EE1B4D6AC4BFB826F4162D ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
17:54:15.0267 0x139c  Steam Client Service - ok
17:54:15.0299 0x139c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:54:15.0299 0x139c  stexstor - ok
17:54:15.0345 0x139c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
17:54:15.0408 0x139c  stisvc - ok
17:54:15.0439 0x139c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:54:15.0455 0x139c  swenum - ok
17:54:15.0486 0x139c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
17:54:15.0517 0x139c  swprv - ok
17:54:15.0564 0x139c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
17:54:15.0642 0x139c  SysMain - ok
17:54:15.0689 0x139c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:54:15.0704 0x139c  TabletInputService - ok
17:54:15.0720 0x139c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:54:15.0782 0x139c  TapiSrv - ok
17:54:15.0829 0x139c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
17:54:15.0876 0x139c  TBS - ok
17:54:16.0016 0x139c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:54:16.0094 0x139c  Tcpip - ok
17:54:16.0157 0x139c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:54:16.0235 0x139c  TCPIP6 - ok
17:54:16.0297 0x139c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:54:16.0328 0x139c  tcpipreg - ok
17:54:16.0375 0x139c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:54:16.0391 0x139c  TDPIPE - ok
17:54:16.0422 0x139c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:54:16.0437 0x139c  TDTCP - ok
17:54:16.0515 0x139c  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:54:16.0531 0x139c  tdx - ok
17:54:16.0562 0x139c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:54:16.0578 0x139c  TermDD - ok
17:54:16.0640 0x139c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
17:54:16.0687 0x139c  TermService - ok
17:54:16.0734 0x139c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
17:54:16.0765 0x139c  Themes - ok
17:54:16.0796 0x139c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
17:54:16.0827 0x139c  THREADORDER - ok
17:54:16.0859 0x139c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
17:54:16.0905 0x139c  TrkWks - ok
17:54:16.0983 0x139c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:54:17.0030 0x139c  TrustedInstaller - ok
17:54:17.0077 0x139c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:54:17.0093 0x139c  tssecsrv - ok
17:54:17.0171 0x139c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:54:17.0186 0x139c  TsUsbFlt - ok
17:54:17.0249 0x139c  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:54:17.0280 0x139c  TsUsbGD - ok
17:54:17.0327 0x139c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:54:17.0373 0x139c  tunnel - ok
17:54:17.0405 0x139c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:54:17.0420 0x139c  uagp35 - ok
17:54:17.0451 0x139c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:54:17.0483 0x139c  udfs - ok
17:54:17.0514 0x139c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:54:17.0545 0x139c  UI0Detect - ok
17:54:17.0592 0x139c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:54:17.0607 0x139c  uliagpkx - ok
17:54:17.0639 0x139c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:54:17.0670 0x139c  umbus - ok
17:54:17.0701 0x139c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:54:17.0732 0x139c  UmPass - ok
17:54:17.0795 0x139c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
17:54:17.0857 0x139c  upnphost - ok
17:54:17.0935 0x139c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:54:17.0951 0x139c  usbaudio - ok
17:54:17.0966 0x139c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:54:17.0982 0x139c  usbccgp - ok
17:54:18.0060 0x139c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:54:18.0107 0x139c  usbcir - ok
17:54:18.0169 0x139c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:54:18.0200 0x139c  usbehci - ok
17:54:18.0247 0x139c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:54:18.0294 0x139c  usbhub - ok
17:54:18.0341 0x139c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:54:18.0356 0x139c  usbohci - ok
17:54:18.0387 0x139c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
17:54:18.0403 0x139c  usbprint - ok
17:54:18.0419 0x139c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:54:18.0434 0x139c  USBSTOR - ok
17:54:18.0497 0x139c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:54:18.0528 0x139c  usbuhci - ok
17:54:18.0606 0x139c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:54:18.0637 0x139c  usbvideo - ok
17:54:18.0653 0x139c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
17:54:18.0699 0x139c  UxSms - ok
17:54:18.0731 0x139c  [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc        C:\Windows\system32\lsass.exe
17:54:18.0746 0x139c  VaultSvc - ok
17:54:18.0855 0x139c  VBoxAswDrv - ok
17:54:18.0887 0x139c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:54:18.0902 0x139c  vdrvroot - ok
17:54:18.0933 0x139c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
17:54:18.0980 0x139c  vds - ok
17:54:18.0996 0x139c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:54:19.0011 0x139c  vga - ok
17:54:19.0011 0x139c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:54:19.0074 0x139c  VgaSave - ok
17:54:19.0105 0x139c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:54:19.0152 0x139c  vhdmp - ok
17:54:19.0230 0x139c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:54:19.0230 0x139c  viaide - ok
17:54:19.0277 0x139c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:54:19.0292 0x139c  volmgr - ok
17:54:19.0308 0x139c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:54:19.0323 0x139c  volmgrx - ok
17:54:19.0401 0x139c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:54:19.0417 0x139c  volsnap - ok
17:54:19.0448 0x139c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:54:19.0464 0x139c  vsmraid - ok
17:54:19.0526 0x139c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
17:54:19.0589 0x139c  VSS - ok
17:54:19.0620 0x139c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:54:19.0635 0x139c  vwifibus - ok
17:54:19.0667 0x139c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:54:19.0698 0x139c  vwififlt - ok
17:54:19.0729 0x139c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:54:19.0760 0x139c  vwifimp - ok
17:54:19.0823 0x139c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
17:54:19.0854 0x139c  W32Time - ok
17:54:19.0916 0x139c  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
17:54:19.0947 0x139c  W3SVC - ok
17:54:20.0041 0x139c  [ 90A7D70E48A69F6E4FFB49440674B3B8, 6C31BE40D9FF3C91B420AB2CFF17FA0D463BD97DF94B9CFCB8735A9EBC8FDFB0 ] WacHidRouter    C:\Windows\system32\DRIVERS\wachidrouter.sys
17:54:20.0057 0x139c  WacHidRouter - ok
17:54:20.0072 0x139c  wacommousefilter - ok
17:54:20.0088 0x139c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:54:20.0135 0x139c  WacomPen - ok
17:54:20.0181 0x139c  [ A46EA18DFA3CB657732909570F021578, 36A87A8A3402BBD79367B6F0D9C59C3BAF18AAE154A273DA067D7F08A7B94CC8 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
17:54:20.0181 0x139c  wacomrouterfilter - ok
17:54:20.0213 0x139c  wacomvhid - ok
17:54:20.0259 0x139c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:54:20.0306 0x139c  WANARP - ok
17:54:20.0322 0x139c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:54:20.0353 0x139c  Wanarpv6 - ok
17:54:20.0384 0x139c  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
17:54:20.0400 0x139c  WAS - ok
17:54:20.0462 0x139c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
17:54:20.0525 0x139c  wbengine - ok
17:54:20.0556 0x139c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:54:20.0571 0x139c  WbioSrvc - ok
17:54:20.0603 0x139c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:54:20.0634 0x139c  wcncsvc - ok
17:54:20.0634 0x139c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:54:20.0665 0x139c  WcsPlugInService - ok
17:54:20.0712 0x139c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
17:54:20.0727 0x139c  Wd - ok
17:54:20.0790 0x139c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:54:20.0837 0x139c  Wdf01000 - ok
17:54:20.0852 0x139c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:54:20.0899 0x139c  WdiServiceHost - ok
17:54:20.0899 0x139c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:54:20.0915 0x139c  WdiSystemHost - ok
17:54:20.0961 0x139c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
17:54:20.0977 0x139c  WebClient - ok
17:54:21.0008 0x139c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:54:21.0039 0x139c  Wecsvc - ok
17:54:21.0055 0x139c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:54:21.0086 0x139c  wercplsupport - ok
17:54:21.0117 0x139c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:54:21.0133 0x139c  WerSvc - ok
17:54:21.0164 0x139c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:54:21.0195 0x139c  WfpLwf - ok
17:54:21.0211 0x139c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:54:21.0227 0x139c  WIMMount - ok
17:54:21.0242 0x139c  WinDefend - ok
17:54:21.0273 0x139c  WinHttpAutoProxySvc - ok
17:54:21.0320 0x139c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:54:21.0367 0x139c  Winmgmt - ok
17:54:21.0461 0x139c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
17:54:21.0523 0x139c  WinRM - ok
17:54:21.0601 0x139c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:54:21.0617 0x139c  WinUsb - ok
17:54:21.0648 0x139c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:54:21.0679 0x139c  Wlansvc - ok
17:54:21.0819 0x139c  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:54:21.0866 0x139c  wlidsvc - ok
17:54:21.0897 0x139c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:54:21.0929 0x139c  WmiAcpi - ok
17:54:21.0960 0x139c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:54:21.0975 0x139c  wmiApSrv - ok
17:54:22.0007 0x139c  WMPNetworkSvc - ok
17:54:22.0038 0x139c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:54:22.0053 0x139c  WPCSvc - ok
17:54:22.0069 0x139c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:54:22.0085 0x139c  WPDBusEnum - ok
17:54:22.0116 0x139c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:54:22.0147 0x139c  ws2ifsl - ok
17:54:22.0163 0x139c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
17:54:22.0178 0x139c  wscsvc - ok
17:54:22.0178 0x139c  WSearch - ok
17:54:22.0319 0x139c  [ 539D52A1CB4CC3BFB9B6CAD7883B8ECA, 3CAC8F755F85F06C6FFA8C5328943DC55F410EAAA64F0E4241C3E7F60A48D4A9 ] WTabletServiceCon C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
17:54:22.0334 0x139c  WTabletServiceCon - ok
17:54:22.0475 0x139c  [ 34171064E47304771179A28F1B626A71, 518D832F9C6826ED1F3A3220808E9A5DE5E0B6924AAFA1BE70B3957EFF117642 ] WTabletServicePro C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
17:54:22.0490 0x139c  WTabletServicePro - ok
17:54:22.0599 0x139c  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:54:22.0677 0x139c  wuauserv - ok
17:54:22.0724 0x139c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:54:22.0755 0x139c  WudfPf - ok
17:54:22.0787 0x139c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:54:22.0849 0x139c  WUDFRd - ok
17:54:22.0896 0x139c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:54:22.0927 0x139c  wudfsvc - ok
17:54:22.0974 0x139c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:54:22.0989 0x139c  WwanSvc - ok
17:54:23.0021 0x139c  xhunter1 - ok
17:54:23.0114 0x139c  [ 2C6BC21B2D5B58D8B1D638C1704CB494, 0AABCEB627E274E338DDD9BA664BAA128D7C00AF04C95C776C2AFFA6BB17F680 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
17:54:23.0114 0x139c  xusb21 - ok
17:54:23.0161 0x139c  ================ Scan global ===============================
17:54:23.0192 0x139c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:54:23.0255 0x139c  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
17:54:23.0255 0x139c  [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll
17:54:23.0286 0x139c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:54:23.0348 0x139c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
17:54:23.0364 0x139c  [ Global ] - ok
17:54:23.0364 0x139c  ================ Scan MBR ==================================
17:54:23.0379 0x139c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:54:27.0077 0x139c  \Device\Harddisk0\DR0 - ok
17:54:27.0077 0x139c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2
17:54:27.0217 0x139c  \Device\Harddisk1\DR2 - ok
17:54:27.0217 0x139c  ================ Scan VBR ==================================
17:54:27.0217 0x139c  [ EFE162BDED35D5AFDF980AFB483C6E4B ] \Device\Harddisk0\DR0\Partition1
17:54:27.0248 0x139c  \Device\Harddisk0\DR0\Partition1 - ok
17:54:27.0264 0x139c  [ 81AB87579D4F78AB6C2FC2AF2E0AD245 ] \Device\Harddisk0\DR0\Partition2
17:54:27.0264 0x139c  \Device\Harddisk0\DR0\Partition2 - ok
17:54:27.0279 0x139c  [ 2716013F20357751463767959CDC1184 ] \Device\Harddisk1\DR2\Partition1
17:54:27.0279 0x139c  \Device\Harddisk1\DR2\Partition1 - ok
17:54:27.0279 0x139c  ================ Scan generic autorun ======================
17:54:27.0295 0x139c  [ 8B87D9E466055B958EE24270BF187512, 7A1994398C5A2CEB7738006F375C12E5AAC9142786783189E7C57AB8E1E75F3C ] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe
17:54:27.0357 0x139c  BtServer - detected UnsignedFile.Multi.Generic ( 1 )
17:54:27.0357 0x139c  BtServer ( UnsignedFile.Multi.Generic ) - warning
17:54:27.0357 0x139c  ETDCtrl - ok
17:54:27.0482 0x139c  [ 4A0477ADCD07EC9D21257A2E456B16C5, CEF9C81730C12283A7600C3D921D89A62B14D1C46544B493F3AF7520DD2D1F79 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
17:54:27.0482 0x139c  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
17:54:27.0482 0x139c  IAStorIcon ( UnsignedFile.Multi.Generic ) - warning
17:54:27.0482 0x139c  Force sending object to P2P due to detect: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
17:54:27.0482 0x139c  Object send P2P result: false
17:54:27.0654 0x139c  [ 463C40BFC0FB8FF59049E2CA78695A40, 8D693A061A19E47CCADEEC844D4ACF59B5CD3CE97452018807884D2ACBEDA7FF ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
17:54:27.0732 0x139c  NvBackend - ok
17:54:27.0763 0x139c  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
17:54:27.0779 0x139c  ShadowPlay - ok
17:54:27.0857 0x139c  [ ED43758BF94B8A5221D69F1B7F63F13D, F6E7418823E45085F4D4F50DD25A55ED517C0A335C6C2F69A1139B30677D3DA9 ] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
17:54:27.0888 0x139c  XboxStat - ok
17:54:28.0044 0x139c  [ 094E4E76FB9AB960A73F841BC6733F42, 01C1BFF17BEC6588E192EC4D7ACB74FC9B95ECA7CB8BB9585B04FC8EA73C3B43 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
17:54:28.0044 0x139c  USB3MON - ok
17:54:28.0137 0x139c  [ 80086ED442941DE2CA18CB6DAE8C1422, F7BE958F2E8E17970C238E3806F4A742B12DA09EB21093BD6371CF4B580C5BE4 ] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
17:54:28.0184 0x139c  Aeria Ignite - ok
17:54:28.0403 0x139c  [ 8A312D5764B4FC4C55CEDDEED4652CF1, C4E726C9C77614CD32D5B76DA2E9A049EC490C2392D9A94B84712BCBF47BA7C6 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
17:54:28.0527 0x139c  AvastUI.exe - ok
17:54:28.0746 0x139c  [ E5255D63DD01AA9F1CC4355FE366E2D3, 2E28C14DC1FEAE10626D37FF4C1DAE27F3801A40EA973E02E42B48185CBBC89B ] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
17:54:28.0855 0x139c  LogMeIn Hamachi Ui - ok
17:54:29.0042 0x139c  [ 359714A81A50EA2B3C8FD5B469AC7D23, AEA7CE88D44809DD0D656FC9B7D57B0993AEA99FB4665136CA0450F1BECEC453 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
17:54:29.0058 0x139c  FUFAXRCV - ok
17:54:29.0089 0x139c  [ 0DA6B555222873BB7AD140D9C675DFB7, A7EADD3D6A658D5B8FD208563466BC4E0EE185BB05DE3C0ACE70A8527E7B02F1 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
17:54:29.0105 0x139c  FUFAXSTM - ok
17:54:29.0198 0x139c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:54:29.0245 0x139c  Sidebar - ok
17:54:29.0276 0x139c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:54:29.0292 0x139c  mctadmin - ok
17:54:29.0339 0x139c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:54:29.0370 0x139c  Sidebar - ok
17:54:29.0385 0x139c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:54:29.0401 0x139c  mctadmin - ok
17:54:29.0666 0x139c  [ F2AD1B265908797F8A5E21E0312F2F25, 2A6A612F7D52D297385C43E77AD0CD37B28F33ED2AF89098F5E66B812B838A52 ] C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe
17:54:29.0744 0x139c  Akamai NetSession Interface - ok
17:54:29.0853 0x139c  [ 764BE29C9F78D949191C995B9BA4492A, A42EADC8546859A717F149C044235410B5908837B471889B281195C860AC558D ] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMAE.EXE
17:54:29.0869 0x139c  EPLTarget\P0000000000000000 - ok
17:54:30.0009 0x139c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:54:30.0056 0x139c  Sidebar - ok
17:54:30.0087 0x139c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:54:30.0103 0x139c  mctadmin - ok
17:54:30.0150 0x139c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2245.1540 ), 0x41000 ( enabled : updated )
17:54:30.0321 0x139c  Win FW state via NFP2: enabled ( trusted )
17:54:30.0321 0x139c  ============================================================
17:54:30.0321 0x139c  Scan finished
17:54:30.0321 0x139c  ============================================================
17:54:30.0321 0x0158  Detected object count: 8
17:54:30.0321 0x0158  Actual detected object count: 8
17:54:56.0186 0x0158  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:56.0186 0x0158  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:54:56.0186 0x0158  AvrcpService ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:56.0186 0x0158  AvrcpService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:54:56.0186 0x0158  BTDevManager ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:56.0186 0x0158  BTDevManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:54:56.0186 0x0158  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:56.0186 0x0158  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:54:56.0186 0x0158  Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:56.0186 0x0158  Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:54:56.0186 0x0158  RtkBleServ ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:56.0186 0x0158  RtkBleServ ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:54:56.0186 0x0158  BtServer ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:56.0186 0x0158  BtServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:54:56.0186 0x0158  IAStorIcon ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:56.0186 0x0158  IAStorIcon ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 11.12.2015, 18:03   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Schritt 1

  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 12.12.2015, 04:32   #9
silaries
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Hier der Log von MBAM:

Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/12/11 18:46:58 +0100</date>
<logfile>mbam-log-2015-12-11 (18-46-38).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.0.1024</version>
<malware-database>v2015.09.22.05</malware-database>
<rootkit-database>v2015.09.18.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>JIMMY</hostname>
<ip>25.106.109.46</ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>MadlinNoxXedalia</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>506064</objects>
<time>17688</time>
<processes>0</processes>
<modules>0</modules>
<keys>4</keys>
<values>5</values>
<datas>0</datas>
<folders>5</folders>
<files>4</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR</path><vendor>PUP.Optional.Trovi</vendor><action>success</action><hash>07e6f042c6c554e21e94992a6a9a22de</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>bc31d55ddbb02f0738b7de94ee168d73</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>34b96dc5e0ab47ef549a2a4851b3bd43</hash></key>
<key><path>HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\SOFTWARE\SupHpUISoft</path><vendor>PUP.Optional.WebSearches.ShrtCln</vendor><action>success</action><hash>66879b97395242f4f53c83bf5ba8f907</hash></key>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe</path><valuename>{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</valuename><vendor>PUP.Optional.Trovi</vendor><action>success</action><valuedata>130523343391758969</valuedata><hash>737aab879deeb680e5cc6261ab59c13f</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.exe</path><valuename>{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</valuename><vendor>PUP.Optional.Trovi</vendor><action>success</action><valuedata>130523343391758969</valuedata><hash>856872c02b602016f8b918abaa5a58a8</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe</path><valuename>{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</valuename><vendor>PUP.Optional.Trovi</vendor><action>success</action><valuedata>130523343391758969</valuedata><hash>e10c0f23b3d821157a37fec5ad57d729</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe</path><valuename>{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</valuename><vendor>PUP.Optional.Trovi</vendor><action>success</action><valuedata>130523343391758969</valuedata><hash>d815c969553644f28f22f4cf57ad17e9</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr</path><valuename>{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</valuename><vendor>PUP.Optional.Trovi</vendor><action>success</action><valuedata>130523343391758969</valuedata><hash>07e6f042c6c554e21e94992a6a9a22de</hash></value>
<folder><path>C:\ProgramData\374311380</path><vendor>Rogue.Multiple</vendor><action>success</action><hash>1ad37ab84942f640f47e0fdffd0545bb</hash></folder>
<folder><path>C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me</path><vendor>PUP.Optional.NextLive</vendor><action>success</action><hash>b23b5ad80586df57493c031edc27f40c</hash></folder>
<folder><path>C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me\cache</path><vendor>PUP.Optional.NextLive</vendor><action>success</action><hash>b23b5ad80586df57493c031edc27f40c</hash></folder>
<folder><path>C:\Windows\SysWOW64\SearchProtect</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>14d9be745a31072fde13fa366b9821df</hash></folder>
<folder><path>C:\Windows\SysWOW64\SearchProtect\Logs</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>14d9be745a31072fde13fa366b9821df</hash></folder>
<file><path>C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>c4294fe36c1f57df3db482f011f34bb5</hash></file>
<file><path>C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>b538f43e97f4d165b187a2177b896e92</hash></file>
<file><path>C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me\nengine.cookie</path><vendor>PUP.Optional.NextLive</vendor><action>success</action><hash>b23b5ad80586df57493c031edc27f40c</hash></file>
<file><path>C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me\cache\spark.bin</path><vendor>PUP.Optional.NextLive</vendor><action>success</action><hash>b23b5ad80586df57493c031edc27f40c</hash></file>
</items>
</mbam-log>
         

Und hier die Logdatei von ESET :

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d5f3c6bbe3c26c4384f0b3f6812f5b56
# end=init
# utc_time=2015-12-11 11:32:35
# local_time=2015-12-12 12:32:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27161
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d5f3c6bbe3c26c4384f0b3f6812f5b56
# end=updated
# utc_time=2015-12-11 11:38:25
# local_time=2015-12-12 12:38:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d5f3c6bbe3c26c4384f0b3f6812f5b56
# engine=27161
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-12-12 02:26:40
# local_time=2015-12-12 03:26:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 88 60408 14896650 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 164940 201517050 0 0
# scanned=438912
# found=14
# cleaned=14
# scan_time=10094
sh=3149B935C4D86C3B18CB10E46E75191CC17766A2 ft=1 fh=7a190de845a5fb04 vn="Win32/TrojanDownloader.Nymaim.BA Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\MadlinNoxXedalia\AppData\Roaming\mosfet-1\mosfet-78.exe"
sh=13EB3D5BF4F919421221385BE1047B5E1A840D2D ft=0 fh=0000000000000000 vn="JS/Adware.Steganos.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\OkayFreedom\okayfreedom_ff.xpi"
sh=65DBF1D094F3C63AD12C8F034D8D132A962FA46E ft=1 fh=073c304ffb9fa3a8 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\aapt.exe"
sh=B7832A1BC15B67EEA01C25B6C688021372FB4656 ft=1 fh=217f6af847730ddc vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashReport.exe"
sh=85CC7149AE9F5B9C345C6E4291159EDB1E6D4AA2 ft=1 fh=28079c1ecc971f93 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashRpt.dll"
sh=9E2C3D7CDEDE2543CC0F7960D9837D1B6D2BE75F ft=1 fh=7a481a0f621bd9cc vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x64.exe"
sh=E54955407B312B936C2873446E59355F0EA5CA73 ft=1 fh=d287fe18b11aa882 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x86.exe"
sh=77FF724EA6530E24FBD9EA8C2D59B1B291796874 ft=1 fh=d2ee2046d07ae837 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x64.exe"
sh=1A8B4BA11E613DE010E51F03D89B513527846AA4 ft=1 fh=95b4c8bc1ea46e9e vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x86.exe"
sh=8EE77C3EA732059837B316BEEE37A0809CD68F0B ft=1 fh=77f6a6fe09a20461 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\lsusb.exe"
sh=F62E24423D06DDAF273DFFBA831C25EBC13B82EE ft=1 fh=9b120be6f077dc20 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgadb.exe"
sh=02D365A799FDCBF8C8A507FCFC69946B402FEA53 ft=1 fh=92f3782890b0d44b vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgusb.exe"
sh=8C6F55634ADBCA6FAA8101C1B2FB024B4855499D ft=1 fh=2876557c9c75ac21 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\OutlookOperatorC.exe"
sh=E3A69044DB80020EF69F28A679A62A07F9AE936A ft=1 fh=bcbf2858281a2b32 vn="JS/Adware.Steganos.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\Downloads\okayfreedom.exe"
         

Ich habe für kurze Zeit die Verbindung zum W-Lan mit dem infizierten Laptop hergestellt da ESET Daten runterladen musste und immerhin bekam ich keine Fehlermeldungen mehr

Alt 12.12.2015, 14:16   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Hi,

bitte Malwarebytes-Log posten:

Malwarebytes Anti-Malware Logfile finden - Anleitungen

sowie ein frisches FRST-Log:

Schritt 1



Bitte starte FRST erneut, und drücke auf Untersuchen.
Bitte poste mir den Inhalt des Logs.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 12.12.2015, 18:52   #11
silaries
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Hier nochmal der richtige MBAM Log (hoffentlich)

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 11.12.2015
Suchlaufzeit: 18:46
Protokolldatei: mbam log.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.09.22.05
Rootkit-Datenbank: v2015.09.18.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bosartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: MadlinNoxXedalia

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 506064
Abgelaufene Zeit: 4 Std., 54 Min., 48 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bosartigen Elemente erkannt)

Module: 0
(keine bosartigen Elemente erkannt)

Registrierungsschlussel: 4
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR, In Quarantane, [07e6f042c6c554e21e94992a6a9a22de], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantane, [bc31d55ddbb02f0738b7de94ee168d73], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantane, [34b96dc5e0ab47ef549a2a4851b3bd43], 
PUP.Optional.WebSearches.ShrtCln, HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\SOFTWARE\SupHpUISoft, In Quarantane, [66879b97395242f4f53c83bf5ba8f907], 

Registrierungswerte: 5
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130523343391758969, In Quarantane, [737aab879deeb680e5cc6261ab59c13f]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130523343391758969, In Quarantane, [856872c02b602016f8b918abaa5a58a8]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130523343391758969, In Quarantane, [e10c0f23b3d821157a37fec5ad57d729]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130523343391758969, In Quarantane, [d815c969553644f28f22f4cf57ad17e9]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130523343391758969, In Quarantane, [07e6f042c6c554e21e94992a6a9a22de]

Registrierungsdaten: 0
(keine bosartigen Elemente erkannt)

Ordner: 5
Rogue.Multiple, C:\ProgramData\374311380, In Quarantane, [1ad37ab84942f640f47e0fdffd0545bb], 
PUP.Optional.NextLive, C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me, In Quarantane, [b23b5ad80586df57493c031edc27f40c], 
PUP.Optional.NextLive, C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me\cache, In Quarantane, [b23b5ad80586df57493c031edc27f40c], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\SearchProtect, In Quarantane, [14d9be745a31072fde13fa366b9821df], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\SearchProtect\Logs, In Quarantane, [14d9be745a31072fde13fa366b9821df], 

Dateien: 4
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantane, [c4294fe36c1f57df3db482f011f34bb5], 
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, In Quarantane, [b538f43e97f4d165b187a2177b896e92], 
PUP.Optional.NextLive, C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me\nengine.cookie, In Quarantane, [b23b5ad80586df57493c031edc27f40c], 
PUP.Optional.NextLive, C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantane, [b23b5ad80586df57493c031edc27f40c], 

Physische Sektoren: 0
(keine bosartigen Elemente erkannt)


(end)
         

Und der neue FRST Log :

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
durchgeführt von MadlinNoxXedalia (Administrator) auf JIMMY (12-12-2015 18:42:04)
Gestartet von C:\Users\MadlinNoxXedalia\Desktop
Geladene Profile: MadlinNoxXedalia (Verfügbare Profile: MadlinNoxXedalia & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Akamai Technologies, Inc.) C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMAE.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Akamai Technologies, Inc.) C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-03-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-10] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-06-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-06-01] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [Akamai NetSession Interface] => C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMAE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\MountPoints2: {0f09794a-7876-11e3-a376-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\MountPoints2: {7085169a-77d0-11e3-92d4-806e6f6e6963} - D:\CDSetup.exe
HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Keine Datei
AppInit_DLLs:  C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-10] (AVAST Software)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{8E59BC53-669B-4B6F-ACA7-963EE04C58DF}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{EE7416E6-35C3-4E97-9310-BA4AA4C50EE9}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-07-05] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-10] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-07-05] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-10-21] (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-10] (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-11-13] ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-07-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-07-05] (Oracle Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [Keine Datei]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-10-21] (Perfect World Entertainment Inc)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MadlinNoxXedalia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-25] ()
FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-11]

Chrome: 
=======
CHR Profile: C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Präsentationen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28]
CHR Extension: (Google Docs) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28]
CHR Extension: (Google Drive) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (AdBlock) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blipnejacaoebmeelgjgifelpnikhiec [2015-02-28]
CHR Extension: (YouTube) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-Suche) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Tabellen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28]
CHR Extension: (Google Docs Offline) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Noiz yE) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oniglohbipbekimgjdmgbbllgnejffbm [2015-02-28]
CHR Extension: (Google Mail) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-10]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-10]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-08-17] (Adobe Systems) [Datei ist nicht signiert]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-10] (AVAST Software)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-04-02] (Realtek Semiconductor Corporation) [Datei ist nicht signiert]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [Datei ist nicht signiert]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
S4 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-10] (Electronic Arts)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [654528 2015-05-26] (Wacom Technology, Corp.)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-10] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [535624 2013-03-28] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
S3 cpuz137; \??\C:\Users\MADLIN~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-12 00:25 - 2015-12-12 00:25 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-12 00:19 - 2015-12-12 00:19 - 00003875 _____ C:\Users\MadlinNoxXedalia\Desktop\viren MBAM.txt
2015-12-12 00:19 - 2015-12-12 00:19 - 00000080 _____ C:\Users\Public\Desktop\EPSON-Handbucher.lnk
2015-12-11 18:43 - 2015-12-12 18:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-11 18:42 - 2015-12-12 00:19 - 00001100 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-12-11 18:42 - 2015-12-11 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-12-11 18:42 - 2015-12-11 18:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-11 18:42 - 2015-12-11 18:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-12-11 18:42 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-11 18:42 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-11 18:42 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-11 17:51 - 2015-12-11 17:56 - 00221944 _____ C:\TDSSKiller.3.1.0.8_11.12.2015_17.51.12_log.txt
2015-12-11 17:51 - 2015-12-11 17:48 - 04676456 _____ (Kaspersky Lab ZAO) C:\Users\MadlinNoxXedalia\Desktop\tdsskiller.exe
2015-12-11 11:56 - 2015-12-11 11:59 - 00008662 _____ C:\Users\MadlinNoxXedalia\Desktop\Fixlog.txt
2015-12-10 22:33 - 2015-12-12 18:42 - 00023380 _____ C:\Users\MadlinNoxXedalia\Desktop\FRST.txt
2015-12-10 22:33 - 2015-12-12 18:42 - 00000000 ____D C:\FRST
2015-12-10 22:31 - 2015-12-10 22:32 - 02369024 _____ (Farbar) C:\Users\MadlinNoxXedalia\Desktop\FRST64.exe
2015-12-10 14:47 - 2015-12-10 14:40 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-10 14:41 - 2015-12-12 00:19 - 00001960 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-12-10 14:40 - 2015-12-10 14:40 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-10 14:36 - 2015-12-10 14:37 - 05080288 _____ (AVAST Software) C:\Users\MadlinNoxXedalia\Desktop\avast_free_antivirus_setup_online.exe
2015-12-10 00:42 - 2015-12-10 00:42 - 00000554 _____ C:\Windows\SysWOW64\out.bin
2015-12-10 00:40 - 2015-12-10 15:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\kelvin-56
2015-12-10 00:39 - 2015-12-10 22:28 - 00000000 ____D C:\ProgramData\statics-07
2015-12-10 00:34 - 2015-12-10 15:38 - 00000000 ____D C:\ProgramData\onewire-05
2015-12-10 00:32 - 2015-12-10 00:42 - 00000000 ____D C:\ProgramData\ko
2015-12-07 11:01 - 2015-12-07 11:01 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst.url
2015-12-07 10:39 - 2015-12-07 10:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-12-07 10:35 - 2015-12-07 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-12-07 10:35 - 2015-12-07 10:35 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2015-12-05 17:59 - 2015-12-05 17:59 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\Rocket League.url
2015-12-05 13:25 - 2013-08-21 16:13 - 00018803 _____ C:\Users\MadlinNoxXedalia\Desktop\110986_smile-dog.jpeg
2015-12-04 19:26 - 2015-12-04 19:42 - 00000085 _____ C:\Users\MadlinNoxXedalia\Desktop\wunsch.txt
2015-12-04 02:09 - 2015-12-04 02:09 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-12-04 02:09 - 2015-12-04 02:09 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-12-04 02:09 - 2015-12-04 02:09 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-12-04 02:09 - 2015-12-04 02:09 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-12-04 02:09 - 2015-12-04 02:09 - 00000000 ____D C:\Program Files (x86)\OpenAL
2015-12-04 02:04 - 2015-06-07 00:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-12-04 00:57 - 2015-12-04 00:57 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\The Isle.url
2015-12-03 14:58 - 2015-12-03 14:58 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 14:57 - 2015-12-03 14:57 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-01 00:24 - 2015-12-01 13:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-01 00:22 - 2015-12-12 00:19 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-30 23:29 - 2015-12-12 18:29 - 00000911 _____ C:\Windows\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574}.job
2015-11-30 23:29 - 2015-11-30 23:29 - 00003978 _____ C:\Windows\System32\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574}
2015-11-30 23:29 - 2015-11-30 23:29 - 00000000 ____D C:\Program Files\Common Files\EPSON
2015-11-30 23:14 - 2015-11-30 23:14 - 00000000 ____D C:\Program Files\EpsonNet
2015-11-30 22:50 - 2015-11-30 22:51 - 00000123 _____ C:\Users\Public\Desktop\Epson Connect Site.url
2015-11-30 22:50 - 2015-11-30 22:50 - 00001148 _____ C:\Users\Public\Desktop\EPSON-Handbücher.lnk
2015-11-30 22:47 - 2015-12-12 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-11-30 22:47 - 2015-11-30 23:53 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Epson
2015-11-30 22:47 - 2015-11-30 23:38 - 00000000 ____D C:\Program Files (x86)\Epson Software
2015-11-30 22:45 - 2015-12-12 00:19 - 00000928 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2015-11-30 22:45 - 2015-11-30 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-11-30 22:45 - 2015-11-30 22:51 - 00000000 ____D C:\Program Files (x86)\epson
2015-11-30 22:45 - 2014-02-25 00:00 - 00466944 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2015-11-30 22:45 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2015-11-30 22:45 - 2010-11-22 13:27 - 00147472 _____ (TWAIN Working Group) C:\Windows\SysWOW64\twaindsm.dll
2015-11-30 22:44 - 2013-12-06 04:05 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMBMAE.DLL
2015-11-30 22:44 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BMAE.DLL
2015-11-30 22:44 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2015-11-30 22:36 - 2015-11-30 23:31 - 00000000 ____D C:\ProgramData\Epson
2015-11-20 19:58 - 2015-11-25 22:08 - 00000000 ____D C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499
2015-11-17 22:01 - 2015-11-17 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-11-17 22:01 - 2015-11-17 22:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-11-17 02:57 - 2015-11-17 02:57 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\Samsung
2015-11-17 02:57 - 2015-11-17 02:57 - 00000000 ____D C:\ProgramData\Samsung
2015-11-17 02:55 - 2015-11-17 02:55 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-17 02:55 - 2015-11-17 02:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-11-17 02:53 - 2015-11-17 02:55 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Samsung
2015-11-17 02:53 - 2015-11-17 02:53 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-11-17 02:53 - 2015-09-11 11:54 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2015-11-14 22:01 - 2015-11-14 22:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablett
2015-11-14 22:00 - 2015-11-14 22:00 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Wacom Help

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-12-12 18:07 - 2015-06-22 17:30 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-12 18:01 - 2014-01-11 09:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-12 17:58 - 2014-01-11 09:02 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-12 03:25 - 2015-03-10 23:10 - 00000000 ____D C:\Program Files (x86)\OkayFreedom
2015-12-12 00:37 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-12 00:37 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-12 00:23 - 2014-05-29 15:01 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\LogMeIn Hamachi
2015-12-12 00:22 - 2014-01-07 20:08 - 00000000 ____D C:\ProgramData\Realtek
2015-12-12 00:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-12 00:21 - 2014-12-18 22:57 - 00000000 ____D C:\Windows\PCHEALTH
2015-12-12 00:19 - 2015-05-15 14:20 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-12-12 00:19 - 2015-03-27 11:55 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-12-12 00:19 - 2014-12-18 22:59 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-12-12 00:19 - 2014-12-18 22:58 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-12-12 00:19 - 2014-12-14 16:11 - 00000893 _____ C:\Users\MadlinNoxXedalia\Desktop\CLIP STUDIO PAINT (64bit).lnk
2015-12-12 00:19 - 2014-11-07 17:43 - 00000571 _____ C:\Users\MadlinNoxXedalia\Desktop\PaintTool SAI Ver.1.lnk
2015-12-12 00:19 - 2014-11-07 17:43 - 00000571 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaintTool SAI Ver.1.lnk
2015-12-12 00:19 - 2014-11-05 18:36 - 00000958 _____ C:\Users\MadlinNoxXedalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2015-12-12 00:19 - 2014-08-17 18:23 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2015-12-12 00:19 - 2014-08-17 18:20 - 00002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2015-12-12 00:19 - 2014-08-17 18:19 - 00002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2015-12-12 00:19 - 2014-08-17 18:19 - 00002030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2015-12-12 00:19 - 2014-07-05 02:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-12 00:19 - 2014-03-28 21:02 - 00002511 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-12 00:19 - 2014-03-15 21:34 - 00001905 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
2015-12-12 00:19 - 2014-02-03 22:03 - 00001607 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2015-12-12 00:19 - 2014-01-07 20:22 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-12-12 00:19 - 2014-01-07 20:22 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-12-12 00:19 - 2014-01-07 13:28 - 00001425 _____ C:\Users\MadlinNoxXedalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-12 00:19 - 2009-07-14 06:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-12-12 00:19 - 2009-07-14 05:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-12 00:19 - 2009-07-14 05:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-12-12 00:19 - 2009-07-14 05:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-12-12 00:19 - 2009-07-14 05:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-12-12 00:19 - 2009-07-14 05:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-12-12 00:19 - 2009-07-14 05:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-12-11 17:54 - 2011-04-12 08:43 - 00760088 _____ C:\Windows\system32\perfh007.dat
2015-12-11 17:54 - 2011-04-12 08:43 - 00173736 _____ C:\Windows\system32\perfc007.dat
2015-12-11 17:54 - 2009-07-14 06:13 - 01797514 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-11 17:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-10 22:36 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows
2015-12-10 14:40 - 2015-06-22 17:30 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-10 14:40 - 2015-06-22 17:29 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-10 14:27 - 2014-08-07 21:49 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\CrashDumps
2015-12-10 12:02 - 2014-04-04 22:40 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-10 11:27 - 2015-06-12 11:45 - 00000000 __SHD C:\Users\MadlinNoxXedalia\AppData\Roaming\ggfgacfg
2015-12-10 11:25 - 2014-01-19 19:23 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Skype
2015-12-08 00:39 - 2014-08-28 02:08 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\ElevatedDiagnostics
2015-12-07 23:14 - 2015-04-28 14:49 - 00000000 ____D C:\kein programm ber bilder von handy
2015-12-05 18:54 - 2014-07-18 16:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\My Games
2015-12-05 17:53 - 2014-01-11 09:02 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 17:53 - 2014-01-11 09:02 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 15:57 - 2014-11-05 18:35 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\osu!
2015-12-04 02:08 - 2014-08-02 19:56 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-01 13:16 - 2014-08-17 18:18 - 00000000 ____D C:\ProgramData\Adobe
2015-12-01 12:35 - 2014-01-07 13:27 - 00000000 ____D C:\Users\MadlinNoxXedalia
2015-12-01 00:31 - 2014-08-17 18:30 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Adobe
2015-12-01 00:30 - 2014-07-26 18:10 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\LocalLow\Adobe
2015-12-01 00:30 - 2014-01-09 04:50 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Adobe
2015-12-01 00:21 - 2014-08-17 18:17 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-30 22:51 - 2014-01-07 19:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-21 18:34 - 2014-11-07 17:43 - 00000000 ____D C:\PaintToolSAI
2015-11-20 21:49 - 2014-12-14 16:15 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\CELSYS_EN
2015-11-20 20:19 - 2015-03-20 23:29 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\CELSYS
2015-11-19 16:31 - 2014-05-02 03:26 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2015-11-19 16:31 - 2014-05-02 03:10 - 00000000 ____D C:\AeriaGames
2015-11-19 16:28 - 2014-05-02 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-11-19 16:08 - 2014-06-19 13:51 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\ZU VIELE ORDNER
2015-11-14 21:59 - 2014-10-21 19:04 - 00000000 ____D C:\Program Files\Tablet
2015-11-14 21:58 - 2014-10-21 19:04 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\WTablet
2015-11-14 21:56 - 2014-01-15 14:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\TS3Client
2015-11-14 20:55 - 2014-01-15 14:37 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\TeamSpeak 3 Client
2015-11-14 20:22 - 2014-02-04 14:10 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\LolClient
2015-11-12 15:16 - 2014-02-25 21:13 - 00000000 ____D C:\ProgramData\Origin
2015-11-12 11:51 - 2014-07-05 09:33 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-01-07 20:10 - 2015-12-12 00:23 - 0003546 _____ () C:\Users\MadlinNoxXedalia\AppData\Local\BTServer.log

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\MadlinNoxXedalia\Setup.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-12-10 06:38

==================== Ende von FRST.txt ============================
         

Alt 12.12.2015, 19:01   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Keine Datei
2015-12-10 00:42 - 2015-12-10 00:42 - 00000554 _____ C:\Windows\SysWOW64\out.bin
2015-12-10 00:40 - 2015-12-10 15:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\kelvin-56
2015-12-10 00:39 - 2015-12-10 22:28 - 00000000 ____D C:\ProgramData\statics-07
2015-12-10 00:34 - 2015-12-10 15:38 - 00000000 ____D C:\ProgramData\onewire-05
2015-12-10 00:32 - 2015-12-10 00:42 - 00000000 ____D C:\ProgramData\ko
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Entfernen-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Bitte alle Java-Versionen deinstallieren und mit der aktuellen ersetzen.



Wir haben es geschafft!
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.




Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.



Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken (z.B. hier) in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.

Meine Kauf-Empfehlung:


ESET Smart Security

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 13.12.2015, 05:32   #13
silaries
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Sorry wenn die Frage blöd kommt, aber was passiert mit den Viren im Virencontainer von MBAM wenn ich dieses deinstalliere?
Sind die dann wieder "frei"?

Alt 13.12.2015, 09:18   #14
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Nein.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 13.12.2015, 23:20   #15
silaries
 
Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Standard

Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.



Hier der fixlog.txt von FRST .w.

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-12-2015
durchgeführt von MadlinNoxXedalia (2015-12-13 21:17:31) Run:2
Gestartet von C:\Users\MadlinNoxXedalia\Desktop
Geladene Profile: MadlinNoxXedalia (Verfügbare Profile: MadlinNoxXedalia & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Keine Datei
2015-12-10 00:42 - 2015-12-10 00:42 - 00000554 _____ C:\Windows\SysWOW64\out.bin
2015-12-10 00:40 - 2015-12-10 15:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\kelvin-56
2015-12-10 00:39 - 2015-12-10 22:28 - 00000000 ____D C:\ProgramData\statics-07
2015-12-10 00:34 - 2015-12-10 15:38 - 00000000 ____D C:\ProgramData\onewire-05
2015-12-10 00:32 - 2015-12-10 00:42 - 00000000 ____D C:\ProgramData\ko
         
*****************

"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Wert Daten erfolgreich entfernt.
C:\Windows\SysWOW64\out.bin => erfolgreich verschoben
C:\Users\MadlinNoxXedalia\AppData\Roaming\kelvin-56 => erfolgreich verschoben
C:\ProgramData\statics-07 => erfolgreich verschoben
C:\ProgramData\onewire-05 => erfolgreich verschoben
C:\ProgramData\ko => erfolgreich verschoben

==== Ende von Fixlog 21:17:31 ====
         

Antwort

Themen zu Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.
anhang, anwendung, avast, datei, e-mail, gelöscht, gen, heute, infektion, komplett, löschen, malware, meldungen, namens, nichts, offen, onlinepay24, prozess, scan, schutz, sekunden, trojaner, virus, web, win, win32




Ähnliche Themen: Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.


  1. Phil Zimmermann: Es gibt keinen wirksamen Schutz vor der NSA
    Nachrichten - 04.06.2015 (0)
  2. IMAC OS X Version 10.8.6 Safari 5.1.10: Trojaner durch Mail & Media GmbH e-mail ?
    Plagegeister aller Art und deren Bekämpfung - 23.02.2015 (3)
  3. Trojaner auf Mac OS X 9.4 aus Mail-Anhang
    Plagegeister aller Art und deren Bekämpfung - 05.09.2014 (3)
  4. Selbständiges deaktivieren von Avira Echtzeitscanner, Firewall, Browser-Schutz und E-Mail-Schutz
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (10)
  5. Malware für das Bios... gibt es Schutz?
    Antiviren-, Firewall- und andere Schutzprogramme - 02.01.2014 (8)
  6. avast! Mail-Schutz meldet Win32:Evo-gen [Susp]
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (3)
  7. Trojaner-Meldungen bei Avast ( JS:Agent-BWQ[trj] )
    Log-Analyse und Auswertung - 05.06.2013 (6)
  8. Interpol Virus durch E-Mail Anhang
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (20)
  9. Avast E-Mail-Schutz aktivieren oder nicht?
    Antiviren-, Firewall- und andere Schutzprogramme - 13.01.2013 (16)
  10. Dateien sind alle umbenannt in z.b. aeDepXDTssXlaTsX durch einen Anhang von einer E-Mail (Rechnung)
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (1)
  11. Trojaner eingefangen "rarype32" durch DHL-Mail-Anhang - was nun?
    Log-Analyse und Auswertung - 28.12.2009 (3)
  12. Trojaner auf USB-Stick und Schutz durch Antivir
    Antiviren-, Firewall- und andere Schutzprogramme - 05.11.2009 (4)
  13. Trojaner durch Mail-Anhang (DHL)
    Plagegeister aller Art und deren Bekämpfung - 27.09.2009 (19)
  14. Kaspersky Internet Security 09 gibt Schutz auf
    Antiviren-, Firewall- und andere Schutzprogramme - 11.09.2008 (10)
  15. anhang zur ersten hilfefrage E-mail nutzung durch fremde
    Log-Analyse und Auswertung - 10.04.2008 (1)
  16. Kostenloser Schutz, gibt es den überhaupt?
    Antiviren-, Firewall- und andere Schutzprogramme - 16.11.2005 (8)
  17. Welchen Schutz gibt es bei VOIP vor Dialern?
    Antiviren-, Firewall- und andere Schutzprogramme - 28.01.2005 (1)

Zum Thema Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. - Hallo, mir ist gestern etwas ziemlich blödes passiert... ich bekam eine E-Mail namens "Rechnungsstelle Onlinepay24 GmbH" in welcher stand dass eine Rechnung offen hätte zu der sich mehr im Anhang - Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen....
Archiv
Du betrachtest: Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.