|
Log-Analyse und Auswertung: Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.12.2015, 16:05 | #1 |
| Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Hallo, mir ist gestern etwas ziemlich blödes passiert... ich bekam eine E-Mail namens "Rechnungsstelle Onlinepay24 GmbH" in welcher stand dass eine Rechnung offen hätte zu der sich mehr im Anhang befindet... dummerweise habe ich den Anhang geöffnet und auf die Anwendung geklickt... Ich habe die Datei sofort gelöscht, Avast über meinen PC laufen lassen welcher ein Win32 Malware Gen namens itujcder.exe fand, ich habe die Datei löschen lassen. Allerdings kriege ich heute am laufenden Band (alle paar Sekunden) Meldungen vom Avast-web-Schutz, als Infektion ist immer URL:Mal angegeben, während das Objekt und der Prozess immer anders sind. Letzte Nacht habe ich einen komplett Scan durchlaufen lassen, welcher nichts fand. Heute nochmal zwei Scans gemacht, er erste fand einen Virus, der zweite zwei weitere. Der erste Virus war der selbe itujcder.exe. Die zwei weiteren waren einmal onewire-5.exe und kelvin-0.exe. itujcder.exe habe ich löschen lassen während die andere beiden momentan im Virus Container verweilen, doch die Meldungen gehen nicht weg, nebenbei stürzt mein Chrome auch immer wieder ab, manchmal mit, manchmal ohne Fehlermeldung. Ich habe Windows 7 und der Trojaner ist nach Internet Recherche zu dem Onlinepay24 Virus ein Backdoor-Trojaner Vielen Dank schonmal Geändert von silaries (10.12.2015 um 16:22 Uhr) |
10.12.2015, 20:09 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen.Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
10.12.2015, 22:44 | #3 |
| Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Während ich auf eine Antwort wartete ließ ich nochmal einen Scan durchlaufen... sorry... er ergab einen windows32 malware-gen namens static-1.exe, allerdings änderte sich nich an den Fehlermeldungen.
__________________Hier FRST.txt : Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015 durchgeführt von MadlinNoxXedalia (Administrator) auf JIMMY (10-12-2015 22:36:00) Gestartet von C:\Users\MadlinNoxXedalia\Desktop Geladene Profile: MadlinNoxXedalia (Verfügbare Profile: MadlinNoxXedalia & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Akamai Technologies, Inc.) C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMAE.EXE (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Akamai Technologies, Inc.) C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe (Microsoft Corporation) C:\Windows\SysWOW64\sc.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (Microsoft Corporation) C:\Windows\SysWOW64\grpconv.exe (Microsoft Corporation) C:\Windows\SysWOW64\chkntfs.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-03-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-22] (Avast Software s.r.o.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-06-01] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-06-01] (SEIKO EPSON CORPORATION) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [Akamai NetSession Interface] => C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMAE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [zone-read] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Zonecoast\zonetrain.exe [113664 2015-12-09] () <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [bridge-admit] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Bridge-tank\bridge-panic.exe [160328 2015-12-10] (Paragon Software Group) <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [money-come] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Moneymiss\money-prove.exe [133960 2015-12-10] () <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [model-wrap] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Model-settle\model_judge.exe [137288 2015-12-10] () <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [zone-read] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Zonecoast\zonetrain.exe [113664 2015-12-09] () <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [model-wrap] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Model-settle\model_judge.exe [137288 2015-12-10] () <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [money-come] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Moneymiss\money-prove.exe [133960 2015-12-10] () <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [mosfet-6] => C:\Users\MadlinNoxXedalia\AppData\Roaming\mosfet-1\mosfet-78.exe [624128 2015-12-10] (American Megatrendz, Inc) HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\MountPoints2: {0f09794a-7876-11e3-a376-806e6f6e6963} - D:\Setup.exe HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\MountPoints2: {7085169a-77d0-11e3-92d4-806e6f6e6963} - D:\CDSetup.exe HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Keine Datei AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation) AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-22] (Avast Software s.r.o.) BootExecute: autocheck autochk * aswBoot.exe /M:db3059cc7 /wow /dir:"C:\Program Files\AVAST Software\Avast" ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\..\Interfaces\{8E59BC53-669B-4B6F-ACA7-963EE04C58DF}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{EE7416E6-35C3-4E97-9310-BA4AA4C50EE9}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1408159751&from=cor&uid=HGSTXHTS545050A7E680_TMA55C4T2492WL2492WLX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1408159751&from=cor&uid=HGSTXHTS545050A7E680_TMA55C4T2492WL2492WLX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0B77C6FD-6C10-4D0E-A7F5-1E667CD92B85&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => Keine Datei BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-07-05] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-07-05] (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-10-21] (Perfect World Entertainment Inc) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-11-13] () FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-07-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-07-05] (Oracle Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-13] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [Keine Datei] FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-10-21] (Perfect World Entertainment Inc) FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MadlinNoxXedalia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-25] () FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Kein Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Kein Name - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-10] [ist nicht signiert] Chrome: ======= CHR Profile: C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Präsentationen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28] CHR Extension: (Google Docs) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28] CHR Extension: (Google Drive) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (AdBlock) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blipnejacaoebmeelgjgifelpnikhiec [2015-02-28] CHR Extension: (YouTube) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google-Suche) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Tabellen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28] CHR Extension: (Google Docs Offline) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (AdBlock) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27] CHR Extension: (Noiz yE) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oniglohbipbekimgjdmgbbllgnejffbm [2015-02-28] CHR Extension: (Google Mail) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-10] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-10] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-08-17] (Adobe Systems) [Datei ist nicht signiert] S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-22] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-22] (Avast Software) R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-04-02] (Realtek Semiconductor Corporation) [Datei ist nicht signiert] R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [Datei ist nicht signiert] R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation) S4 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-10] (Electronic Arts) R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [Datei ist nicht signiert] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [654528 2015-05-26] (Wacom Technology, Corp.) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-10] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-10] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-10] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-10] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-10] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-10] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-10] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-10] (AVAST Software) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.) S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [535624 2013-03-28] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-22] (Avast Software) S3 cpuz137; \??\C:\Users\MADLIN~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X] S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-10 22:34 - 2015-12-10 22:35 - 00062868 _____ C:\Users\MadlinNoxXedalia\Desktop\Addition.txt 2015-12-10 22:33 - 2015-12-10 22:36 - 00027554 _____ C:\Users\MadlinNoxXedalia\Desktop\FRST.txt 2015-12-10 22:33 - 2015-12-10 22:36 - 00000000 ____D C:\FRST 2015-12-10 22:31 - 2015-12-10 22:32 - 02369024 _____ (Farbar) C:\Users\MadlinNoxXedalia\Desktop\FRST64.exe 2015-12-10 14:47 - 2015-12-10 14:40 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswD9CC.tmp 2015-12-10 14:47 - 2015-12-10 14:40 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3FD.tmp 2015-12-10 14:47 - 2015-12-10 14:40 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-12-10 14:47 - 2015-12-10 14:40 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\asw832.tmp 2015-12-10 14:47 - 2015-12-10 14:40 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\asw131B.tmp 2015-12-10 14:47 - 2015-12-10 14:40 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFA89.tmp 2015-12-10 14:47 - 2015-12-10 14:40 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswE764.tmp 2015-12-10 14:47 - 2015-12-10 14:40 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFF5A.tmp 2015-12-10 14:47 - 2015-12-10 14:40 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswEF03.tmp 2015-12-10 14:41 - 2015-12-10 14:48 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-12-10 14:40 - 2015-12-10 14:40 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-12-10 14:40 - 2015-06-26 17:10 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswB1FB.tmp 2015-12-10 14:40 - 2015-06-22 17:29 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw9BC7.tmp 2015-12-10 14:40 - 2015-06-22 17:29 - 00272248 _____ C:\Windows\system32\Drivers\aswB862.tmp 2015-12-10 14:40 - 2015-06-22 17:29 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswBBFB.tmp 2015-12-10 14:40 - 2015-06-22 17:29 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswA20F.tmp 2015-12-10 14:40 - 2015-06-22 17:29 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswA9AF.tmp 2015-12-10 14:40 - 2015-06-22 17:29 - 00065736 _____ C:\Windows\system32\Drivers\aswAD49.tmp 2015-12-10 14:40 - 2015-06-22 17:29 - 00029168 _____ C:\Windows\system32\Drivers\aswA73E.tmp 2015-12-10 14:36 - 2015-12-10 14:37 - 05080288 _____ (AVAST Software) C:\Users\MadlinNoxXedalia\Desktop\avast_free_antivirus_setup_online.exe 2015-12-10 11:32 - 2015-12-10 11:32 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\mosfet-1 2015-12-10 00:42 - 2015-12-10 00:42 - 00000554 _____ C:\Windows\SysWOW64\out.bin 2015-12-10 00:40 - 2015-12-10 15:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\kelvin-56 2015-12-10 00:39 - 2015-12-10 22:28 - 00000000 ____D C:\ProgramData\statics-07 2015-12-10 00:34 - 2015-12-10 15:38 - 00000000 ____D C:\ProgramData\onewire-05 2015-12-10 00:32 - 2015-12-10 00:42 - 00000000 ____D C:\ProgramData\ko 2015-12-07 11:01 - 2015-12-07 11:01 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst.url 2015-12-07 10:39 - 2015-12-07 10:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2015-12-07 10:35 - 2015-12-07 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories 2015-12-07 10:35 - 2015-12-07 10:35 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories 2015-12-05 17:59 - 2015-12-05 17:59 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\Rocket League.url 2015-12-05 13:25 - 2013-08-21 16:13 - 00018803 _____ C:\Users\MadlinNoxXedalia\Desktop\110986_smile-dog.jpeg 2015-12-04 19:26 - 2015-12-04 19:42 - 00000085 _____ C:\Users\MadlinNoxXedalia\Desktop\wunsch.txt 2015-12-04 02:09 - 2015-12-04 02:09 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2015-12-04 02:09 - 2015-12-04 02:09 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2015-12-04 02:09 - 2015-12-04 02:09 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2015-12-04 02:09 - 2015-12-04 02:09 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2015-12-04 02:09 - 2015-12-04 02:09 - 00000000 ____D C:\Program Files (x86)\OpenAL 2015-12-04 02:04 - 2015-06-07 00:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2015-12-04 00:57 - 2015-12-04 00:57 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\The Isle.url 2015-12-03 14:58 - 2015-12-03 14:58 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-12-03 14:57 - 2015-12-03 14:57 - 00000000 ____D C:\Program Files\Common Files\AV 2015-12-01 00:24 - 2015-12-01 13:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-12-01 00:22 - 2015-12-01 13:20 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-30 23:29 - 2015-12-10 22:29 - 00000911 _____ C:\Windows\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574}.job 2015-11-30 23:29 - 2015-11-30 23:29 - 00003978 _____ C:\Windows\System32\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574} 2015-11-30 23:29 - 2015-11-30 23:29 - 00000000 ____D C:\Program Files\Common Files\EPSON 2015-11-30 23:14 - 2015-11-30 23:14 - 00000000 ____D C:\Program Files\EpsonNet 2015-11-30 22:50 - 2015-11-30 22:51 - 00000123 _____ C:\Users\Public\Desktop\Epson Connect Site.url 2015-11-30 22:50 - 2015-11-30 22:50 - 00001148 _____ C:\Users\Public\Desktop\EPSON-Handbücher.lnk 2015-11-30 22:47 - 2015-11-30 23:53 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Epson 2015-11-30 22:47 - 2015-11-30 23:38 - 00000000 ____D C:\Program Files (x86)\Epson Software 2015-11-30 22:47 - 2015-11-30 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software 2015-11-30 22:45 - 2015-11-30 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2015-11-30 22:45 - 2015-11-30 22:51 - 00000000 ____D C:\Program Files (x86)\epson 2015-11-30 22:45 - 2015-11-30 22:45 - 00000934 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2015-11-30 22:45 - 2014-02-25 00:00 - 00466944 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll 2015-11-30 22:45 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe 2015-11-30 22:45 - 2010-11-22 13:27 - 00147472 _____ (TWAIN Working Group) C:\Windows\SysWOW64\twaindsm.dll 2015-11-30 22:44 - 2013-12-06 04:05 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMBMAE.DLL 2015-11-30 22:44 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BMAE.DLL 2015-11-30 22:44 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL 2015-11-30 22:36 - 2015-11-30 23:31 - 00000000 ____D C:\ProgramData\Epson 2015-11-20 19:58 - 2015-11-25 22:08 - 00000000 ____D C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499 2015-11-17 22:01 - 2015-11-17 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-11-17 22:01 - 2015-11-17 22:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2015-11-17 02:57 - 2015-11-17 02:57 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\Samsung 2015-11-17 02:57 - 2015-11-17 02:57 - 00000000 ____D C:\ProgramData\Samsung 2015-11-17 02:55 - 2015-11-17 02:55 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log 2015-11-17 02:55 - 2015-11-17 02:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-11-17 02:53 - 2015-11-17 02:55 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Samsung 2015-11-17 02:53 - 2015-11-17 02:53 - 00000000 ____D C:\Program Files (x86)\Samsung 2015-11-17 02:53 - 2015-09-11 11:54 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2015-11-14 22:01 - 2015-11-14 22:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablett 2015-11-14 22:00 - 2015-11-14 22:00 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Wacom Help 2015-11-11 20:09 - 2015-11-11 20:09 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Wacom 2015-11-11 19:56 - 2015-05-26 23:33 - 01952448 ____N (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll 2015-11-11 19:56 - 2015-05-26 23:33 - 01583296 ____N (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll 2015-11-11 19:55 - 2015-05-26 23:33 - 01959616 ____N (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll 2015-11-11 19:55 - 2015-05-26 23:33 - 01590464 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-10 22:35 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows 2015-12-10 22:01 - 2014-01-11 09:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-10 18:10 - 2014-01-11 09:02 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-10 14:47 - 2015-06-22 17:30 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-12-10 14:40 - 2015-06-22 17:30 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-12-10 14:27 - 2014-08-07 21:49 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\CrashDumps 2015-12-10 12:02 - 2014-04-04 22:40 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-10 11:44 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-10 11:44 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-10 11:30 - 2014-05-29 15:01 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\LogMeIn Hamachi 2015-12-10 11:30 - 2014-01-07 20:08 - 00000000 ____D C:\ProgramData\Realtek 2015-12-10 11:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-10 11:27 - 2015-06-12 11:45 - 00000000 __SHD C:\Users\MadlinNoxXedalia\AppData\Roaming\ggfgacfg 2015-12-10 11:25 - 2014-01-19 19:23 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Skype 2015-12-08 00:39 - 2014-08-28 02:08 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\ElevatedDiagnostics 2015-12-07 23:14 - 2015-04-28 14:49 - 00000000 ____D C:\kein programm ber bilder von handy 2015-12-07 10:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-12-05 18:54 - 2014-07-18 16:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\My Games 2015-12-05 17:53 - 2014-01-11 09:02 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-05 17:53 - 2014-01-11 09:02 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-04 15:57 - 2014-11-05 18:35 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\osu! 2015-12-04 02:08 - 2014-08-02 19:56 - 00000000 ____D C:\ProgramData\Package Cache 2015-12-04 00:17 - 2011-04-12 08:43 - 00760088 _____ C:\Windows\system32\perfh007.dat 2015-12-04 00:17 - 2011-04-12 08:43 - 00173736 _____ C:\Windows\system32\perfc007.dat 2015-12-04 00:17 - 2009-07-14 06:13 - 01797514 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-01 13:16 - 2014-08-17 18:18 - 00000000 ____D C:\ProgramData\Adobe 2015-12-01 12:35 - 2014-01-07 13:27 - 00000000 ____D C:\Users\MadlinNoxXedalia 2015-12-01 00:31 - 2014-08-17 18:30 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Adobe 2015-12-01 00:30 - 2014-07-26 18:10 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\LocalLow\Adobe 2015-12-01 00:30 - 2014-01-09 04:50 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Adobe 2015-12-01 00:21 - 2014-08-17 18:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-11-30 22:51 - 2014-01-07 19:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-11-21 18:34 - 2014-11-07 17:43 - 00000000 ____D C:\PaintToolSAI 2015-11-20 21:49 - 2014-12-14 16:15 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\CELSYS_EN 2015-11-20 20:19 - 2015-03-20 23:29 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\CELSYS 2015-11-19 16:31 - 2014-05-02 03:26 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames 2015-11-19 16:31 - 2014-05-02 03:10 - 00000000 ____D C:\AeriaGames 2015-11-19 16:28 - 2014-05-02 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live 2015-11-19 16:08 - 2014-06-19 13:51 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\ZU VIELE ORDNER 2015-11-14 21:59 - 2014-10-21 19:04 - 00000000 ____D C:\Program Files\Tablet 2015-11-14 21:58 - 2014-10-21 19:04 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\WTablet 2015-11-14 21:56 - 2014-01-15 14:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\TS3Client 2015-11-14 20:55 - 2014-01-15 14:37 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\TeamSpeak 3 Client 2015-11-14 20:22 - 2014-02-04 14:10 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\LolClient 2015-11-12 15:16 - 2014-02-25 21:13 - 00000000 ____D C:\ProgramData\Origin 2015-11-12 11:51 - 2014-07-05 09:33 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-11-11 20:10 - 2014-01-22 20:42 - 00000000 ____D C:\Users\MadlinNoxXedalia\.android 2015-11-10 22:10 - 2014-02-25 21:13 - 00000000 ____D C:\ProgramData\Electronic Arts 2015-11-10 22:05 - 2014-02-25 21:17 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Origin 2015-11-10 21:35 - 2014-02-25 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2015-11-10 21:35 - 2014-02-25 21:13 - 00000000 ____D C:\Program Files (x86)\Origin ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-01-07 20:10 - 2015-12-10 11:30 - 0060223 _____ () C:\Users\MadlinNoxXedalia\AppData\Local\BTServer.log Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Zonecoast\zonetrain.exe C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Bridge-tank\bridge-panic.exe C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Moneymiss\money-prove.exe C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Model-settle\model_judge.exe C:\Users\MadlinNoxXedalia\Setup.exe Einige Dateien in TEMP: ==================== C:\Users\MadlinNoxXedalia\AppData\Local\Temp\avgnt.exe C:\Users\MadlinNoxXedalia\AppData\Local\Temp\DllMonoCtrl.dll C:\Users\MadlinNoxXedalia\AppData\Local\Temp\NGM.exe C:\Users\MadlinNoxXedalia\AppData\Local\Temp\NGMDll.dll C:\Users\MadlinNoxXedalia\AppData\Local\Temp\NGMResource.dll C:\Users\MadlinNoxXedalia\AppData\Local\Temp\raptrpatch.exe C:\Users\MadlinNoxXedalia\AppData\Local\Temp\SkypeSetup.exe C:\Users\MadlinNoxXedalia\AppData\Local\Temp\StereoControl.dll C:\Users\MadlinNoxXedalia\AppData\Local\Temp\tempmessage.bfg C:\Users\MadlinNoxXedalia\AppData\Local\Temp\_is92EC.exe C:\Users\MadlinNoxXedalia\AppData\Local\Temp\_isAA53.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-10 06:38 ==================== Ende von FRST.txt ============================ und hier addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-12-2015 durchgeführt von MadlinNoxXedalia (2015-12-10 22:36:17) Gestartet von C:\Users\MadlinNoxXedalia\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2014-01-07 12:27:02) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1264982542-3644169772-3020182689-500 - Administrator - Disabled) Gast (S-1-5-21-1264982542-3644169772-3020182689-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1264982542-3644169772-3020182689-1003 - Limited - Enabled) MadlinNoxXedalia (S-1-5-21-1264982542-3644169772-3020182689-1000 - Administrator - Enabled) => C:\Users\MadlinNoxXedalia ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge) Akamai NetSession Interface (HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard) Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software) Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.) Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order Ltd.) CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts) Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts) Dragon's Prophet (HKLM-x32\...\{C31556D7-F2B9-4787-B223-F7A035067E89}_is1) (Version: 2.1.1409.26 - Infernum Productions AG) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.60.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON Scan OCR コンポーネント (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.20.0000 - SEIKO EPSON Corp.) EPSON Scan PDF 機能拡張 (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.) EPSON WF-2660 Series Printer Uninstall (HKLM\...\EPSON WF-2660 Series) (Version: - SEIKO EPSON Corporation) EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION) EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation) ETDWare PS/2-X64 11.13.2.4_WHQL (HKLM\...\Elantech) (Version: 11.13.2.4 - ELAN Microelectronic Corp.) foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Gameforge Live 2.0.7 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.7 - Gameforge) GamersFirst LIVE! (HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\GamersFirst LIVE!) (Version: - GamersFirst) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) IMVU Avatar Chat Software (HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\IMVU Avatar chat client software BETA) (Version: - ) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation) Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden Lucent Heart EN (HKLM-x32\...\{3C05F539-3641-4ED1-B88F-DEA9DAD620E3}) (Version: 7.02.0700 - Suba Games) m2tools CheeseWare EmoteMovieMaker (HKLM-x32\...\m2tools CheeseWare EmoteMovieMaker) (Version: - ) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version: - CyberConnect 2) NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.4.3 - Steganos Software GmbH) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{4096d8e4-186c-47a3-accd-262b001792cf}) (Version: latest - ppy Pty Ltd) PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - ) Primal Carnage (HKLM-x32\...\Steam App 215470) (Version: - Lukewarm Media) ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH) Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.) REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.728.728.042813 - ) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0212 - ) Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix) SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Hidden Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) <==== ACHTUNG SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.04.0000 - Electronic Arts) SPORE™ Galaktische Abenteuer (HKLM-x32\...\{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}) (Version: 1.00.0000 - Electronic Arts) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Endless Forest (HKLM-x32\...\The Endless Forest_is1) (Version: - Tale of Tales) The Isle (HKLM-x32\...\Steam App 376210) (Version: - The Isle Development Team) Unity Web Player (HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.) Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.12-2 - Wacom Technology Corp.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.) WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.) WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.) Wildlife Park 2 - Meine Haustiere WildlifePark2_MeineHaustiere_DE_v2.1 (HKLM-x32\...\Wildlife Park 2 - Meine Haustiere_is1) (Version: - Deep Silver) Wildlife Park 3 v1.0 (HKLM-x32\...\Wildlife Park 3_is1) (Version: - bitComposer Games) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) Zoo Tycoon 2 - Ultimate Collection (HKLM-x32\...\InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}) (Version: 1.00.0000 - Microsoft Game Studios) Zoo Tycoon 2 - Ultimate Collection (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) ==================== Wiederherstellungspunkte ========================= 05-12-2015 21:05:24 Geplanter Prüfpunkt 07-12-2015 10:34:49 DirectX wurde installiert ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {4F927475-525A-4AB6-9514-C699942BD8C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {7E9DD196-B61B-43AD-865F-0C7EC4420F2F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-10] (AVAST Software) Task: {82235F78-4935-4157-8D6E-6A87E14BE13D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software) Task: {AE418D2D-6DDD-4F0D-9649-5F0D4882195E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {BB727D35-D552-4D51-A387-1D5FB77299E2} - System32\Tasks\{042C2C75-2E01-4633-8542-120740C2A0F4} => pcalua.exe -a "C:\Program Files (x86)\Electronic Arts\SPORE\Support\SPORE(TM)_code.exe" -d "C:\Program Files (x86)\Electronic Arts\SPORE\Support" Task: {CC6D44EC-D7D9-4760-9892-633919DF18D6} - System32\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMAE.EXE [2013-11-22] (SEIKO EPSON CORPORATION) Task: {F216768D-FEF3-4172-A177-945E9A791EB1} - System32\Tasks\{49BAD341-D73C-4D29-A03C-BF96CC53373A} => pcalua.exe -a "C:\Users\MadlinNoxXedalia\Documents\ZU VIELE ORDNER\DUMP\dxtbmpx.exe" -d "C:\Users\MadlinNoxXedalia\Documents\ZU VIELE ORDNER\DUMP" Task: {F7DB6D5D-0F7C-40B0-9D0E-78BD0F96EB2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMAE.EXE:/EXE:{2BAE1787-6CC2-432C-A807-F4A75FEC7574} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-01-08 15:32 - 2015-07-23 05:06 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-01-08 15:33 - 2015-07-23 02:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-01-07 20:08 - 2013-04-25 16:32 - 00047104 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe 2015-11-11 19:55 - 2015-05-26 23:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll 2014-10-21 19:04 - 2014-08-19 20:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2014-01-07 20:08 - 2013-04-09 14:42 - 00265728 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe 2015-06-22 17:29 - 2015-06-22 17:29 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-06-22 17:29 - 2015-06-22 17:29 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-12-09 23:14 - 2015-12-09 23:14 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15120901\algo.dll 2015-12-10 14:40 - 2015-12-10 14:40 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15121000\algo.dll 2014-01-08 15:32 - 2015-07-23 05:06 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-07-25 15:34 - 2015-08-27 01:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-06-22 17:29 - 2015-06-22 17:29 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-01-08 16:07 - 2013-02-15 16:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-04-04 22:55 - 2015-10-05 17:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-30 17:26 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-30 17:26 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-30 17:26 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-05-29 15:08 - 2015-11-10 03:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-28 22:29 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-28 22:29 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-28 22:29 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-28 22:29 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-08-28 22:29 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2014-04-04 22:55 - 2015-11-10 03:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-07-22 10:35 - 2015-11-03 23:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll 2014-04-04 22:55 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:3BCA993F AlternateDataStreams: C:\ProgramData\TEMP:FACB65E7 ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\100sexlinks.com -> 100sexlinks.com Da befinden sich 4788 mehr Seiten. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MadlinNoxXedalia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: Adobe LM Service => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: Hamachi2Svc => 2 MSCONFIG\Services: OkayFreedom VPN Starter Service => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: WinDefend => 3 MSCONFIG\startupfolder: C:^Users^MadlinNoxXedalia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup MSCONFIG\startupfolder: C:^Users^MadlinNoxXedalia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe" MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe" MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: OKAYFREEDOM_Agent => "C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe" -agent MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{5C87342B-3B93-4F94-A5E1-89505EF91BFA}] => (Allow) C:\Program Files\Dragons Prophet\dp_x64.exe FirewallRules: [{72BB572B-85B6-4636-ADE9-2C59C1D33AC5}] => (Allow) C:\Program Files\Dragons Prophet\launcher.exe FirewallRules: [{BB4ABAA1-B187-4CDB-9307-4A3E75620252}] => (Allow) C:\Program Files\Dragons Prophet\dp_x64.exe FirewallRules: [{7FF67731-A801-4740-B7F2-6C351FB8D811}] => (Allow) C:\Program Files\Dragons Prophet\launcher.exe FirewallRules: [{4C85592A-480C-4B63-9CA3-0751707CA5A5}] => (Allow) C:\Program Files\Dragons Prophet\dp_x86.exe FirewallRules: [{8E54E5AC-65C8-4ACA-A2BC-7C8FC05A21BA}] => (Allow) C:\Program Files\Dragons Prophet\dp_x86.exe FirewallRules: [{1E9B8AFB-5A17-48BE-8BE5-85F5DE493D7D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{28388365-AD4E-4DDF-9764-C9FE6D40A744}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{27991959-10B4-4262-B19B-9D6BDF0361D5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{C2D3B8E9-3F21-46D3-A20E-263B0D8F578F}C:\program files (x86)\tale of tales\the endless forest 3\forestviewer.exe] => (Block) C:\program files (x86)\tale of tales\the endless forest 3\forestviewer.exe FirewallRules: [UDP Query User{9F68B486-820A-4729-98DC-E4CC98E89DAB}C:\program files (x86)\tale of tales\the endless forest 3\forestviewer.exe] => (Block) C:\program files (x86)\tale of tales\the endless forest 3\forestviewer.exe FirewallRules: [TCP Query User{A8B86F7D-440B-4E94-89B4-0C3F1C4F547F}C:\program files (x86)\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\tera\tera-launcher.exe FirewallRules: [UDP Query User{F9CAA656-7DBC-46AC-8722-D27EF0F141B3}C:\program files (x86)\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\tera\tera-launcher.exe FirewallRules: [{CC55E0DA-EADB-4FC2-A1C0-B0A5D3A2B0AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe FirewallRules: [{B846C810-EE52-489D-8832-899F952EAF82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe FirewallRules: [TCP Query User{E0FD47FF-F9CF-47F1-8AA8-47B5C41E2AF7}C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{5F1C4052-B350-48A7-89FF-B45FDAE61E46}C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe FirewallRules: [{1850CB42-4BCD-4B24-8FBC-CD56A723EF9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe FirewallRules: [{33A568F3-7903-4F35-94D4-0635D42108B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe FirewallRules: [TCP Query User{A9BF4C9E-81A7-4C95-801C-28AC33EE282E}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{BE4C4297-5BF0-44BA-8472-8302A69EA7A0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{1F656D5F-4E98-4AC0-926C-71295FC6295F}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe FirewallRules: [UDP Query User{0556B9AA-C486-48F2-9A2E-4914E9F7A246}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe FirewallRules: [TCP Query User{7B129B4E-8C87-4800-B63E-671A4B40AE93}C:\program files (x86)\perfect world entertainment\swordsman_de\patcher\patcher.exe] => (Allow) C:\program files (x86)\perfect world entertainment\swordsman_de\patcher\patcher.exe FirewallRules: [UDP Query User{1787D24B-A7B6-4CE9-895C-F0BEAD3A9E7C}C:\program files (x86)\perfect world entertainment\swordsman_de\patcher\patcher.exe] => (Allow) C:\program files (x86)\perfect world entertainment\swordsman_de\patcher\patcher.exe FirewallRules: [TCP Query User{0CA0CD75-DD75-4684-87D3-C2F96F65154B}C:\program files\java\jre8\bin\javaw.exe] => (Allow) C:\program files\java\jre8\bin\javaw.exe FirewallRules: [UDP Query User{EB55F337-4BB9-46A4-B912-071366981AF6}C:\program files\java\jre8\bin\javaw.exe] => (Allow) C:\program files\java\jre8\bin\javaw.exe FirewallRules: [{CF959F01-794A-47BF-A67D-2D65436FDA8A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{0B6FDBAB-F719-4861-A8F0-BDAEC8169662}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{215CE42D-3D07-4D5B-8011-DC920BD23A5B}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\S.K.I.L.L\Binaries\Win32\sf2.exe FirewallRules: [{E43B49C4-0A78-4729-8436-4C2B7F98A57B}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\DEU_deu\S.K.I.L.L\Binaries\Win32\sf2.exe FirewallRules: [{03E64D40-5FCD-47D7-B5DA-74EA9650A8EC}] => (Allow) C:\Program Files (x86)\Dragon's Prophet Vendetta\dp_x86.exe FirewallRules: [{1F9BC9EE-445B-4E72-8A56-195812D35660}] => (Allow) C:\Program Files (x86)\Dragon's Prophet Vendetta\launcher.exe FirewallRules: [{A0B5D773-8E31-4752-A295-22F5C66EECFA}] => (Allow) C:\Program Files (x86)\Dragon's Prophet Vendetta\launcher.exe FirewallRules: [{4DC0174D-E81A-4AC8-889C-7535F298C946}] => (Allow) C:\Program Files (x86)\Dragon's Prophet Vendetta\dp_x64.exe FirewallRules: [{49D5EE15-C5EA-4AE2-AB4E-F0A8422A47A5}] => (Allow) C:\Program Files (x86)\Dragon's Prophet Vendetta\dp_x86.exe FirewallRules: [{AD4399D8-7F57-48B7-807D-5B7EA8E7B5D4}] => (Allow) C:\Program Files (x86)\Dragon's Prophet Vendetta\dp_x64.exe FirewallRules: [{9FBC3489-F3BF-415C-8416-B980A88835FF}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe FirewallRules: [{4A0ED87E-4507-4598-9D08-E50E95C08A62}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe FirewallRules: [{FF0DF88D-9CBB-454D-AB03-28522DCD3A3B}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe FirewallRules: [{BF8AA4FD-0E4F-4790-82A3-6E205EC79615}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe FirewallRules: [{DAB962A3-67FF-4B00-AF32-89542D4CC2C2}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{F7060CA6-AD36-40D0-A167-1D485D3B857A}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{11C250D0-CCBE-4416-A661-FFFA66228A0A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{1FD62E01-7739-4FE7-95E0-46CB4462E013}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{3F4461C4-B580-4A81-B282-BCA9C823EF4D}C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{011F890B-B316-4695-BE21-167D703F71E4}C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\madlinnoxxedalia\appdata\local\akamai\netsession_win.exe FirewallRules: [{8CD250D3-B8C3-4559-BC74-D09C2790B9CE}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe FirewallRules: [{72E390E4-77E5-4F41-97B4-6AD001E8009E}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe FirewallRules: [{108A1A1A-DF0F-4FB3-8B80-97C0EA0D4735}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe FirewallRules: [{26013C2A-3D36-4B63-A47A-923988F96C64}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe FirewallRules: [{4B7344D5-A25C-45AA-B1AB-603B88AF3DAA}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe FirewallRules: [{8C723D19-617E-4E44-8511-7E2EA97B9556}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe FirewallRules: [{8863D2C3-2BC0-4A20-9C7B-A5DD5F2B460A}] => (Allow) LPort=49189 FirewallRules: [{8DC5B86A-B5A1-483C-8C8A-8006E675AA27}] => (Allow) LPort=5000 FirewallRules: [{41D89219-9FD8-41ED-B175-8D66ACBBF6A1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{ECEE8FB2-5FAB-402E-93A0-18A73D53AE7A}] => (Allow) LPort=2869 FirewallRules: [{A47C1DF1-B86A-4477-B5A7-CBFF4BB0DCA1}] => (Allow) LPort=1900 FirewallRules: [{CC0F7DED-7B98-49CA-8B07-8DC91E44FD11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe FirewallRules: [{1A0E0717-19C1-441B-B70D-5E704963F869}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe FirewallRules: [{61517417-9E8D-4BE9-91C8-CD6240CD6B77}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{3E699339-A8C7-4B19-8451-94C0EA9B9C34}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{D61F1958-1F5B-46E8-B040-B4740762B98A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{69D2C889-2D21-4C70-8EA7-BDCB7697077F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{485D9403-D9EA-4B5F-9D43-F91B538B212A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe FirewallRules: [{2AE7C7A3-9BCD-46B1-A5AB-4DEE6ADBE242}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe FirewallRules: [{C7D30DED-E287-4AD5-9D4C-0E3BC2E0F97E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe FirewallRules: [{942C9055-2CAC-4472-8A75-EADA0391BDB0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe FirewallRules: [TCP Query User{DE38EBC3-BB42-4D6F-8DD5-833098B149E8}C:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe FirewallRules: [UDP Query User{F1CCF053-B96C-4D91-88F4-A92030DC12DD}C:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe FirewallRules: [TCP Query User{49D79621-AF80-46DC-BA1C-6525FA2D950E}C:\program files\java\jre8\bin\javaw.exe] => (Block) C:\program files\java\jre8\bin\javaw.exe FirewallRules: [UDP Query User{0ABE3B8C-533C-4C5C-9242-8437816803EA}C:\program files\java\jre8\bin\javaw.exe] => (Block) C:\program files\java\jre8\bin\javaw.exe FirewallRules: [{2D70971C-3382-4811-8A74-A13F5A638431}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{A68EA6A3-4256-4221-9950-44C72C7F4BBB}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{480977EB-822A-458D-960E-9E329DC5DD21}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{79528D55-E0C1-47E0-97E9-070E3CE65E27}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{A2D0505C-360A-4079-ADCF-9810B618D066}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{99D2531D-F50D-413F-83FB-4977B89801A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{D6E0FF65-3BCF-4668-A39D-EF1D8CBE2B15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe FirewallRules: [{7D804D47-6131-40C0-81D3-06A487C38941}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe FirewallRules: [{4FC96207-CB34-416F-AA5F-8F3FBA139008}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe FirewallRules: [{5964B060-06F1-4D1F-BCB0-14C431FEF97A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe FirewallRules: [{A77D1059-14E0-4227-A55B-2BAB27399D02}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [{36FFF2A0-411B-4D08-BEFA-DB508AD381C2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [TCP Query User{C8353428-4FE1-483E-A0B8-BA8D8B26E74E}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{AAAD2727-10C6-4C39-A5B9-051A336CF1AD}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{2D954142-204B-4735-A1F1-E636645CCD1A}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{62C69564-DB53-47B6-9957-58CF037426AB}C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe FirewallRules: [{EB14C50A-8921-48C2-8834-FA9880427276}] => (Block) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe FirewallRules: [{8E256257-F389-4853-8518-EDA33352137E}] => (Block) C:\program files (x86)\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{DF0D3495-B170-406D-9E2A-B15CB5A6B2BB}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{2A207326-5460-4F08-824E-8497DB3316BB}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{C2DD02FE-22FA-4DE0-A30A-459A8485B401}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe FirewallRules: [UDP Query User{BE94431A-0525-4470-AE8E-1871AF17A93E}C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\tera\tera-launcher.exe FirewallRules: [TCP Query User{FB4C00CC-997C-421D-AB3E-352C82EE2952}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe FirewallRules: [UDP Query User{29902F37-5F8D-42D3-BA96-D2BE79ED087B}C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe] => (Allow) C:\program files (x86)\gameforgelive\games\deu_deu\aion\nclauncher.exe FirewallRules: [{61E2B217-E7DC-41D0-9DA3-28D3805FEBEE}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin FirewallRules: [{84DFEF6E-E747-4E9E-8A38-E5124F23B035}] => (Allow) C:\AeriaGames\AuraKingdom-DE\game.bin FirewallRules: [TCP Query User{FEEEFB04-224B-4D54-9500-1C1875889239}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{C79277D6-1E86-4D45-881F-3ECE71D83723}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe FirewallRules: [{0E9BDDB5-6318-4684-A141-4A3DEF863840}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe FirewallRules: [{2118F336-F503-459B-8E56-8C38D3794D97}] => (Allow) C:\Program Files\Java\jre8\bin\javacpl.exe FirewallRules: [{FD3BA9EF-989F-4E0F-8970-61E786BA005B}] => (Allow) C:\Program Files\Java\jre8\bin\javacpl.exe FirewallRules: [{F8775F61-8E2B-4973-8EDC-7E4306E19DEF}] => (Allow) C:\Program Files\Java\jre8\bin\javacpl.exe FirewallRules: [{29FE01D6-2B9C-4D86-978D-C89D2C0B32F5}] => (Allow) C:\Program Files\Java\jre8\bin\javacpl.exe FirewallRules: [{7FF2164A-6782-49CC-A5E6-AF0918767238}] => (Allow) C:\Users\MadlinNoxXedalia\AppData\Local\GamersFirst\LIVE!\Live.exe FirewallRules: [{F1CF6F63-66B9-482A-994E-E5EBA29195D4}] => (Allow) C:\Users\MadlinNoxXedalia\AppData\Local\GamersFirst\LIVE!\Live.exe FirewallRules: [{2B6E9599-06C9-4669-860C-F25D93CCA078}] => (Allow) C:\Users\MadlinNoxXedalia\AppData\Local\GamersFirst\LIVE!\Live.exe FirewallRules: [{957CDED5-1887-4414-BEDA-3B6A0A39AF52}] => (Allow) C:\Users\MadlinNoxXedalia\AppData\Local\GamersFirst\LIVE!\Live.exe FirewallRules: [{F8D6C16A-69C7-470A-B69E-54D6D71A56F7}] => (Allow) C:\ProgramData\gamigo\Fiesta Online DE\FiestaOnline.exe FirewallRules: [{1DFC9006-5204-4440-83C2-6FF498F19650}] => (Allow) C:\ProgramData\gamigo\Fiesta Online DE\FiestaOnline.exe FirewallRules: [{8C1F5B0D-0A90-479D-9A91-267E35CC908E}] => (Allow) C:\ProgramData\gamigo\Fiesta Online DE\FiestaOnline.exe FirewallRules: [{0E6F1F52-40F5-46E7-A55F-7A91104AEA6D}] => (Allow) C:\ProgramData\gamigo\Fiesta Online DE\FiestaOnline.exe FirewallRules: [{5AA3CEAB-6CBD-4A9A-9312-6CB2727C3384}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{7AF1485D-71C4-4428-9F03-6A2288E456DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{490A8A66-797B-4E4C-B7E4-C6869BED1B6D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{447A44DD-1496-4B8E-A5E7-A3DDE4BA04B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{6388DF06-7215-407C-A153-5ED8C37ABDD2}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe FirewallRules: [{E4FE105B-4C41-40FF-B738-B5AFCFD2CBEA}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe FirewallRules: [{23C129D3-1D4F-437B-8553-8B408EAE5D7C}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe FirewallRules: [{3B265F29-E020-42FD-B1B2-9ECBA53A97AC}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe FirewallRules: [{BE595346-E7B8-4123-918A-D31FD6B37AC4}] => (Allow) C:\Program Files\OBS\OBS.exe FirewallRules: [{CA3F7991-69EE-45E0-AD39-C106D4374752}] => (Allow) C:\Program Files\OBS\OBS.exe FirewallRules: [{A17A1E2E-6B36-4433-A20C-8A35EE1D86FC}] => (Allow) C:\Program Files\OBS\OBS.exe FirewallRules: [{BFD6B32B-81CA-46C6-BE1D-78655F79671E}] => (Allow) C:\Program Files\OBS\OBS.exe FirewallRules: [{818D8158-1E6E-4775-A700-23CFB7E8BDCB}] => (Allow) C:\GOG Games\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe FirewallRules: [{66C8EC46-945D-4DB8-A7ED-766F824466FF}] => (Allow) C:\GOG Games\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe FirewallRules: [{4B4163B0-D626-45D4-80DD-7826798EEB21}] => (Allow) C:\GOG Games\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe FirewallRules: [{B55A7F65-98E2-4A75-9F4D-1D3090919D4E}] => (Allow) C:\GOG Games\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe FirewallRules: [{61060715-B824-45C2-AA42-A046F4F812A3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{2C2A7C9B-ECCF-4B47-9893-E39446CBA435}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{9C735C37-FD56-46C5-A2B6-F4C44EC69305}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{83FAD9E1-5049-40F4-BB48-F3936C48E99E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{FA8FBB30-5DCF-4E2C-A213-18556852C97D}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto San Andreas\gta_sa.exe FirewallRules: [{7F2EEC97-E86A-49C4-9071-DF2C93075632}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto San Andreas\gta_sa.exe FirewallRules: [{A0C0EF4C-B6FE-47C3-ADA4-6A7FA80D5788}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto San Andreas\gta_sa.exe FirewallRules: [{562BC2EE-0E50-4C6F-89D9-95B2F757B1EA}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto San Andreas\gta_sa.exe FirewallRules: [{C7C6345D-55C1-43D5-B82E-031D619819B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe FirewallRules: [{4AF5EAC4-4D73-4573-B661-10D6FBE93B4A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe FirewallRules: [{DA5E2D70-9DB4-44EE-8A0E-EE75BCB34F18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe FirewallRules: [{81B8AE51-5DCE-4462-A01B-3193FB8568CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe FirewallRules: [TCP Query User{9EADF9D6-9AB7-4834-838B-C5614332A268}C:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe FirewallRules: [UDP Query User{A98CBF5F-84E7-4B99-A667-50D9D6427627}C:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe FirewallRules: [{FE3FF99A-905E-4C98-89AF-B16BEF4A0B68}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{F66BA742-2E30-4C71-9C99-AFF3F7A4CC27}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{AB61B7BA-0AD8-421B-8F99-C75883512633}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{3434E4BE-282F-4F81-86AF-235F29010197}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{99BFBA92-BAB7-4AB6-84B6-7024A6C97B8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{CC7A1D1A-5C46-4C4C-81F2-D418395986C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{CD5A7076-FFC2-4B17-A156-6096EA6C496B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{33ACFDF6-CEAA-41F6-BAB5-755098BA949A}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{F3C48A12-C394-4C1D-884C-D9068FEB90B1}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [TCP Query User{AA32A684-51EE-4581-9A0A-B09C2DADB199}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe FirewallRules: [UDP Query User{8EDAC7DF-05C9-4EB2-BBA9-04AE09DE4F94}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe FirewallRules: [{CAC71CA6-6EE8-40CB-8495-BBBA12013DA3}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{2D800C0E-6CDD-4339-9948-2B8865EF908A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{617A06BA-3BF6-4ED5-A15F-D1DB4E6DFDC3}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{2F74536E-FD2F-4445-B745-8D5362CBD60B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{70619D12-BADE-47B3-ABCB-59BA8D3F1E85}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{B5E8830E-07AB-47C5-AA6F-D5F7BCD6B413}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{FB9FE1C5-28A9-4600-8FAC-BB359AFE2C9E}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{8C4B3A43-B16E-4C8B-AA3D-4DBB867437F4}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{27C94D1B-FF0D-4581-89F0-E0E1101B8C18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Isle\TheIsle.exe FirewallRules: [{9AE6E3D3-2031-4258-86C8-621B9028551D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Isle\TheIsle.exe FirewallRules: [{55D29DBB-3C6D-499E-B775-97B20F24700B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{2332B60E-8EB0-40ED-A4E6-504ADC05472D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{01669386-3377-4FB0-A866-3A5F4C2BFF26}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe FirewallRules: [{8B9F5F01-B425-4331-B594-B995493DF27E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe FirewallRules: [{851C697A-9B62-45B4-A68A-E51968E50A86}] => (Allow) LPort=57490 FirewallRules: [{AD4E2727-4A17-4CF6-99F0-EDE19AEA3D9F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D0F9ECE0-1863-475E-9C92-A1804DD128DA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{50C70679-97EB-4A10-B172-9F659E37DF71}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{A6753B4C-652C-4EC8-9BCE-DDDC8CFE3739}] => (Allow) LPort=57304 FirewallRules: [{15ED5F8E-FC87-4B6E-95FC-125DB52E7B2E}] => (Allow) LPort=5000 ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/10/2015 04:24:01 PM) (Source: VSS) (EventID: 12294) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen einer Routine auf dem Schattenkopieanbieter "{b5946137-7b9f-4925-af80-51abd60b20d5}" ist ein Fehler aufgetreten. Die Routine hat E_INVALIDARG zurückgegeben. Routinedetails GetSnapshot({00000000-0000-0000-0000-000000000000},000000000036DAE0). Vorgang: Eigenschaften der Schattenkopie abrufen Kontext: Ausführungskontext: Coordinator Error: (12/10/2015 02:27:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661f059 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000cea5f ID des fehlerhaften Prozesses: 0x2370 Startzeit der fehlerhaften Anwendung: 0xchrome.exe0 Pfad der fehlerhaften Anwendung: chrome.exe1 Pfad des fehlerhaften Moduls: chrome.exe2 Berichtskennung: chrome.exe3 Error: (12/10/2015 02:27:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661f059 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000cea5f ID des fehlerhaften Prozesses: 0x490 Startzeit der fehlerhaften Anwendung: 0xchrome.exe0 Pfad der fehlerhaften Anwendung: chrome.exe1 Pfad des fehlerhaften Moduls: chrome.exe2 Berichtskennung: chrome.exe3 Error: (12/10/2015 02:14:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661f059 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039e33 ID des fehlerhaften Prozesses: 0x20f0 Startzeit der fehlerhaften Anwendung: 0xchrome.exe0 Pfad der fehlerhaften Anwendung: chrome.exe1 Pfad des fehlerhaften Moduls: chrome.exe2 Berichtskennung: chrome.exe3 Error: (12/10/2015 12:06:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 47.0.2526.80, Zeitstempel: 0x5661f059 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18869, Zeitstempel: 0x55636317 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039e33 ID des fehlerhaften Prozesses: 0xa3c Startzeit der fehlerhaften Anwendung: 0xchrome.exe0 Pfad der fehlerhaften Anwendung: chrome.exe1 Pfad des fehlerhaften Moduls: chrome.exe2 Berichtskennung: chrome.exe3 Error: (12/10/2015 11:29:45 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/09/2015 07:13:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/08/2015 11:41:13 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/07/2015 07:03:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/06/2015 09:09:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Systemfehler: ============= Error: (12/10/2015 11:26:08 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (12/09/2015 07:12:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/09/2015 07:12:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht. Error: (12/09/2015 07:11:19 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 09.12.2015 um 19:10:13 unerwartet heruntergefahren. Error: (12/06/2015 07:45:56 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252. Error: (12/06/2015 07:40:28 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252. Error: (12/05/2015 01:27:04 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58} Error: (12/04/2015 09:00:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (12/04/2015 09:00:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht. Error: (12/04/2015 08:58:33 PM) (Source: volsnap) (EventID: 27) (User: ) Description: Die Schattenkopien von Volume "C:" wurden während der Ermittlung abgebrochen, weil eine kritische Steuerungsdatei nicht geöffnet werden konnte. CodeIntegrity: =================================== Date: 2015-02-24 19:55:16.350 Description: Windows konnte die Abbildintegritat der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\wachidrouter.sys" nicht uberprufen, weil der Dateihash nicht im System gefunden wurde. Moglicherweise wurde durch eine kurzlich durchgefuhrte Hardware- oder Softwareanderung eine falsch signierte oder beschadigte Datei oder eine Datei, bei der es sich um schadliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-02-24 19:55:16.318 Description: Windows konnte die Abbildintegritat der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\wachidrouter.sys" nicht uberprufen, weil der Dateihash nicht im System gefunden wurde. Moglicherweise wurde durch eine kurzlich durchgefuhrte Hardware- oder Softwareanderung eine falsch signierte oder beschadigte Datei oder eine Datei, bei der es sich um schadliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz Prozentuale Nutzung des RAM: 56% Installierter physikalischer RAM: 4017.17 MB Verfügbarer physikalischer RAM: 1764.3 MB Summe virtueller Speicher: 8032.54 MB Verfügbarer virtueller Speicher: 4828.99 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:463.9 GB) (Free:132.57 GB) NTFS Drive d: (Xbox360_1_2) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 095DF725) Partition 1: (Active) - (Size=1.9 GB) - (Type=0B) Partition 2: (Not Active) - (Size=463.9 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
11.12.2015, 06:41 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Keine sensiblen Logins mehr von diesem PC bis zum clean. Wichtige Online-Passwörter von einem anderen PC oder Handy ändern. Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [zone-read] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Zonecoast\zonetrain.exe [113664 2015-12-09] () <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [bridge-admit] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Bridge-tank\bridge-panic.exe [160328 2015-12-10] (Paragon Software Group) <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [money-come] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Moneymiss\money-prove.exe [133960 2015-12-10] () <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [model-wrap] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Model-settle\model_judge.exe [137288 2015-12-10] () <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [zone-read] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Zonecoast\zonetrain.exe [113664 2015-12-09] () <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [model-wrap] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Model-settle\model_judge.exe [137288 2015-12-10] () <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [money-come] => C:\Users\MadlinNoxXedalia\AppData\Local\Temp\Moneymiss\money-prove.exe [133960 2015-12-10] () <===== ACHTUNG HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\RunOnce: [mosfet-6] => C:\Users\MadlinNoxXedalia\AppData\Roaming\mosfet-1\mosfet-78.exe [624128 2015-12-10] (American Megatrendz, Inc) C:\Users\MadlinNoxXedalia\AppData\Roaming\mosfet-1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1408159751&from=cor&uid=HGSTXHTS545050A7E680_TMA55C4T2492WL2492WLX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1408159751&from=cor&uid=HGSTXHTS545050A7E680_TMA55C4T2492WL2492WLX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP0B77C6FD-6C10-4D0E-A7F5-1E667CD92B85&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1264982542-3644169772-3020182689-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => Keine Datei EmptyTemp:
Nach dem Reboot: Schritt 2 Bitte starte FRST erneut, und drücke auf Untersuchen. Bitte poste mir den Inhalt des Logs.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
11.12.2015, 12:12 | #5 |
| Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Vielen Dank für die Hilfe erstmal So hier die FRST.txt : Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015 durchgeführt von MadlinNoxXedalia (Administrator) auf JIMMY (11-12-2015 12:04:05) Gestartet von C:\Users\MadlinNoxXedalia\Desktop Geladene Profile: MadlinNoxXedalia (Verfügbare Profile: MadlinNoxXedalia & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (AVAST Software) C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe (Akamai Technologies, Inc.) C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMAE.EXE () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Akamai Technologies, Inc.) C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-03-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-10] (AVAST Software) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-06-01] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-06-01] (SEIKO EPSON CORPORATION) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [Akamai NetSession Interface] => C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMAE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\MountPoints2: {0f09794a-7876-11e3-a376-806e6f6e6963} - D:\Setup.exe HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\MountPoints2: {7085169a-77d0-11e3-92d4-806e6f6e6963} - D:\CDSetup.exe HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Keine Datei AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation) AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-10] (AVAST Software) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\..\Interfaces\{8E59BC53-669B-4B6F-ACA7-963EE04C58DF}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{EE7416E6-35C3-4E97-9310-BA4AA4C50EE9}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-07-05] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-10] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-07-05] (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-10-21] (Perfect World Entertainment Inc) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-10] (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-11-13] () FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-07-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-07-05] (Oracle Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-13] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [Keine Datei] FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-10-21] (Perfect World Entertainment Inc) FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MadlinNoxXedalia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-25] () FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-11] Chrome: ======= CHR Profile: C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Präsentationen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28] CHR Extension: (Google Docs) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28] CHR Extension: (Google Drive) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (AdBlock) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blipnejacaoebmeelgjgifelpnikhiec [2015-02-28] CHR Extension: (YouTube) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google-Suche) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Tabellen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28] CHR Extension: (Google Docs Offline) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (AdBlock) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27] CHR Extension: (Noiz yE) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oniglohbipbekimgjdmgbbllgnejffbm [2015-02-28] CHR Extension: (Google Mail) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-10] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-10] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-08-17] (Adobe Systems) [Datei ist nicht signiert] S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-10] (AVAST Software) R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-04-02] (Realtek Semiconductor Corporation) [Datei ist nicht signiert] R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [Datei ist nicht signiert] R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation) S4 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-10] (Electronic Arts) R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [Datei ist nicht signiert] U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [654528 2015-05-26] (Wacom Technology, Corp.) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-10] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-10] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-10] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-10] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-10] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-10] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-10] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-10] (AVAST Software) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.) S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [535624 2013-03-28] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) S3 cpuz137; \??\C:\Users\MADLIN~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X] S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-11 11:56 - 2015-12-11 11:59 - 00008662 _____ C:\Users\MadlinNoxXedalia\Desktop\Fixlog.txt 2015-12-10 22:34 - 2015-12-10 22:36 - 00062867 _____ C:\Users\MadlinNoxXedalia\Desktop\Addition.txt 2015-12-10 22:33 - 2015-12-11 12:04 - 00022627 _____ C:\Users\MadlinNoxXedalia\Desktop\FRST.txt 2015-12-10 22:33 - 2015-12-11 12:04 - 00000000 ____D C:\FRST 2015-12-10 22:31 - 2015-12-10 22:32 - 02369024 _____ (Farbar) C:\Users\MadlinNoxXedalia\Desktop\FRST64.exe 2015-12-10 14:47 - 2015-12-10 14:40 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-12-10 14:41 - 2015-12-10 14:48 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-12-10 14:40 - 2015-12-10 14:40 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-12-10 14:36 - 2015-12-10 14:37 - 05080288 _____ (AVAST Software) C:\Users\MadlinNoxXedalia\Desktop\avast_free_antivirus_setup_online.exe 2015-12-10 00:42 - 2015-12-10 00:42 - 00000554 _____ C:\Windows\SysWOW64\out.bin 2015-12-10 00:40 - 2015-12-10 15:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\kelvin-56 2015-12-10 00:39 - 2015-12-10 22:28 - 00000000 ____D C:\ProgramData\statics-07 2015-12-10 00:34 - 2015-12-10 15:38 - 00000000 ____D C:\ProgramData\onewire-05 2015-12-10 00:32 - 2015-12-10 00:42 - 00000000 ____D C:\ProgramData\ko 2015-12-07 11:01 - 2015-12-07 11:01 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst.url 2015-12-07 10:39 - 2015-12-07 10:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2015-12-07 10:35 - 2015-12-07 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories 2015-12-07 10:35 - 2015-12-07 10:35 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories 2015-12-05 17:59 - 2015-12-05 17:59 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\Rocket League.url 2015-12-05 13:25 - 2013-08-21 16:13 - 00018803 _____ C:\Users\MadlinNoxXedalia\Desktop\110986_smile-dog.jpeg 2015-12-04 19:26 - 2015-12-04 19:42 - 00000085 _____ C:\Users\MadlinNoxXedalia\Desktop\wunsch.txt 2015-12-04 02:09 - 2015-12-04 02:09 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2015-12-04 02:09 - 2015-12-04 02:09 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2015-12-04 02:09 - 2015-12-04 02:09 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2015-12-04 02:09 - 2015-12-04 02:09 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2015-12-04 02:09 - 2015-12-04 02:09 - 00000000 ____D C:\Program Files (x86)\OpenAL 2015-12-04 02:04 - 2015-06-07 00:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2015-12-04 00:57 - 2015-12-04 00:57 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\The Isle.url 2015-12-03 14:58 - 2015-12-03 14:58 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-12-03 14:57 - 2015-12-03 14:57 - 00000000 ____D C:\Program Files\Common Files\AV 2015-12-01 00:24 - 2015-12-01 13:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-12-01 00:22 - 2015-12-01 13:20 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-30 23:29 - 2015-12-11 00:29 - 00000911 _____ C:\Windows\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574}.job 2015-11-30 23:29 - 2015-11-30 23:29 - 00003978 _____ C:\Windows\System32\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574} 2015-11-30 23:29 - 2015-11-30 23:29 - 00000000 ____D C:\Program Files\Common Files\EPSON 2015-11-30 23:14 - 2015-11-30 23:14 - 00000000 ____D C:\Program Files\EpsonNet 2015-11-30 22:50 - 2015-11-30 22:51 - 00000123 _____ C:\Users\Public\Desktop\Epson Connect Site.url 2015-11-30 22:50 - 2015-11-30 22:50 - 00001148 _____ C:\Users\Public\Desktop\EPSON-Handbücher.lnk 2015-11-30 22:47 - 2015-11-30 23:53 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Epson 2015-11-30 22:47 - 2015-11-30 23:38 - 00000000 ____D C:\Program Files (x86)\Epson Software 2015-11-30 22:47 - 2015-11-30 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software 2015-11-30 22:45 - 2015-11-30 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2015-11-30 22:45 - 2015-11-30 22:51 - 00000000 ____D C:\Program Files (x86)\epson 2015-11-30 22:45 - 2015-11-30 22:45 - 00000934 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2015-11-30 22:45 - 2014-02-25 00:00 - 00466944 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll 2015-11-30 22:45 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe 2015-11-30 22:45 - 2010-11-22 13:27 - 00147472 _____ (TWAIN Working Group) C:\Windows\SysWOW64\twaindsm.dll 2015-11-30 22:44 - 2013-12-06 04:05 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMBMAE.DLL 2015-11-30 22:44 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BMAE.DLL 2015-11-30 22:44 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL 2015-11-30 22:36 - 2015-11-30 23:31 - 00000000 ____D C:\ProgramData\Epson 2015-11-20 19:58 - 2015-11-25 22:08 - 00000000 ____D C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499 2015-11-17 22:01 - 2015-11-17 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-11-17 22:01 - 2015-11-17 22:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2015-11-17 02:57 - 2015-11-17 02:57 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\Samsung 2015-11-17 02:57 - 2015-11-17 02:57 - 00000000 ____D C:\ProgramData\Samsung 2015-11-17 02:55 - 2015-11-17 02:55 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log 2015-11-17 02:55 - 2015-11-17 02:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-11-17 02:53 - 2015-11-17 02:55 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Samsung 2015-11-17 02:53 - 2015-11-17 02:53 - 00000000 ____D C:\Program Files (x86)\Samsung 2015-11-17 02:53 - 2015-09-11 11:54 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2015-11-14 22:01 - 2015-11-14 22:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablett 2015-11-14 22:00 - 2015-11-14 22:00 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Wacom Help 2015-11-11 20:09 - 2015-11-11 20:09 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Wacom 2015-11-11 19:56 - 2015-05-26 23:33 - 01952448 ____N (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll 2015-11-11 19:56 - 2015-05-26 23:33 - 01583296 ____N (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll 2015-11-11 19:55 - 2015-05-26 23:33 - 01959616 ____N (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll 2015-11-11 19:55 - 2015-05-26 23:33 - 01590464 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-11 12:03 - 2014-05-29 15:01 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\LogMeIn Hamachi 2015-12-11 12:03 - 2014-01-11 09:02 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-11 12:02 - 2014-01-11 09:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-11 12:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-11 11:54 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-11 11:54 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-11 11:53 - 2015-06-22 17:30 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-12-11 11:39 - 2014-01-07 20:08 - 00000000 ____D C:\ProgramData\Realtek 2015-12-10 22:36 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows 2015-12-10 14:40 - 2015-06-22 17:30 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-12-10 14:27 - 2014-08-07 21:49 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\CrashDumps 2015-12-10 12:02 - 2014-04-04 22:40 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-10 11:27 - 2015-06-12 11:45 - 00000000 __SHD C:\Users\MadlinNoxXedalia\AppData\Roaming\ggfgacfg 2015-12-10 11:25 - 2014-01-19 19:23 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Skype 2015-12-08 00:39 - 2014-08-28 02:08 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\ElevatedDiagnostics 2015-12-07 23:14 - 2015-04-28 14:49 - 00000000 ____D C:\kein programm ber bilder von handy 2015-12-07 10:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-12-05 18:54 - 2014-07-18 16:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\My Games 2015-12-05 17:53 - 2014-01-11 09:02 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-05 17:53 - 2014-01-11 09:02 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-04 15:57 - 2014-11-05 18:35 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\osu! 2015-12-04 02:08 - 2014-08-02 19:56 - 00000000 ____D C:\ProgramData\Package Cache 2015-12-04 00:17 - 2011-04-12 08:43 - 00760088 _____ C:\Windows\system32\perfh007.dat 2015-12-04 00:17 - 2011-04-12 08:43 - 00173736 _____ C:\Windows\system32\perfc007.dat 2015-12-04 00:17 - 2009-07-14 06:13 - 01797514 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-01 13:16 - 2014-08-17 18:18 - 00000000 ____D C:\ProgramData\Adobe 2015-12-01 12:35 - 2014-01-07 13:27 - 00000000 ____D C:\Users\MadlinNoxXedalia 2015-12-01 00:31 - 2014-08-17 18:30 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Adobe 2015-12-01 00:30 - 2014-07-26 18:10 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\LocalLow\Adobe 2015-12-01 00:30 - 2014-01-09 04:50 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Adobe 2015-12-01 00:21 - 2014-08-17 18:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-11-30 22:51 - 2014-01-07 19:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-11-21 18:34 - 2014-11-07 17:43 - 00000000 ____D C:\PaintToolSAI 2015-11-20 21:49 - 2014-12-14 16:15 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\CELSYS_EN 2015-11-20 20:19 - 2015-03-20 23:29 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\CELSYS 2015-11-19 16:31 - 2014-05-02 03:26 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames 2015-11-19 16:31 - 2014-05-02 03:10 - 00000000 ____D C:\AeriaGames 2015-11-19 16:28 - 2014-05-02 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live 2015-11-19 16:08 - 2014-06-19 13:51 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\ZU VIELE ORDNER 2015-11-14 21:59 - 2014-10-21 19:04 - 00000000 ____D C:\Program Files\Tablet 2015-11-14 21:58 - 2014-10-21 19:04 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\WTablet 2015-11-14 21:56 - 2014-01-15 14:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\TS3Client 2015-11-14 20:55 - 2014-01-15 14:37 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\TeamSpeak 3 Client 2015-11-14 20:22 - 2014-02-04 14:10 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\LolClient 2015-11-12 15:16 - 2014-02-25 21:13 - 00000000 ____D C:\ProgramData\Origin 2015-11-12 11:51 - 2014-07-05 09:33 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-11-11 20:10 - 2014-01-22 20:42 - 00000000 ____D C:\Users\MadlinNoxXedalia\.android ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-01-07 20:10 - 2015-12-11 12:03 - 0090132 _____ () C:\Users\MadlinNoxXedalia\AppData\Local\BTServer.log Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\MadlinNoxXedalia\Setup.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-10 06:38 ==================== Ende von FRST.txt ============================ |
11.12.2015, 17:14 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Gerne. Schritt 1 Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. |
11.12.2015, 18:02 | #7 |
| Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Gesagt, getan .w. Code:
ATTFilter 17:51:12.0248 0x115c TDSS rootkit removing tool 3.1.0.8 Dec 5 2015 01:19:03 17:51:56.0989 0x115c ============================================================ 17:51:56.0989 0x115c Current date / time: 2015/12/11 17:51:56.0989 17:51:56.0989 0x115c SystemInfo: 17:51:56.0989 0x115c 17:51:56.0989 0x115c OS Version: 6.1.7601 ServicePack: 1.0 17:51:56.0989 0x115c Product type: Workstation 17:51:56.0989 0x115c ComputerName: JIMMY 17:51:56.0989 0x115c UserName: MadlinNoxXedalia 17:51:56.0989 0x115c Windows directory: C:\Windows 17:51:56.0989 0x115c System windows directory: C:\Windows 17:51:56.0989 0x115c Running under WOW64 17:51:56.0989 0x115c Processor architecture: Intel x64 17:51:56.0989 0x115c Number of processors: 8 17:51:56.0989 0x115c Page size: 0x1000 17:51:56.0989 0x115c Boot type: Normal boot 17:51:56.0989 0x115c ============================================================ 17:51:59.0687 0x115c KLMD registered as C:\Windows\system32\drivers\67358763.sys 17:52:00.0218 0x115c System UUID: {0E85BFAB-7B84-DF8C-0490-E5211F487F6C} 17:52:00.0857 0x115c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:52:00.0857 0x115c Drive \Device\Harddisk1\DR2 - Size: 0x3C000000 ( 0.94 Gb ), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 17:52:00.0873 0x115c ============================================================ 17:52:00.0873 0x115c \Device\Harddisk0\DR0: 17:52:00.0873 0x115c MBR partitions: 17:52:00.0873 0x115c \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3B90F4 17:52:00.0873 0x115c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B9800, BlocksNum 0x39FCC000 17:52:00.0873 0x115c \Device\Harddisk1\DR2: 17:52:00.0873 0x115c MBR partitions: 17:52:00.0873 0x115c \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1DFFC1 17:52:00.0873 0x115c ============================================================ 17:52:00.0889 0x115c C: <-> \Device\Harddisk0\DR0\Partition2 17:52:00.0889 0x115c E: <-> \Device\Harddisk1\DR2\Partition1 17:52:00.0889 0x115c ============================================================ 17:52:00.0889 0x115c Initialize success 17:52:00.0889 0x115c ============================================================ 17:52:52.0572 0x139c ============================================================ 17:52:52.0572 0x139c Scan started 17:52:52.0572 0x139c Mode: Manual; SigCheck; TDLFS; 17:52:52.0572 0x139c ============================================================ 17:52:52.0572 0x139c KSN ping started 17:53:18.0280 0x139c KSN ping finished: false 17:53:18.0826 0x139c ================ Scan system memory ======================== 17:53:18.0826 0x139c System memory - ok 17:53:18.0826 0x139c ================ Scan services ============================= 17:53:18.0982 0x139c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 17:53:19.0060 0x139c 1394ohci - ok 17:53:19.0170 0x139c [ A3769020F7E8A70FD3E824C050F33306, BAAB18DD28C753EC90E9552BD5FFC316AD8815505A7998BCE51D21448B373D86 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys 17:53:19.0185 0x139c acedrv11 - ok 17:53:19.0216 0x139c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 17:53:19.0263 0x139c ACPI - ok 17:53:19.0310 0x139c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 17:53:19.0341 0x139c AcpiPmi - ok 17:53:19.0513 0x139c [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 17:53:19.0528 0x139c Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 ) 17:53:29.0575 0x139c Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning 17:53:44.0473 0x139c [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:53:44.0488 0x139c AdobeARMservice - ok 17:53:44.0535 0x139c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 17:53:44.0582 0x139c adp94xx - ok 17:53:44.0629 0x139c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys 17:53:44.0660 0x139c adpahci - ok 17:53:44.0676 0x139c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 17:53:44.0691 0x139c adpu320 - ok 17:53:44.0785 0x139c [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:53:44.0816 0x139c AeLookupSvc - ok 17:53:44.0894 0x139c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys 17:53:44.0956 0x139c AFD - ok 17:53:45.0003 0x139c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 17:53:45.0019 0x139c agp440 - ok 17:53:45.0050 0x139c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 17:53:45.0112 0x139c ALG - ok 17:53:45.0190 0x139c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 17:53:45.0253 0x139c aliide - ok 17:53:45.0300 0x139c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 17:53:45.0315 0x139c amdide - ok 17:53:45.0362 0x139c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 17:53:45.0378 0x139c AmdK8 - ok 17:53:45.0393 0x139c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 17:53:45.0424 0x139c AmdPPM - ok 17:53:45.0487 0x139c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 17:53:45.0502 0x139c amdsata - ok 17:53:45.0518 0x139c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 17:53:45.0549 0x139c amdsbs - ok 17:53:45.0627 0x139c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 17:53:45.0643 0x139c amdxata - ok 17:53:45.0690 0x139c [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll 17:53:45.0705 0x139c AppHostSvc - ok 17:53:45.0768 0x139c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys 17:53:45.0783 0x139c AppID - ok 17:53:45.0814 0x139c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll 17:53:45.0846 0x139c AppIDSvc - ok 17:53:45.0924 0x139c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 17:53:45.0955 0x139c Appinfo - ok 17:53:46.0017 0x139c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys 17:53:46.0033 0x139c arc - ok 17:53:46.0033 0x139c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys 17:53:46.0048 0x139c arcsas - ok 17:53:46.0236 0x139c [ 321696309BEBC2CEC04206F3989AF1F4, BE975589FDEC866099D32A82B5A6CF128885320583D6C1D3C55842A01A5E731C ] ArcService C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe 17:53:46.0236 0x139c ArcService - ok 17:53:46.0407 0x139c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 17:53:46.0407 0x139c aspnet_state - ok 17:53:46.0516 0x139c [ 7BC1F2FC2A9D79E1EBBBF6D69AC3BA1F, 236265BE3F1B2130025A3A10152893BD0D18AD8965732361058B775F010539A2 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys 17:53:46.0516 0x139c aswHwid - ok 17:53:46.0563 0x139c [ 82065730918234A15A3A7AD6153FF8F2, 8426FF72512F7C7456E9A648100BFD35AC43FA8C01F98493B036F78F13C1F2C8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 17:53:46.0579 0x139c aswMonFlt - ok 17:53:46.0657 0x139c [ 2D6B49A071216796106E7804AB2BA7DC, 6A58A3B36EA05A24333482F87CFD315F73E56A64E46493E82E0FE9115E284168 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys 17:53:46.0688 0x139c aswRdr - ok 17:53:46.0782 0x139c [ E46B51C99BB750A81AC6A68362475A5C, 2A61C09902B39696D151B9D5E6A60FFC3CF3EA02613EC64BBAB4DEE3C78838E2 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys 17:53:46.0828 0x139c aswRvrt - ok 17:53:46.0953 0x139c [ A428CC308673A5E74F91D92E4A2B205D, 0A768AA4BD1CD22B5181EDA692F7CB9A43F627BB4FFEEFBB8CBC77A45107A443 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 17:53:47.0000 0x139c aswSnx - ok 17:53:47.0078 0x139c [ 5C0C4440A27074BBABC5D572DD29CA9B, 9545498B55994D427DB71F67B28C24804FECFE6BF225B24B067A7F0658429EDF ] aswSP C:\Windows\system32\drivers\aswSP.sys 17:53:47.0109 0x139c aswSP - ok 17:53:47.0187 0x139c [ D9079E1A1C2A1F8ED5F37AF8E6CD3161, 629E3A642C5E3BEA65CDD2E08CAD69F9649A98BDA906678B51D3D2C9DB5BB253 ] aswStm C:\Windows\system32\drivers\aswStm.sys 17:53:47.0203 0x139c aswStm - ok 17:53:47.0281 0x139c [ 3BEC32A0B646D914921FD56AA39998C1, 8DB7CBF3DEF8EAE1D7D28C38B3A0FCD5C2A04D772078B907F35C66451355A04A ] aswVmm C:\Windows\system32\drivers\aswVmm.sys 17:53:47.0312 0x139c aswVmm - ok 17:53:47.0343 0x139c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:53:47.0390 0x139c AsyncMac - ok 17:53:47.0452 0x139c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 17:53:47.0468 0x139c atapi - ok 17:53:47.0546 0x139c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:53:47.0593 0x139c AudioEndpointBuilder - ok 17:53:47.0608 0x139c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 17:53:47.0624 0x139c AudioSrv - ok 17:53:47.0827 0x139c [ F5CB8703A4F51EE30E5C090C78073AA4, 90683F39E9AA315FFB66A9F014AD1BEBF19EA62908247C133455815F6632E578 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 17:53:47.0842 0x139c avast! Antivirus - ok 17:53:47.0874 0x139c AvastVBoxSvc - ok 17:53:47.0920 0x139c [ C4EEE661379D86429ACEAB31F3FD0391, D67F5D6863B066D974567521A00A48C50F0D9B6F6B16565FF8958E2020C651FD ] AvrcpService C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe 17:53:47.0952 0x139c AvrcpService - detected UnsignedFile.Multi.Generic ( 1 ) 17:53:47.0952 0x139c AvrcpService ( UnsignedFile.Multi.Generic ) - warning 17:53:47.0998 0x139c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 17:53:48.0045 0x139c AxInstSV - ok 17:53:48.0108 0x139c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 17:53:48.0186 0x139c b06bdrv - ok 17:53:48.0232 0x139c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 17:53:48.0279 0x139c b57nd60a - ok 17:53:48.0310 0x139c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 17:53:48.0342 0x139c BDESVC - ok 17:53:48.0388 0x139c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 17:53:48.0435 0x139c Beep - ok 17:53:48.0513 0x139c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 17:53:48.0544 0x139c BFE - ok 17:53:48.0607 0x139c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 17:53:48.0685 0x139c BITS - ok 17:53:48.0732 0x139c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 17:53:48.0763 0x139c blbdrive - ok 17:53:48.0856 0x139c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:53:48.0872 0x139c bowser - ok 17:53:48.0888 0x139c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 17:53:48.0934 0x139c BrFiltLo - ok 17:53:48.0966 0x139c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 17:53:48.0997 0x139c BrFiltUp - ok 17:53:49.0090 0x139c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 17:53:49.0122 0x139c Browser - ok 17:53:49.0168 0x139c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 17:53:49.0200 0x139c Brserid - ok 17:53:49.0231 0x139c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 17:53:49.0262 0x139c BrSerWdm - ok 17:53:49.0293 0x139c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 17:53:49.0324 0x139c BrUsbMdm - ok 17:53:49.0340 0x139c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 17:53:49.0356 0x139c BrUsbSer - ok 17:53:49.0402 0x139c [ FB38F90DE58996A4906A04F1152C3C3B, DA4A226FAE045174891A0EBFA03E1905CAF0AA25ADDBBCFBE369A853A63A83C6 ] BTDevManager C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe 17:53:49.0434 0x139c BTDevManager - detected UnsignedFile.Multi.Generic ( 1 ) 17:53:49.0434 0x139c BTDevManager ( UnsignedFile.Multi.Generic ) - warning 17:53:49.0512 0x139c [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 17:53:49.0558 0x139c BthEnum - ok 17:53:49.0605 0x139c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 17:53:49.0636 0x139c BTHMODEM - ok 17:53:49.0683 0x139c [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 17:53:49.0730 0x139c BthPan - ok 17:53:49.0824 0x139c [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 17:53:49.0886 0x139c BTHPORT - ok 17:53:49.0933 0x139c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 17:53:49.0980 0x139c bthserv - ok 17:53:50.0026 0x139c [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 17:53:50.0058 0x139c BTHUSB - ok 17:53:50.0120 0x139c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:53:50.0151 0x139c cdfs - ok 17:53:50.0182 0x139c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:53:50.0198 0x139c cdrom - ok 17:53:50.0229 0x139c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 17:53:50.0260 0x139c CertPropSvc - ok 17:53:50.0292 0x139c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys 17:53:50.0323 0x139c circlass - ok 17:53:50.0416 0x139c [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys 17:53:50.0432 0x139c CLFS - ok 17:53:50.0526 0x139c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:53:50.0526 0x139c clr_optimization_v2.0.50727_32 - ok 17:53:50.0557 0x139c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:53:50.0572 0x139c clr_optimization_v2.0.50727_64 - ok 17:53:50.0728 0x139c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:53:50.0744 0x139c clr_optimization_v4.0.30319_32 - ok 17:53:50.0760 0x139c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:53:50.0775 0x139c clr_optimization_v4.0.30319_64 - ok 17:53:50.0806 0x139c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:53:50.0853 0x139c CmBatt - ok 17:53:50.0900 0x139c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:53:50.0916 0x139c cmdide - ok 17:53:50.0994 0x139c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys 17:53:51.0009 0x139c CNG - ok 17:53:51.0056 0x139c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:53:51.0072 0x139c Compbatt - ok 17:53:51.0103 0x139c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 17:53:51.0150 0x139c CompositeBus - ok 17:53:51.0165 0x139c COMSysApp - ok 17:53:51.0259 0x139c [ 3A92DDB2F7B7FE2E71AA1418804EBC3C, 1B84033A6DDB9D371AC34F8D65AB0F729E8A77B0D26C8DCA0965CE265474BD64 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 17:53:51.0274 0x139c cphs - ok 17:53:51.0368 0x139c cpuz137 - ok 17:53:51.0415 0x139c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 17:53:51.0415 0x139c crcdisk - ok 17:53:51.0493 0x139c [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:53:51.0524 0x139c CryptSvc - ok 17:53:51.0586 0x139c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:53:51.0649 0x139c DcomLaunch - ok 17:53:51.0696 0x139c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 17:53:51.0727 0x139c defragsvc - ok 17:53:51.0758 0x139c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:53:51.0836 0x139c DfsC - ok 17:53:51.0883 0x139c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 17:53:51.0945 0x139c Dhcp - ok 17:53:52.0023 0x139c [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll 17:53:52.0086 0x139c DiagTrack - ok 17:53:52.0117 0x139c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 17:53:52.0179 0x139c discache - ok 17:53:52.0273 0x139c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys 17:53:52.0288 0x139c Disk - ok 17:53:52.0351 0x139c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:53:52.0382 0x139c Dnscache - ok 17:53:52.0429 0x139c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 17:53:52.0476 0x139c dot3svc - ok 17:53:52.0507 0x139c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 17:53:52.0554 0x139c DPS - ok 17:53:52.0616 0x139c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:53:52.0632 0x139c drmkaud - ok 17:53:52.0710 0x139c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:53:52.0756 0x139c DXGKrnl - ok 17:53:52.0772 0x139c EagleX64 - ok 17:53:52.0803 0x139c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 17:53:52.0850 0x139c EapHost - ok 17:53:52.0959 0x139c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys 17:53:53.0084 0x139c ebdrv - ok 17:53:53.0178 0x139c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] EFS C:\Windows\System32\lsass.exe 17:53:53.0178 0x139c EFS - ok 17:53:53.0240 0x139c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:53:53.0271 0x139c ehRecvr - ok 17:53:53.0287 0x139c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 17:53:53.0302 0x139c ehSched - ok 17:53:53.0349 0x139c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys 17:53:53.0380 0x139c elxstor - ok 17:53:53.0443 0x139c [ D315FF43E23DF424ECEC2F6C930203E4, 68940EDA34DC4945CDD0D8018D96A0DA8F99F16A930946D14E4FECEE033FCB80 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe 17:53:53.0458 0x139c EpsonScanSvc - ok 17:53:53.0474 0x139c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 17:53:53.0521 0x139c ErrDev - ok 17:53:53.0599 0x139c [ 39EC51A5BC3E1C0D438E8AC70956DE0A, 456AE9C6E059442CA627AAB667CA498AA6F6A6812A177DCCB36D9CC24F11231A ] ETD C:\Windows\system32\DRIVERS\ETD.sys 17:53:53.0630 0x139c ETD - ok 17:53:53.0677 0x139c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 17:53:53.0708 0x139c EventSystem - ok 17:53:53.0739 0x139c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 17:53:53.0802 0x139c exfat - ok 17:53:53.0833 0x139c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:53:53.0895 0x139c fastfat - ok 17:53:53.0973 0x139c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 17:53:54.0020 0x139c Fax - ok 17:53:54.0082 0x139c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys 17:53:54.0114 0x139c fdc - ok 17:53:54.0176 0x139c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 17:53:54.0223 0x139c fdPHost - ok 17:53:54.0238 0x139c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 17:53:54.0270 0x139c FDResPub - ok 17:53:54.0301 0x139c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:53:54.0316 0x139c FileInfo - ok 17:53:54.0332 0x139c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:53:54.0394 0x139c Filetrace - ok 17:53:54.0426 0x139c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 17:53:54.0472 0x139c flpydisk - ok 17:53:54.0504 0x139c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:53:54.0519 0x139c FltMgr - ok 17:53:54.0613 0x139c [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll 17:53:54.0675 0x139c FontCache - ok 17:53:54.0738 0x139c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:53:54.0738 0x139c FontCache3.0.0.0 - ok 17:53:54.0831 0x139c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 17:53:54.0847 0x139c FsDepends - ok 17:53:54.0909 0x139c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:53:54.0909 0x139c Fs_Rec - ok 17:53:54.0987 0x139c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 17:53:55.0003 0x139c fvevol - ok 17:53:55.0050 0x139c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 17:53:55.0065 0x139c gagp30kx - ok 17:53:55.0284 0x139c [ 21931B9C5FDE6087F47F710AC1BE16E9, A727A8922A9769AAC77F5D85ED3475853655E9483C8DA091653D0B1F3D479398 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe 17:53:55.0330 0x139c GfExperienceService - ok 17:53:55.0377 0x139c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 17:53:55.0440 0x139c gpsvc - ok 17:53:55.0596 0x139c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:53:55.0611 0x139c gupdate - ok 17:53:55.0658 0x139c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:53:55.0674 0x139c gupdatem - ok 17:53:55.0736 0x139c [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 17:53:55.0752 0x139c hamachi - ok 17:53:55.0876 0x139c [ C0EF69A59C13D9204D1D70434AA3D00C, 56BD4F7C74B2A36665677C32F30C4E1839DB9AAAC82FFA4A2622B4D261D865F2 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe 17:53:55.0939 0x139c Hamachi2Svc - ok 17:53:55.0970 0x139c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 17:53:56.0017 0x139c hcw85cir - ok 17:53:56.0079 0x139c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 17:53:56.0142 0x139c HdAudAddService - ok 17:53:56.0204 0x139c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 17:53:56.0251 0x139c HDAudBus - ok 17:53:56.0282 0x139c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 17:53:56.0329 0x139c HidBatt - ok 17:53:56.0344 0x139c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys 17:53:56.0391 0x139c HidBth - ok 17:53:56.0438 0x139c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys 17:53:56.0485 0x139c HidIr - ok 17:53:56.0563 0x139c [ C6AB0711E75F90B501F30260463CB026, B5CF27552A000D2BCE0C9B557F0FA2CE60FACAB596B262F07BED57D00422C388 ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys 17:53:56.0578 0x139c hidkmdf - ok 17:53:56.0625 0x139c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 17:53:56.0672 0x139c hidserv - ok 17:53:56.0750 0x139c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:53:56.0781 0x139c HidUsb - ok 17:53:56.0812 0x139c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:53:56.0875 0x139c hkmsvc - ok 17:53:56.0906 0x139c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 17:53:56.0937 0x139c HomeGroupListener - ok 17:53:56.0968 0x139c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 17:53:57.0015 0x139c HomeGroupProvider - ok 17:53:57.0062 0x139c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 17:53:57.0078 0x139c HpSAMD - ok 17:53:57.0187 0x139c [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:53:57.0249 0x139c HTTP - ok 17:53:57.0296 0x139c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 17:53:57.0296 0x139c hwpolicy - ok 17:53:57.0343 0x139c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 17:53:57.0358 0x139c i8042prt - ok 17:53:57.0436 0x139c [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys 17:53:57.0483 0x139c iaStorA - ok 17:53:57.0608 0x139c [ 20E83F4632E15A5E9E716FF2E8AC7FAE, 7CA1A4924F432AD30ED7FA6247C6513DA173EE31132AE115E85C0ED7E5971029 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 17:53:57.0624 0x139c IAStorDataMgrSvc - ok 17:53:57.0624 0x139c [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys 17:53:57.0655 0x139c iaStorF - ok 17:53:57.0733 0x139c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 17:53:57.0748 0x139c iaStorV - ok 17:53:57.0858 0x139c [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 17:53:57.0858 0x139c IDriverT - detected UnsignedFile.Multi.Generic ( 1 ) 17:53:57.0858 0x139c IDriverT ( UnsignedFile.Multi.Generic ) - warning 17:53:57.0858 0x139c Force sending object to P2P due to detect: IDriverT 17:53:57.0858 0x139c Object send P2P result: false 17:53:57.0936 0x139c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:53:57.0967 0x139c idsvc - ok 17:53:57.0998 0x139c IEEtwCollectorService - ok 17:53:58.0123 0x139c [ 5268F385C889BB942E0F9596DE83373F, 011280191EEF8053CD413734A0B08F5DF88CD8408CD8354AABF2216F4C59F921 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 17:53:58.0279 0x139c igfx - ok 17:53:58.0341 0x139c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys 17:53:58.0341 0x139c iirsp - ok 17:53:58.0419 0x139c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 17:53:58.0482 0x139c IKEEXT - ok 17:53:58.0653 0x139c [ D739148367AAE1DA0C12160DE141ECED, 471E6EA03F2BD7DD1E2812B56EFB00EDDCAA87E974833B75114B8EE93DC358A5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 17:53:58.0794 0x139c IntcAzAudAddService - ok 17:53:58.0903 0x139c [ 0E0B99617ED3FDB6C5F0E2D62709B5DF, A656CA3A60E62BE16A015150B23136CE150F9876B4035E9E8D8E73D1707B37A4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 17:53:58.0950 0x139c IntcDAud - ok 17:53:59.0059 0x139c [ C6128F2E3DC6156C6F8828F9F1B96010, 612C1191AFB8F69BA5634E8C52BDDE608F57D98FA4C76C5A337676A5F1E8191D ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 17:53:59.0090 0x139c Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 ) 17:53:59.0090 0x139c Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - warning 17:53:59.0168 0x139c [ 729AB4F0608E95EFF8FDEF23596283E2, 62A2091FF440C65505AB3E38436A86D9B0978BCB9485960EFCE0C5CBC8E06201 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe 17:53:59.0184 0x139c Intel(R) Capability Licensing Service TCP IP Interface - ok 17:53:59.0262 0x139c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 17:53:59.0277 0x139c intelide - ok 17:53:59.0308 0x139c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:53:59.0386 0x139c intelppm - ok 17:53:59.0418 0x139c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:53:59.0464 0x139c IPBusEnum - ok 17:53:59.0496 0x139c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:53:59.0542 0x139c IpFilterDriver - ok 17:53:59.0636 0x139c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:53:59.0683 0x139c iphlpsvc - ok 17:53:59.0730 0x139c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 17:53:59.0808 0x139c IPMIDRV - ok 17:53:59.0839 0x139c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 17:53:59.0886 0x139c IPNAT - ok 17:53:59.0932 0x139c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:53:59.0964 0x139c IRENUM - ok 17:54:00.0010 0x139c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:54:00.0026 0x139c isapnp - ok 17:54:00.0073 0x139c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 17:54:00.0104 0x139c iScsiPrt - ok 17:54:00.0182 0x139c [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys 17:54:00.0198 0x139c iusb3hcs - ok 17:54:00.0213 0x139c [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys 17:54:00.0229 0x139c iusb3hub - ok 17:54:00.0307 0x139c [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 17:54:00.0354 0x139c iusb3xhc - ok 17:54:00.0463 0x139c [ 924019BC58FEDDE04A08C45EC1CF1847, F18C581FE5C25C5BE4514185AD44C561EB715B98AFBE81EF0D673E103EA8E8EE ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 17:54:00.0478 0x139c jhi_service - ok 17:54:00.0510 0x139c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:54:00.0525 0x139c kbdclass - ok 17:54:00.0556 0x139c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 17:54:00.0619 0x139c kbdhid - ok 17:54:00.0634 0x139c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] KeyIso C:\Windows\system32\lsass.exe 17:54:00.0650 0x139c KeyIso - ok 17:54:00.0697 0x139c [ BF69D973523D539A35807946C6DA7E16, 38F2C59B0857131961DBEA48C4A5DFA9BE7B564941935086B8DC8DBEF896F3EC ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:54:00.0712 0x139c KSecDD - ok 17:54:00.0728 0x139c [ 272C27711C8AA6E7815EE33F8ACA9C66, 0A5A10A7A3E87DB92E06395A6676B94FE8B7AD6704864075D443CDC9BABDB4DF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 17:54:00.0744 0x139c KSecPkg - ok 17:54:00.0790 0x139c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 17:54:00.0853 0x139c ksthunk - ok 17:54:00.0884 0x139c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 17:54:00.0946 0x139c KtmRm - ok 17:54:01.0024 0x139c [ A6131EE7C440992458688C7D0989C584, 94FEB4A6677262BAA590F77329141D9F539D3466D6E9473D639880AA6D5A103C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 17:54:01.0040 0x139c L1C - ok 17:54:01.0087 0x139c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 17:54:01.0134 0x139c LanmanServer - ok 17:54:01.0149 0x139c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:54:01.0212 0x139c LanmanWorkstation - ok 17:54:01.0258 0x139c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:54:01.0305 0x139c lltdio - ok 17:54:01.0352 0x139c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:54:01.0399 0x139c lltdsvc - ok 17:54:01.0430 0x139c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:54:01.0446 0x139c lmhosts - ok 17:54:01.0539 0x139c [ D6BF6FD055BD719F3D62E51B90857159, A7777D18E404164B4DA531AD94D2A712D9CC6A9288795B7388037752A558E96F ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe 17:54:01.0555 0x139c LMIGuardianSvc - ok 17:54:01.0617 0x139c [ EC90A0554EAC7E37139F2DAD8C56FB04, F62DBB7B174A270700631EA590B3293FE558940FB72F84C242391530E1DF78B5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 17:54:01.0633 0x139c LMS - ok 17:54:01.0695 0x139c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 17:54:01.0726 0x139c LSI_FC - ok 17:54:01.0758 0x139c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 17:54:01.0773 0x139c LSI_SAS - ok 17:54:01.0773 0x139c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 17:54:01.0789 0x139c LSI_SAS2 - ok 17:54:01.0836 0x139c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 17:54:01.0851 0x139c LSI_SCSI - ok 17:54:01.0898 0x139c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 17:54:01.0945 0x139c luafv - ok 17:54:02.0038 0x139c [ C06234DCDB1BFC0CF7E25CFAC5B7F5FE, 149A3880E1D58CC0768A174DF4E884F3A4432F935D134B5AE536B7020788F5D5 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv.sys 17:54:02.0038 0x139c ManyCam - ok 17:54:02.0070 0x139c [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys 17:54:02.0085 0x139c MBfilt - ok 17:54:02.0101 0x139c [ 88B3BADFB02BE4471655EAF88DDC7EBD, F38D69B80A7670F85A9692A01D2D71A54BB413346C3523726E59D1282D349B83 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys 17:54:02.0116 0x139c mcaudrv_simple - ok 17:54:02.0148 0x139c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:54:02.0179 0x139c Mcx2Svc - ok 17:54:02.0210 0x139c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys 17:54:02.0226 0x139c megasas - ok 17:54:02.0272 0x139c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 17:54:02.0304 0x139c MegaSR - ok 17:54:02.0350 0x139c [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 17:54:02.0366 0x139c MEIx64 - ok 17:54:02.0397 0x139c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 17:54:02.0428 0x139c MMCSS - ok 17:54:02.0444 0x139c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 17:54:02.0491 0x139c Modem - ok 17:54:02.0553 0x139c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:54:02.0569 0x139c monitor - ok 17:54:02.0647 0x139c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:54:02.0662 0x139c mouclass - ok 17:54:02.0694 0x139c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:54:02.0725 0x139c mouhid - ok 17:54:02.0787 0x139c [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 17:54:02.0803 0x139c mountmgr - ok 17:54:02.0850 0x139c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 17:54:02.0865 0x139c mpio - ok 17:54:02.0881 0x139c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:54:02.0912 0x139c mpsdrv - ok 17:54:02.0943 0x139c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 17:54:02.0990 0x139c MpsSvc - ok 17:54:03.0037 0x139c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:54:03.0099 0x139c MRxDAV - ok 17:54:03.0146 0x139c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:54:03.0193 0x139c mrxsmb - ok 17:54:03.0224 0x139c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:54:03.0271 0x139c mrxsmb10 - ok 17:54:03.0333 0x139c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:54:03.0380 0x139c mrxsmb20 - ok 17:54:03.0427 0x139c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 17:54:03.0442 0x139c msahci - ok 17:54:03.0474 0x139c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:54:03.0489 0x139c msdsm - ok 17:54:03.0505 0x139c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 17:54:03.0552 0x139c MSDTC - ok 17:54:03.0583 0x139c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:54:03.0614 0x139c Msfs - ok 17:54:03.0645 0x139c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 17:54:03.0708 0x139c mshidkmdf - ok 17:54:03.0723 0x139c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:54:03.0739 0x139c msisadrv - ok 17:54:03.0770 0x139c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:54:03.0817 0x139c MSiSCSI - ok 17:54:03.0817 0x139c msiserver - ok 17:54:03.0864 0x139c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:54:03.0910 0x139c MSKSSRV - ok 17:54:03.0926 0x139c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:54:03.0957 0x139c MSPCLOCK - ok 17:54:03.0973 0x139c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:54:04.0020 0x139c MSPQM - ok 17:54:04.0051 0x139c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:54:04.0098 0x139c MsRPC - ok 17:54:04.0113 0x139c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 17:54:04.0129 0x139c mssmbios - ok 17:54:04.0160 0x139c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:54:04.0207 0x139c MSTEE - ok 17:54:04.0223 0x139c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 17:54:04.0269 0x139c MTConfig - ok 17:54:04.0285 0x139c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 17:54:04.0301 0x139c Mup - ok 17:54:04.0332 0x139c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 17:54:04.0379 0x139c napagent - ok 17:54:04.0441 0x139c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:54:04.0488 0x139c NativeWifiP - ok 17:54:04.0597 0x139c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 17:54:04.0659 0x139c NDIS - ok 17:54:04.0691 0x139c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 17:54:04.0722 0x139c NdisCap - ok 17:54:04.0769 0x139c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:54:04.0815 0x139c NdisTapi - ok 17:54:04.0847 0x139c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:54:04.0878 0x139c Ndisuio - ok 17:54:04.0893 0x139c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:54:04.0925 0x139c NdisWan - ok 17:54:04.0925 0x139c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:54:04.0987 0x139c NDProxy - ok 17:54:05.0034 0x139c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:54:05.0096 0x139c NetBIOS - ok 17:54:05.0127 0x139c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 17:54:05.0174 0x139c NetBT - ok 17:54:05.0221 0x139c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] Netlogon C:\Windows\system32\lsass.exe 17:54:05.0221 0x139c Netlogon - ok 17:54:05.0268 0x139c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 17:54:05.0315 0x139c Netman - ok 17:54:05.0424 0x139c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:54:05.0439 0x139c NetMsmqActivator - ok 17:54:05.0439 0x139c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:54:05.0455 0x139c NetPipeActivator - ok 17:54:05.0486 0x139c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 17:54:05.0517 0x139c netprofm - ok 17:54:05.0564 0x139c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:54:05.0564 0x139c NetTcpActivator - ok 17:54:05.0580 0x139c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:54:05.0595 0x139c NetTcpPortSharing - ok 17:54:05.0642 0x139c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 17:54:05.0689 0x139c nfrd960 - ok 17:54:05.0783 0x139c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 17:54:05.0814 0x139c NlaSvc - ok 17:54:05.0845 0x139c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:54:05.0876 0x139c Npfs - ok 17:54:05.0907 0x139c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 17:54:05.0923 0x139c nsi - ok 17:54:05.0939 0x139c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:54:05.0985 0x139c nsiproxy - ok 17:54:06.0079 0x139c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:54:06.0173 0x139c Ntfs - ok 17:54:06.0204 0x139c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 17:54:06.0266 0x139c Null - ok 17:54:06.0578 0x139c [ 45F83C99EDF3253D047F692A42C1A51A, 08EC3CE5F00C9B70F52577FAD0561A8ECCD6C04F96468DBA67B4D4C82C77FA6D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 17:54:06.0859 0x139c nvlddmkm - ok 17:54:07.0046 0x139c [ 72DD6225BA6055472522195F96473639, 27C8F847B247645061C0CD6DFCC986DA27638A9DFE686040160DFDCF7B3A6E72 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe 17:54:07.0093 0x139c NvNetworkService - ok 17:54:07.0155 0x139c [ 569EA1C59C4507536A6604C08E82B33D, E7A450B5F6660EDA7B177B9E20F13A2397597B8F039FAEFD0090EE25431960E1 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys 17:54:07.0171 0x139c nvpciflt - ok 17:54:07.0249 0x139c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:54:07.0280 0x139c nvraid - ok 17:54:07.0296 0x139c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:54:07.0358 0x139c nvstor - ok 17:54:07.0499 0x139c [ 4680DDDDDBA1CB1D56D49B4A6134155C, BF6E538BC10B23F6D93143F5C48155245852798D4846F401E0DA70A5BCFC74E1 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 17:54:07.0514 0x139c NvStreamKms - ok 17:54:07.0717 0x139c [ E14F52B60581EE71849CD45186892046, 72B3E92CD34489306AB7D794C4C1F67513DE80C72A847DCF7A3EEFE2254762D0 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe 17:54:07.0904 0x139c NvStreamSvc - ok 17:54:07.0998 0x139c [ 92C7B8287C185022F12253026FA33401, 96E466D17347DB3E789DD6DBF3604E51D4B86D3E49592B0EF6622BD278369F6C ] nvsvc C:\Windows\system32\nvvsvc.exe 17:54:08.0029 0x139c nvsvc - ok 17:54:08.0138 0x139c [ 35DFC12FD7E44B7CB8CCD7E5A2B3975A, 36E0E39646636F6E027691E5C3903C51479B3F707BDEA40F460FD27E357DA14E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys 17:54:08.0169 0x139c nvvad_WaveExtensible - ok 17:54:08.0201 0x139c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:54:08.0216 0x139c nv_agp - ok 17:54:08.0232 0x139c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 17:54:08.0279 0x139c ohci1394 - ok 17:54:08.0435 0x139c [ 62B39B2B2DF993FB10E1DD05281AA65F, 92AA0DF346C8B1A474162F24EA27D8021FFC68A9A8B7954703CAD92D15A0C414 ] OkayFreedom VPN Starter Service C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe 17:54:08.0450 0x139c OkayFreedom VPN Starter Service - ok 17:54:08.0606 0x139c [ 10202AD89DEF5E0F7CDCF2CE8C5EF1EE, F2A9CAC054A440EBF71D7372DAA7A57BC9DB1893C45EA01F21537CE714B7451B ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe 17:54:08.0669 0x139c Origin Client Service - ok 17:54:08.0700 0x139c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 17:54:08.0747 0x139c p2pimsvc - ok 17:54:08.0793 0x139c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 17:54:08.0840 0x139c p2psvc - ok 17:54:08.0871 0x139c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys 17:54:08.0918 0x139c Parport - ok 17:54:08.0965 0x139c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:54:08.0981 0x139c partmgr - ok 17:54:09.0043 0x139c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 17:54:09.0043 0x139c PcaSvc - ok 17:54:09.0059 0x139c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 17:54:09.0090 0x139c pci - ok 17:54:09.0152 0x139c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 17:54:09.0152 0x139c pciide - ok 17:54:09.0183 0x139c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 17:54:09.0199 0x139c pcmcia - ok 17:54:09.0215 0x139c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 17:54:09.0230 0x139c pcw - ok 17:54:09.0293 0x139c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:54:09.0308 0x139c PEAUTH - ok 17:54:09.0371 0x139c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 17:54:09.0402 0x139c PerfHost - ok 17:54:09.0464 0x139c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 17:54:09.0527 0x139c pla - ok 17:54:09.0605 0x139c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:54:09.0636 0x139c PlugPlay - ok 17:54:09.0667 0x139c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 17:54:09.0683 0x139c PNRPAutoReg - ok 17:54:09.0714 0x139c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 17:54:09.0729 0x139c PNRPsvc - ok 17:54:09.0776 0x139c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:54:09.0839 0x139c PolicyAgent - ok 17:54:09.0932 0x139c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 17:54:09.0979 0x139c Power - ok 17:54:10.0026 0x139c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:54:10.0057 0x139c PptpMiniport - ok 17:54:10.0073 0x139c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys 17:54:10.0104 0x139c Processor - ok 17:54:10.0166 0x139c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 17:54:10.0197 0x139c ProfSvc - ok 17:54:10.0229 0x139c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] ProtectedStorage C:\Windows\system32\lsass.exe 17:54:10.0244 0x139c ProtectedStorage - ok 17:54:10.0260 0x139c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 17:54:10.0307 0x139c Psched - ok 17:54:10.0385 0x139c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 17:54:10.0431 0x139c ql2300 - ok 17:54:10.0447 0x139c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 17:54:10.0463 0x139c ql40xx - ok 17:54:10.0494 0x139c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 17:54:10.0509 0x139c QWAVE - ok 17:54:10.0525 0x139c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:54:10.0541 0x139c QWAVEdrv - ok 17:54:10.0572 0x139c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:54:10.0603 0x139c RasAcd - ok 17:54:10.0634 0x139c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 17:54:10.0665 0x139c RasAgileVpn - ok 17:54:10.0681 0x139c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 17:54:10.0743 0x139c RasAuto - ok 17:54:10.0790 0x139c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:54:10.0853 0x139c Rasl2tp - ok 17:54:10.0899 0x139c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 17:54:10.0946 0x139c RasMan - ok 17:54:10.0993 0x139c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:54:11.0055 0x139c RasPppoe - ok 17:54:11.0102 0x139c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:54:11.0133 0x139c RasSstp - ok 17:54:11.0149 0x139c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:54:11.0196 0x139c rdbss - ok 17:54:11.0227 0x139c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 17:54:11.0274 0x139c rdpbus - ok 17:54:11.0289 0x139c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:54:11.0352 0x139c RDPCDD - ok 17:54:11.0383 0x139c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:54:11.0414 0x139c RDPENCDD - ok 17:54:11.0414 0x139c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 17:54:11.0445 0x139c RDPREFMP - ok 17:54:11.0570 0x139c [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 17:54:11.0601 0x139c RdpVideoMiniport - ok 17:54:11.0664 0x139c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:54:11.0679 0x139c RDPWD - ok 17:54:11.0726 0x139c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 17:54:11.0757 0x139c rdyboost - ok 17:54:11.0773 0x139c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:54:11.0820 0x139c RemoteAccess - ok 17:54:11.0851 0x139c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:54:11.0882 0x139c RemoteRegistry - ok 17:54:11.0913 0x139c [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 17:54:11.0945 0x139c RFCOMM - ok 17:54:11.0976 0x139c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 17:54:12.0023 0x139c RpcEptMapper - ok 17:54:12.0069 0x139c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 17:54:12.0069 0x139c RpcLocator - ok 17:54:12.0116 0x139c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 17:54:12.0147 0x139c RpcSs - ok 17:54:12.0179 0x139c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:54:12.0225 0x139c rspndr - ok 17:54:12.0319 0x139c [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 17:54:12.0335 0x139c RSUSBSTOR - ok 17:54:12.0366 0x139c [ 543AFFECD35CFABD4490661F83685A0D, 819C022284E54C950D1144B9260C944D493CB4646713B30790818EFC99B82CCB ] RtkBleServ C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe 17:54:12.0381 0x139c RtkBleServ - detected UnsignedFile.Multi.Generic ( 1 ) 17:54:12.0381 0x139c RtkBleServ ( UnsignedFile.Multi.Generic ) - warning 17:54:12.0413 0x139c [ 0772C3A9B2AB1907FCB68F2109F18E3B, FECAF1916CE9224D1784F5F99267B95A21969937DB57833FCD6C6118D0A442DC ] RtkBtFilter C:\Windows\system32\DRIVERS\RtkBtfilter.sys 17:54:12.0444 0x139c RtkBtFilter - ok 17:54:12.0553 0x139c [ F84917461BDB7C51B2ED7FF062B3A64A, 0DC81BA49BDDB4F425F526A21357E1CF70C94D67E99B3020E9FF14B680851EEC ] RTWlanE C:\Windows\system32\DRIVERS\rtwlane.sys 17:54:12.0615 0x139c RTWlanE - ok 17:54:12.0647 0x139c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] SamSs C:\Windows\system32\lsass.exe 17:54:12.0647 0x139c SamSs - ok 17:54:12.0678 0x139c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:54:12.0693 0x139c sbp2port - ok 17:54:12.0740 0x139c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:54:12.0787 0x139c SCardSvr - ok 17:54:12.0818 0x139c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 17:54:12.0849 0x139c scfilter - ok 17:54:12.0881 0x139c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 17:54:12.0927 0x139c Schedule - ok 17:54:12.0959 0x139c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 17:54:12.0974 0x139c SCPolicySvc - ok 17:54:13.0005 0x139c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:54:13.0021 0x139c SDRSVC - ok 17:54:13.0052 0x139c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:54:13.0099 0x139c secdrv - ok 17:54:13.0130 0x139c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 17:54:13.0177 0x139c seclogon - ok 17:54:13.0224 0x139c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 17:54:13.0239 0x139c SENS - ok 17:54:13.0239 0x139c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 17:54:13.0286 0x139c SensrSvc - ok 17:54:13.0333 0x139c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys 17:54:13.0364 0x139c Serenum - ok 17:54:13.0411 0x139c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys 17:54:13.0458 0x139c Serial - ok 17:54:13.0489 0x139c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys 17:54:13.0520 0x139c sermouse - ok 17:54:13.0567 0x139c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 17:54:13.0583 0x139c SessionEnv - ok 17:54:13.0598 0x139c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:54:13.0629 0x139c sffdisk - ok 17:54:13.0645 0x139c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:54:13.0661 0x139c sffp_mmc - ok 17:54:13.0676 0x139c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:54:13.0692 0x139c sffp_sd - ok 17:54:13.0707 0x139c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 17:54:13.0754 0x139c sfloppy - ok 17:54:13.0801 0x139c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:54:13.0832 0x139c SharedAccess - ok 17:54:13.0879 0x139c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:54:13.0926 0x139c ShellHWDetection - ok 17:54:13.0973 0x139c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 17:54:13.0988 0x139c SiSRaid2 - ok 17:54:14.0019 0x139c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 17:54:14.0035 0x139c SiSRaid4 - ok 17:54:14.0144 0x139c [ 0B70786BD1062CD4C6B58E412B9C3E55, 60ED027642FFF97BFFA55AE3EFFCCBB6D6AD8196D35E9ED06F9AF431E3C0402A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 17:54:14.0160 0x139c SkypeUpdate - ok 17:54:14.0207 0x139c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:54:14.0253 0x139c Smb - ok 17:54:14.0285 0x139c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:54:14.0331 0x139c SNMPTRAP - ok 17:54:14.0363 0x139c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 17:54:14.0378 0x139c spldr - ok 17:54:14.0456 0x139c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 17:54:14.0472 0x139c Spooler - ok 17:54:14.0565 0x139c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 17:54:14.0721 0x139c sppsvc - ok 17:54:14.0753 0x139c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 17:54:14.0784 0x139c sppuinotify - ok 17:54:14.0862 0x139c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 17:54:14.0877 0x139c srv - ok 17:54:14.0909 0x139c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:54:14.0955 0x139c srv2 - ok 17:54:15.0002 0x139c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:54:15.0033 0x139c srvnet - ok 17:54:15.0080 0x139c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:54:15.0127 0x139c SSDPSRV - ok 17:54:15.0143 0x139c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:54:15.0174 0x139c SstpSvc - ok 17:54:15.0252 0x139c [ 5317D001B40EAF91ECA71644F1B984C6, 43F2D5E025527EE19483D0FCA1C8559740556B8F60EE1B4D6AC4BFB826F4162D ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 17:54:15.0267 0x139c Steam Client Service - ok 17:54:15.0299 0x139c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys 17:54:15.0299 0x139c stexstor - ok 17:54:15.0345 0x139c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 17:54:15.0408 0x139c stisvc - ok 17:54:15.0439 0x139c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 17:54:15.0455 0x139c swenum - ok 17:54:15.0486 0x139c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 17:54:15.0517 0x139c swprv - ok 17:54:15.0564 0x139c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 17:54:15.0642 0x139c SysMain - ok 17:54:15.0689 0x139c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:54:15.0704 0x139c TabletInputService - ok 17:54:15.0720 0x139c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 17:54:15.0782 0x139c TapiSrv - ok 17:54:15.0829 0x139c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 17:54:15.0876 0x139c TBS - ok 17:54:16.0016 0x139c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:54:16.0094 0x139c Tcpip - ok 17:54:16.0157 0x139c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 17:54:16.0235 0x139c TCPIP6 - ok 17:54:16.0297 0x139c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:54:16.0328 0x139c tcpipreg - ok 17:54:16.0375 0x139c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:54:16.0391 0x139c TDPIPE - ok 17:54:16.0422 0x139c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:54:16.0437 0x139c TDTCP - ok 17:54:16.0515 0x139c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:54:16.0531 0x139c tdx - ok 17:54:16.0562 0x139c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 17:54:16.0578 0x139c TermDD - ok 17:54:16.0640 0x139c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 17:54:16.0687 0x139c TermService - ok 17:54:16.0734 0x139c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 17:54:16.0765 0x139c Themes - ok 17:54:16.0796 0x139c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 17:54:16.0827 0x139c THREADORDER - ok 17:54:16.0859 0x139c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 17:54:16.0905 0x139c TrkWks - ok 17:54:16.0983 0x139c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:54:17.0030 0x139c TrustedInstaller - ok 17:54:17.0077 0x139c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:54:17.0093 0x139c tssecsrv - ok 17:54:17.0171 0x139c [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 17:54:17.0186 0x139c TsUsbFlt - ok 17:54:17.0249 0x139c [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 17:54:17.0280 0x139c TsUsbGD - ok 17:54:17.0327 0x139c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:54:17.0373 0x139c tunnel - ok 17:54:17.0405 0x139c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 17:54:17.0420 0x139c uagp35 - ok 17:54:17.0451 0x139c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:54:17.0483 0x139c udfs - ok 17:54:17.0514 0x139c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:54:17.0545 0x139c UI0Detect - ok 17:54:17.0592 0x139c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:54:17.0607 0x139c uliagpkx - ok 17:54:17.0639 0x139c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:54:17.0670 0x139c umbus - ok 17:54:17.0701 0x139c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys 17:54:17.0732 0x139c UmPass - ok 17:54:17.0795 0x139c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 17:54:17.0857 0x139c upnphost - ok 17:54:17.0935 0x139c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 17:54:17.0951 0x139c usbaudio - ok 17:54:17.0966 0x139c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:54:17.0982 0x139c usbccgp - ok 17:54:18.0060 0x139c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:54:18.0107 0x139c usbcir - ok 17:54:18.0169 0x139c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys 17:54:18.0200 0x139c usbehci - ok 17:54:18.0247 0x139c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:54:18.0294 0x139c usbhub - ok 17:54:18.0341 0x139c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:54:18.0356 0x139c usbohci - ok 17:54:18.0387 0x139c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys 17:54:18.0403 0x139c usbprint - ok 17:54:18.0419 0x139c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:54:18.0434 0x139c USBSTOR - ok 17:54:18.0497 0x139c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 17:54:18.0528 0x139c usbuhci - ok 17:54:18.0606 0x139c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 17:54:18.0637 0x139c usbvideo - ok 17:54:18.0653 0x139c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 17:54:18.0699 0x139c UxSms - ok 17:54:18.0731 0x139c [ 17A6A9AAD04CCC6EE53290585BFC43AF, E4901D86C6470D21ABA0F6D9615A613E5C74A3FEF931E497F51B6AFA5715332B ] VaultSvc C:\Windows\system32\lsass.exe 17:54:18.0746 0x139c VaultSvc - ok 17:54:18.0855 0x139c VBoxAswDrv - ok 17:54:18.0887 0x139c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 17:54:18.0902 0x139c vdrvroot - ok 17:54:18.0933 0x139c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 17:54:18.0980 0x139c vds - ok 17:54:18.0996 0x139c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:54:19.0011 0x139c vga - ok 17:54:19.0011 0x139c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 17:54:19.0074 0x139c VgaSave - ok 17:54:19.0105 0x139c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 17:54:19.0152 0x139c vhdmp - ok 17:54:19.0230 0x139c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 17:54:19.0230 0x139c viaide - ok 17:54:19.0277 0x139c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:54:19.0292 0x139c volmgr - ok 17:54:19.0308 0x139c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:54:19.0323 0x139c volmgrx - ok 17:54:19.0401 0x139c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:54:19.0417 0x139c volsnap - ok 17:54:19.0448 0x139c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 17:54:19.0464 0x139c vsmraid - ok 17:54:19.0526 0x139c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 17:54:19.0589 0x139c VSS - ok 17:54:19.0620 0x139c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 17:54:19.0635 0x139c vwifibus - ok 17:54:19.0667 0x139c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 17:54:19.0698 0x139c vwififlt - ok 17:54:19.0729 0x139c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 17:54:19.0760 0x139c vwifimp - ok 17:54:19.0823 0x139c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 17:54:19.0854 0x139c W32Time - ok 17:54:19.0916 0x139c [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll 17:54:19.0947 0x139c W3SVC - ok 17:54:20.0041 0x139c [ 90A7D70E48A69F6E4FFB49440674B3B8, 6C31BE40D9FF3C91B420AB2CFF17FA0D463BD97DF94B9CFCB8735A9EBC8FDFB0 ] WacHidRouter C:\Windows\system32\DRIVERS\wachidrouter.sys 17:54:20.0057 0x139c WacHidRouter - ok 17:54:20.0072 0x139c wacommousefilter - ok 17:54:20.0088 0x139c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 17:54:20.0135 0x139c WacomPen - ok 17:54:20.0181 0x139c [ A46EA18DFA3CB657732909570F021578, 36A87A8A3402BBD79367B6F0D9C59C3BAF18AAE154A273DA067D7F08A7B94CC8 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys 17:54:20.0181 0x139c wacomrouterfilter - ok 17:54:20.0213 0x139c wacomvhid - ok 17:54:20.0259 0x139c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 17:54:20.0306 0x139c WANARP - ok 17:54:20.0322 0x139c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:54:20.0353 0x139c Wanarpv6 - ok 17:54:20.0384 0x139c [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll 17:54:20.0400 0x139c WAS - ok 17:54:20.0462 0x139c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 17:54:20.0525 0x139c wbengine - ok 17:54:20.0556 0x139c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 17:54:20.0571 0x139c WbioSrvc - ok 17:54:20.0603 0x139c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:54:20.0634 0x139c wcncsvc - ok 17:54:20.0634 0x139c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:54:20.0665 0x139c WcsPlugInService - ok 17:54:20.0712 0x139c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys 17:54:20.0727 0x139c Wd - ok 17:54:20.0790 0x139c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:54:20.0837 0x139c Wdf01000 - ok 17:54:20.0852 0x139c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:54:20.0899 0x139c WdiServiceHost - ok 17:54:20.0899 0x139c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:54:20.0915 0x139c WdiSystemHost - ok 17:54:20.0961 0x139c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 17:54:20.0977 0x139c WebClient - ok 17:54:21.0008 0x139c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:54:21.0039 0x139c Wecsvc - ok 17:54:21.0055 0x139c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:54:21.0086 0x139c wercplsupport - ok 17:54:21.0117 0x139c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 17:54:21.0133 0x139c WerSvc - ok 17:54:21.0164 0x139c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 17:54:21.0195 0x139c WfpLwf - ok 17:54:21.0211 0x139c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 17:54:21.0227 0x139c WIMMount - ok 17:54:21.0242 0x139c WinDefend - ok 17:54:21.0273 0x139c WinHttpAutoProxySvc - ok 17:54:21.0320 0x139c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:54:21.0367 0x139c Winmgmt - ok 17:54:21.0461 0x139c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll 17:54:21.0523 0x139c WinRM - ok 17:54:21.0601 0x139c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 17:54:21.0617 0x139c WinUsb - ok 17:54:21.0648 0x139c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 17:54:21.0679 0x139c Wlansvc - ok 17:54:21.0819 0x139c [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:54:21.0866 0x139c wlidsvc - ok 17:54:21.0897 0x139c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 17:54:21.0929 0x139c WmiAcpi - ok 17:54:21.0960 0x139c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:54:21.0975 0x139c wmiApSrv - ok 17:54:22.0007 0x139c WMPNetworkSvc - ok 17:54:22.0038 0x139c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:54:22.0053 0x139c WPCSvc - ok 17:54:22.0069 0x139c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:54:22.0085 0x139c WPDBusEnum - ok 17:54:22.0116 0x139c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:54:22.0147 0x139c ws2ifsl - ok 17:54:22.0163 0x139c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 17:54:22.0178 0x139c wscsvc - ok 17:54:22.0178 0x139c WSearch - ok 17:54:22.0319 0x139c [ 539D52A1CB4CC3BFB9B6CAD7883B8ECA, 3CAC8F755F85F06C6FFA8C5328943DC55F410EAAA64F0E4241C3E7F60A48D4A9 ] WTabletServiceCon C:\Program Files\Tablet\Pen\WTabletServiceCon.exe 17:54:22.0334 0x139c WTabletServiceCon - ok 17:54:22.0475 0x139c [ 34171064E47304771179A28F1B626A71, 518D832F9C6826ED1F3A3220808E9A5DE5E0B6924AAFA1BE70B3957EFF117642 ] WTabletServicePro C:\Program Files\Tablet\Wacom\WTabletServicePro.exe 17:54:22.0490 0x139c WTabletServicePro - ok 17:54:22.0599 0x139c [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll 17:54:22.0677 0x139c wuauserv - ok 17:54:22.0724 0x139c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:54:22.0755 0x139c WudfPf - ok 17:54:22.0787 0x139c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:54:22.0849 0x139c WUDFRd - ok 17:54:22.0896 0x139c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:54:22.0927 0x139c wudfsvc - ok 17:54:22.0974 0x139c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 17:54:22.0989 0x139c WwanSvc - ok 17:54:23.0021 0x139c xhunter1 - ok 17:54:23.0114 0x139c [ 2C6BC21B2D5B58D8B1D638C1704CB494, 0AABCEB627E274E338DDD9BA664BAA128D7C00AF04C95C776C2AFFA6BB17F680 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 17:54:23.0114 0x139c xusb21 - ok 17:54:23.0161 0x139c ================ Scan global =============================== 17:54:23.0192 0x139c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 17:54:23.0255 0x139c [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll 17:54:23.0255 0x139c [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\Windows\system32\winsrv.dll 17:54:23.0286 0x139c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 17:54:23.0348 0x139c [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe 17:54:23.0364 0x139c [ Global ] - ok 17:54:23.0364 0x139c ================ Scan MBR ================================== 17:54:23.0379 0x139c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:54:27.0077 0x139c \Device\Harddisk0\DR0 - ok 17:54:27.0077 0x139c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR2 17:54:27.0217 0x139c \Device\Harddisk1\DR2 - ok 17:54:27.0217 0x139c ================ Scan VBR ================================== 17:54:27.0217 0x139c [ EFE162BDED35D5AFDF980AFB483C6E4B ] \Device\Harddisk0\DR0\Partition1 17:54:27.0248 0x139c \Device\Harddisk0\DR0\Partition1 - ok 17:54:27.0264 0x139c [ 81AB87579D4F78AB6C2FC2AF2E0AD245 ] \Device\Harddisk0\DR0\Partition2 17:54:27.0264 0x139c \Device\Harddisk0\DR0\Partition2 - ok 17:54:27.0279 0x139c [ 2716013F20357751463767959CDC1184 ] \Device\Harddisk1\DR2\Partition1 17:54:27.0279 0x139c \Device\Harddisk1\DR2\Partition1 - ok 17:54:27.0279 0x139c ================ Scan generic autorun ====================== 17:54:27.0295 0x139c [ 8B87D9E466055B958EE24270BF187512, 7A1994398C5A2CEB7738006F375C12E5AAC9142786783189E7C57AB8E1E75F3C ] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe 17:54:27.0357 0x139c BtServer - detected UnsignedFile.Multi.Generic ( 1 ) 17:54:27.0357 0x139c BtServer ( UnsignedFile.Multi.Generic ) - warning 17:54:27.0357 0x139c ETDCtrl - ok 17:54:27.0482 0x139c [ 4A0477ADCD07EC9D21257A2E456B16C5, CEF9C81730C12283A7600C3D921D89A62B14D1C46544B493F3AF7520DD2D1F79 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe 17:54:27.0482 0x139c IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 ) 17:54:27.0482 0x139c IAStorIcon ( UnsignedFile.Multi.Generic ) - warning 17:54:27.0482 0x139c Force sending object to P2P due to detect: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe 17:54:27.0482 0x139c Object send P2P result: false 17:54:27.0654 0x139c [ 463C40BFC0FB8FF59049E2CA78695A40, 8D693A061A19E47CCADEEC844D4ACF59B5CD3CE97452018807884D2ACBEDA7FF ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 17:54:27.0732 0x139c NvBackend - ok 17:54:27.0763 0x139c [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe 17:54:27.0779 0x139c ShadowPlay - ok 17:54:27.0857 0x139c [ ED43758BF94B8A5221D69F1B7F63F13D, F6E7418823E45085F4D4F50DD25A55ED517C0A335C6C2F69A1139B30677D3DA9 ] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe 17:54:27.0888 0x139c XboxStat - ok 17:54:28.0044 0x139c [ 094E4E76FB9AB960A73F841BC6733F42, 01C1BFF17BEC6588E192EC4D7ACB74FC9B95ECA7CB8BB9585B04FC8EA73C3B43 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe 17:54:28.0044 0x139c USB3MON - ok 17:54:28.0137 0x139c [ 80086ED442941DE2CA18CB6DAE8C1422, F7BE958F2E8E17970C238E3806F4A742B12DA09EB21093BD6371CF4B580C5BE4 ] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe 17:54:28.0184 0x139c Aeria Ignite - ok 17:54:28.0403 0x139c [ 8A312D5764B4FC4C55CEDDEED4652CF1, C4E726C9C77614CD32D5B76DA2E9A049EC490C2392D9A94B84712BCBF47BA7C6 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe 17:54:28.0527 0x139c AvastUI.exe - ok 17:54:28.0746 0x139c [ E5255D63DD01AA9F1CC4355FE366E2D3, 2E28C14DC1FEAE10626D37FF4C1DAE27F3801A40EA973E02E42B48185CBBC89B ] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe 17:54:28.0855 0x139c LogMeIn Hamachi Ui - ok 17:54:29.0042 0x139c [ 359714A81A50EA2B3C8FD5B469AC7D23, AEA7CE88D44809DD0D656FC9B7D57B0993AEA99FB4665136CA0450F1BECEC453 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe 17:54:29.0058 0x139c FUFAXRCV - ok 17:54:29.0089 0x139c [ 0DA6B555222873BB7AD140D9C675DFB7, A7EADD3D6A658D5B8FD208563466BC4E0EE185BB05DE3C0ACE70A8527E7B02F1 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe 17:54:29.0105 0x139c FUFAXSTM - ok 17:54:29.0198 0x139c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 17:54:29.0245 0x139c Sidebar - ok 17:54:29.0276 0x139c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 17:54:29.0292 0x139c mctadmin - ok 17:54:29.0339 0x139c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 17:54:29.0370 0x139c Sidebar - ok 17:54:29.0385 0x139c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 17:54:29.0401 0x139c mctadmin - ok 17:54:29.0666 0x139c [ F2AD1B265908797F8A5E21E0312F2F25, 2A6A612F7D52D297385C43E77AD0CD37B28F33ED2AF89098F5E66B812B838A52 ] C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe 17:54:29.0744 0x139c Akamai NetSession Interface - ok 17:54:29.0853 0x139c [ 764BE29C9F78D949191C995B9BA4492A, A42EADC8546859A717F149C044235410B5908837B471889B281195C860AC558D ] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMAE.EXE 17:54:29.0869 0x139c EPLTarget\P0000000000000000 - ok 17:54:30.0009 0x139c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 17:54:30.0056 0x139c Sidebar - ok 17:54:30.0087 0x139c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 17:54:30.0103 0x139c mctadmin - ok 17:54:30.0150 0x139c AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2245.1540 ), 0x41000 ( enabled : updated ) 17:54:30.0321 0x139c Win FW state via NFP2: enabled ( trusted ) 17:54:30.0321 0x139c ============================================================ 17:54:30.0321 0x139c Scan finished 17:54:30.0321 0x139c ============================================================ 17:54:30.0321 0x0158 Detected object count: 8 17:54:30.0321 0x0158 Actual detected object count: 8 17:54:56.0186 0x0158 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user 17:54:56.0186 0x0158 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:54:56.0186 0x0158 AvrcpService ( UnsignedFile.Multi.Generic ) - skipped by user 17:54:56.0186 0x0158 AvrcpService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:54:56.0186 0x0158 BTDevManager ( UnsignedFile.Multi.Generic ) - skipped by user 17:54:56.0186 0x0158 BTDevManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:54:56.0186 0x0158 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 17:54:56.0186 0x0158 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:54:56.0186 0x0158 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - skipped by user 17:54:56.0186 0x0158 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:54:56.0186 0x0158 RtkBleServ ( UnsignedFile.Multi.Generic ) - skipped by user 17:54:56.0186 0x0158 RtkBleServ ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:54:56.0186 0x0158 BtServer ( UnsignedFile.Multi.Generic ) - skipped by user 17:54:56.0186 0x0158 BtServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:54:56.0186 0x0158 IAStorIcon ( UnsignedFile.Multi.Generic ) - skipped by user 17:54:56.0186 0x0158 IAStorIcon ( UnsignedFile.Multi.Generic ) - User select action: Skip |
11.12.2015, 18:03 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Schritt 1
Schritt 2 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
12.12.2015, 04:32 | #9 |
| Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Hier der Log von MBAM: Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2015/12/11 18:46:58 +0100</date> <logfile>mbam-log-2015-12-11 (18-46-38).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.2.0.1024</version> <malware-database>v2015.09.22.05</malware-database> <rootkit-database>v2015.09.18.01</rootkit-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <hostname>JIMMY</hostname> <ip>25.106.109.46</ip> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>MadlinNoxXedalia</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>506064</objects> <time>17688</time> <processes>0</processes> <modules>0</modules> <keys>4</keys> <values>5</values> <datas>0</datas> <folders>5</folders> <files>4</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>enabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR</path><vendor>PUP.Optional.Trovi</vendor><action>success</action><hash>07e6f042c6c554e21e94992a6a9a22de</hash></key> <key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>bc31d55ddbb02f0738b7de94ee168d73</hash></key> <key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>34b96dc5e0ab47ef549a2a4851b3bd43</hash></key> <key><path>HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\SOFTWARE\SupHpUISoft</path><vendor>PUP.Optional.WebSearches.ShrtCln</vendor><action>success</action><hash>66879b97395242f4f53c83bf5ba8f907</hash></key> <value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe</path><valuename>{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</valuename><vendor>PUP.Optional.Trovi</vendor><action>success</action><valuedata>130523343391758969</valuedata><hash>737aab879deeb680e5cc6261ab59c13f</hash></value> <value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.exe</path><valuename>{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</valuename><vendor>PUP.Optional.Trovi</vendor><action>success</action><valuedata>130523343391758969</valuedata><hash>856872c02b602016f8b918abaa5a58a8</hash></value> <value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe</path><valuename>{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</valuename><vendor>PUP.Optional.Trovi</vendor><action>success</action><valuedata>130523343391758969</valuedata><hash>e10c0f23b3d821157a37fec5ad57d729</hash></value> <value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe</path><valuename>{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</valuename><vendor>PUP.Optional.Trovi</vendor><action>success</action><valuedata>130523343391758969</valuedata><hash>d815c969553644f28f22f4cf57ad17e9</hash></value> <value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr</path><valuename>{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</valuename><vendor>PUP.Optional.Trovi</vendor><action>success</action><valuedata>130523343391758969</valuedata><hash>07e6f042c6c554e21e94992a6a9a22de</hash></value> <folder><path>C:\ProgramData\374311380</path><vendor>Rogue.Multiple</vendor><action>success</action><hash>1ad37ab84942f640f47e0fdffd0545bb</hash></folder> <folder><path>C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me</path><vendor>PUP.Optional.NextLive</vendor><action>success</action><hash>b23b5ad80586df57493c031edc27f40c</hash></folder> <folder><path>C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me\cache</path><vendor>PUP.Optional.NextLive</vendor><action>success</action><hash>b23b5ad80586df57493c031edc27f40c</hash></folder> <folder><path>C:\Windows\SysWOW64\SearchProtect</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>14d9be745a31072fde13fa366b9821df</hash></folder> <folder><path>C:\Windows\SysWOW64\SearchProtect\Logs</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>14d9be745a31072fde13fa366b9821df</hash></folder> <file><path>C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>c4294fe36c1f57df3db482f011f34bb5</hash></file> <file><path>C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>b538f43e97f4d165b187a2177b896e92</hash></file> <file><path>C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me\nengine.cookie</path><vendor>PUP.Optional.NextLive</vendor><action>success</action><hash>b23b5ad80586df57493c031edc27f40c</hash></file> <file><path>C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me\cache\spark.bin</path><vendor>PUP.Optional.NextLive</vendor><action>success</action><hash>b23b5ad80586df57493c031edc27f40c</hash></file> </items> </mbam-log> Und hier die Logdatei von ESET : Code:
ATTFilter ESETSmartInstaller@High as downloader log: Can not open internet# product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=d5f3c6bbe3c26c4384f0b3f6812f5b56 # end=init # utc_time=2015-12-11 11:32:35 # local_time=2015-12-12 12:32:35 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 27161 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=d5f3c6bbe3c26c4384f0b3f6812f5b56 # end=updated # utc_time=2015-12-11 11:38:25 # local_time=2015-12-12 12:38:25 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=d5f3c6bbe3c26c4384f0b3f6812f5b56 # engine=27161 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-12 02:26:40 # local_time=2015-12-12 03:26:40 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 88 60408 14896650 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 164940 201517050 0 0 # scanned=438912 # found=14 # cleaned=14 # scan_time=10094 sh=3149B935C4D86C3B18CB10E46E75191CC17766A2 ft=1 fh=7a190de845a5fb04 vn="Win32/TrojanDownloader.Nymaim.BA Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\MadlinNoxXedalia\AppData\Roaming\mosfet-1\mosfet-78.exe" sh=13EB3D5BF4F919421221385BE1047B5E1A840D2D ft=0 fh=0000000000000000 vn="JS/Adware.Steganos.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\OkayFreedom\okayfreedom_ff.xpi" sh=65DBF1D094F3C63AD12C8F034D8D132A962FA46E ft=1 fh=073c304ffb9fa3a8 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\aapt.exe" sh=B7832A1BC15B67EEA01C25B6C688021372FB4656 ft=1 fh=217f6af847730ddc vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashReport.exe" sh=85CC7149AE9F5B9C345C6E4291159EDB1E6D4AA2 ft=1 fh=28079c1ecc971f93 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashRpt.dll" sh=9E2C3D7CDEDE2543CC0F7960D9837D1B6D2BE75F ft=1 fh=7a481a0f621bd9cc vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x64.exe" sh=E54955407B312B936C2873446E59355F0EA5CA73 ft=1 fh=d287fe18b11aa882 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x86.exe" sh=77FF724EA6530E24FBD9EA8C2D59B1B291796874 ft=1 fh=d2ee2046d07ae837 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x64.exe" sh=1A8B4BA11E613DE010E51F03D89B513527846AA4 ft=1 fh=95b4c8bc1ea46e9e vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x86.exe" sh=8EE77C3EA732059837B316BEEE37A0809CD68F0B ft=1 fh=77f6a6fe09a20461 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\lsusb.exe" sh=F62E24423D06DDAF273DFFBA831C25EBC13B82EE ft=1 fh=9b120be6f077dc20 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgadb.exe" sh=02D365A799FDCBF8C8A507FCFC69946B402FEA53 ft=1 fh=92f3782890b0d44b vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgusb.exe" sh=8C6F55634ADBCA6FAA8101C1B2FB024B4855499D ft=1 fh=2876557c9c75ac21 vn="Variante von Win32/Adware.Mobogenie.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\OutlookOperatorC.exe" sh=E3A69044DB80020EF69F28A679A62A07F9AE936A ft=1 fh=bcbf2858281a2b32 vn="JS/Adware.Steganos.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\MadlinNoxXedalia\Downloads\okayfreedom.exe" Ich habe für kurze Zeit die Verbindung zum W-Lan mit dem infizierten Laptop hergestellt da ESET Daten runterladen musste und immerhin bekam ich keine Fehlermeldungen mehr |
12.12.2015, 14:16 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Hi, bitte Malwarebytes-Log posten: Malwarebytes Anti-Malware Logfile finden - Anleitungen sowie ein frisches FRST-Log: Schritt 1 Bitte starte FRST erneut, und drücke auf Untersuchen. Bitte poste mir den Inhalt des Logs.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
12.12.2015, 18:52 | #11 |
| Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Hier nochmal der richtige MBAM Log (hoffentlich) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 11.12.2015 Suchlaufzeit: 18:46 Protokolldatei: mbam log.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.09.22.05 Rootkit-Datenbank: v2015.09.18.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bosartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: MadlinNoxXedalia Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 506064 Abgelaufene Zeit: 4 Std., 54 Min., 48 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bosartigen Elemente erkannt) Module: 0 (keine bosartigen Elemente erkannt) Registrierungsschlussel: 4 PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR, In Quarantane, [07e6f042c6c554e21e94992a6a9a22de], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantane, [bc31d55ddbb02f0738b7de94ee168d73], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantane, [34b96dc5e0ab47ef549a2a4851b3bd43], PUP.Optional.WebSearches.ShrtCln, HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\SOFTWARE\SupHpUISoft, In Quarantane, [66879b97395242f4f53c83bf5ba8f907], Registrierungswerte: 5 PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130523343391758969, In Quarantane, [737aab879deeb680e5cc6261ab59c13f] PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130523343391758969, In Quarantane, [856872c02b602016f8b918abaa5a58a8] PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130523343391758969, In Quarantane, [e10c0f23b3d821157a37fec5ad57d729] PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130523343391758969, In Quarantane, [d815c969553644f28f22f4cf57ad17e9] PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130523343391758969, In Quarantane, [07e6f042c6c554e21e94992a6a9a22de] Registrierungsdaten: 0 (keine bosartigen Elemente erkannt) Ordner: 5 Rogue.Multiple, C:\ProgramData\374311380, In Quarantane, [1ad37ab84942f640f47e0fdffd0545bb], PUP.Optional.NextLive, C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me, In Quarantane, [b23b5ad80586df57493c031edc27f40c], PUP.Optional.NextLive, C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me\cache, In Quarantane, [b23b5ad80586df57493c031edc27f40c], PUP.Optional.SearchProtect, C:\Windows\SysWOW64\SearchProtect, In Quarantane, [14d9be745a31072fde13fa366b9821df], PUP.Optional.SearchProtect, C:\Windows\SysWOW64\SearchProtect\Logs, In Quarantane, [14d9be745a31072fde13fa366b9821df], Dateien: 4 PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantane, [c4294fe36c1f57df3db482f011f34bb5], PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, In Quarantane, [b538f43e97f4d165b187a2177b896e92], PUP.Optional.NextLive, C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me\nengine.cookie, In Quarantane, [b23b5ad80586df57493c031edc27f40c], PUP.Optional.NextLive, C:\Users\MadlinNoxXedalia\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantane, [b23b5ad80586df57493c031edc27f40c], Physische Sektoren: 0 (keine bosartigen Elemente erkannt) (end) Und der neue FRST Log : Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015 durchgeführt von MadlinNoxXedalia (Administrator) auf JIMMY (12-12-2015 18:42:04) Gestartet von C:\Users\MadlinNoxXedalia\Desktop Geladene Profile: MadlinNoxXedalia (Verfügbare Profile: MadlinNoxXedalia & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Akamai Technologies, Inc.) C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMAE.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Akamai Technologies, Inc.) C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-03-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation) HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-10] (AVAST Software) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-06-01] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-06-01] (SEIKO EPSON CORPORATION) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [Akamai NetSession Interface] => C:\Users\MadlinNoxXedalia\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMAE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\MountPoints2: {0f09794a-7876-11e3-a376-806e6f6e6963} - D:\Setup.exe HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\...\MountPoints2: {7085169a-77d0-11e3-92d4-806e6f6e6963} - D:\CDSetup.exe HKU\S-1-5-21-1264982542-3644169772-3020182689-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Keine Datei AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation) AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-10] (AVAST Software) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\..\Interfaces\{8E59BC53-669B-4B6F-ACA7-963EE04C58DF}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{EE7416E6-35C3-4E97-9310-BA4AA4C50EE9}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-07-05] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-10] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-07-05] (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2014-10-21] (Perfect World Entertainment Inc) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-10] (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll [2014-11-13] () FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-07-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-07-05] (Oracle Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll [2014-11-13] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-15] (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [Keine Datei] FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei] FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2014-10-21] (Perfect World Entertainment Inc) FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [2010-02-03] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MadlinNoxXedalia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-25] () FF Plugin HKU\S-1-5-21-1264982542-3644169772-3020182689-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-11] Chrome: ======= CHR Profile: C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Präsentationen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28] CHR Extension: (Google Docs) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28] CHR Extension: (Google Drive) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (AdBlock) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blipnejacaoebmeelgjgifelpnikhiec [2015-02-28] CHR Extension: (YouTube) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google-Suche) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Tabellen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28] CHR Extension: (Google Docs Offline) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (AdBlock) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27] CHR Extension: (Noiz yE) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oniglohbipbekimgjdmgbbllgnejffbm [2015-02-28] CHR Extension: (Google Mail) - C:\Users\MadlinNoxXedalia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-10] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-10] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-08-17] (Adobe Systems) [Datei ist nicht signiert] S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-10] (AVAST Software) R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-04-02] (Realtek Semiconductor Corporation) [Datei ist nicht signiert] R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [Datei ist nicht signiert] R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation) S4 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-10] (Electronic Arts) R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [Datei ist nicht signiert] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [654528 2015-05-26] (Wacom Technology, Corp.) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-10] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-10] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-10] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-10] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-10] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-10] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-10] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-10] (AVAST Software) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-19] (Qualcomm Atheros Co., Ltd.) S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [535624 2013-03-28] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation ) S3 cpuz137; \??\C:\Users\MADLIN~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X] S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-12 00:25 - 2015-12-12 00:25 - 00000000 ____D C:\Program Files (x86)\ESET 2015-12-12 00:19 - 2015-12-12 00:19 - 00003875 _____ C:\Users\MadlinNoxXedalia\Desktop\viren MBAM.txt 2015-12-12 00:19 - 2015-12-12 00:19 - 00000080 _____ C:\Users\Public\Desktop\EPSON-Handbucher.lnk 2015-12-11 18:43 - 2015-12-12 18:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-11 18:42 - 2015-12-12 00:19 - 00001100 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-11 18:42 - 2015-12-11 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-11 18:42 - 2015-12-11 18:42 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-11 18:42 - 2015-12-11 18:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-11 18:42 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-11 18:42 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-12-11 18:42 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-12-11 17:51 - 2015-12-11 17:56 - 00221944 _____ C:\TDSSKiller.3.1.0.8_11.12.2015_17.51.12_log.txt 2015-12-11 17:51 - 2015-12-11 17:48 - 04676456 _____ (Kaspersky Lab ZAO) C:\Users\MadlinNoxXedalia\Desktop\tdsskiller.exe 2015-12-11 11:56 - 2015-12-11 11:59 - 00008662 _____ C:\Users\MadlinNoxXedalia\Desktop\Fixlog.txt 2015-12-10 22:33 - 2015-12-12 18:42 - 00023380 _____ C:\Users\MadlinNoxXedalia\Desktop\FRST.txt 2015-12-10 22:33 - 2015-12-12 18:42 - 00000000 ____D C:\FRST 2015-12-10 22:31 - 2015-12-10 22:32 - 02369024 _____ (Farbar) C:\Users\MadlinNoxXedalia\Desktop\FRST64.exe 2015-12-10 14:47 - 2015-12-10 14:40 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-12-10 14:41 - 2015-12-12 00:19 - 00001960 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-12-10 14:40 - 2015-12-10 14:40 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-12-10 14:36 - 2015-12-10 14:37 - 05080288 _____ (AVAST Software) C:\Users\MadlinNoxXedalia\Desktop\avast_free_antivirus_setup_online.exe 2015-12-10 00:42 - 2015-12-10 00:42 - 00000554 _____ C:\Windows\SysWOW64\out.bin 2015-12-10 00:40 - 2015-12-10 15:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\kelvin-56 2015-12-10 00:39 - 2015-12-10 22:28 - 00000000 ____D C:\ProgramData\statics-07 2015-12-10 00:34 - 2015-12-10 15:38 - 00000000 ____D C:\ProgramData\onewire-05 2015-12-10 00:32 - 2015-12-10 00:42 - 00000000 ____D C:\ProgramData\ko 2015-12-07 11:01 - 2015-12-07 11:01 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst.url 2015-12-07 10:39 - 2015-12-07 10:39 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2015-12-07 10:35 - 2015-12-07 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories 2015-12-07 10:35 - 2015-12-07 10:35 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories 2015-12-05 17:59 - 2015-12-05 17:59 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\Rocket League.url 2015-12-05 13:25 - 2013-08-21 16:13 - 00018803 _____ C:\Users\MadlinNoxXedalia\Desktop\110986_smile-dog.jpeg 2015-12-04 19:26 - 2015-12-04 19:42 - 00000085 _____ C:\Users\MadlinNoxXedalia\Desktop\wunsch.txt 2015-12-04 02:09 - 2015-12-04 02:09 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2015-12-04 02:09 - 2015-12-04 02:09 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2015-12-04 02:09 - 2015-12-04 02:09 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2015-12-04 02:09 - 2015-12-04 02:09 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2015-12-04 02:09 - 2015-12-04 02:09 - 00000000 ____D C:\Program Files (x86)\OpenAL 2015-12-04 02:04 - 2015-06-07 00:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2015-12-04 02:04 - 2015-06-07 00:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2015-12-04 00:57 - 2015-12-04 00:57 - 00000222 _____ C:\Users\MadlinNoxXedalia\Desktop\The Isle.url 2015-12-03 14:58 - 2015-12-03 14:58 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-12-03 14:57 - 2015-12-03 14:57 - 00000000 ____D C:\Program Files\Common Files\AV 2015-12-01 00:24 - 2015-12-01 13:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-12-01 00:22 - 2015-12-12 00:19 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-30 23:29 - 2015-12-12 18:29 - 00000911 _____ C:\Windows\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574}.job 2015-11-30 23:29 - 2015-11-30 23:29 - 00003978 _____ C:\Windows\System32\Tasks\EPSON WF-2660 Series Update {2BAE1787-6CC2-432C-A807-F4A75FEC7574} 2015-11-30 23:29 - 2015-11-30 23:29 - 00000000 ____D C:\Program Files\Common Files\EPSON 2015-11-30 23:14 - 2015-11-30 23:14 - 00000000 ____D C:\Program Files\EpsonNet 2015-11-30 22:50 - 2015-11-30 22:51 - 00000123 _____ C:\Users\Public\Desktop\Epson Connect Site.url 2015-11-30 22:50 - 2015-11-30 22:50 - 00001148 _____ C:\Users\Public\Desktop\EPSON-Handbücher.lnk 2015-11-30 22:47 - 2015-12-12 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software 2015-11-30 22:47 - 2015-11-30 23:53 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Epson 2015-11-30 22:47 - 2015-11-30 23:38 - 00000000 ____D C:\Program Files (x86)\Epson Software 2015-11-30 22:45 - 2015-12-12 00:19 - 00000928 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2015-11-30 22:45 - 2015-11-30 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2015-11-30 22:45 - 2015-11-30 22:51 - 00000000 ____D C:\Program Files (x86)\epson 2015-11-30 22:45 - 2014-02-25 00:00 - 00466944 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll 2015-11-30 22:45 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe 2015-11-30 22:45 - 2010-11-22 13:27 - 00147472 _____ (TWAIN Working Group) C:\Windows\SysWOW64\twaindsm.dll 2015-11-30 22:44 - 2013-12-06 04:05 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMBMAE.DLL 2015-11-30 22:44 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BMAE.DLL 2015-11-30 22:44 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL 2015-11-30 22:36 - 2015-11-30 23:31 - 00000000 ____D C:\ProgramData\Epson 2015-11-20 19:58 - 2015-11-25 22:08 - 00000000 ____D C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499 2015-11-17 22:01 - 2015-11-17 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-11-17 22:01 - 2015-11-17 22:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2015-11-17 02:57 - 2015-11-17 02:57 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\Samsung 2015-11-17 02:57 - 2015-11-17 02:57 - 00000000 ____D C:\ProgramData\Samsung 2015-11-17 02:55 - 2015-11-17 02:55 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log 2015-11-17 02:55 - 2015-11-17 02:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-11-17 02:53 - 2015-11-17 02:55 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Samsung 2015-11-17 02:53 - 2015-11-17 02:53 - 00000000 ____D C:\Program Files (x86)\Samsung 2015-11-17 02:53 - 2015-09-11 11:54 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2015-11-14 22:01 - 2015-11-14 22:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablett 2015-11-14 22:00 - 2015-11-14 22:00 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Wacom Help ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-12 18:07 - 2015-06-22 17:30 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-12-12 18:01 - 2014-01-11 09:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-12 17:58 - 2014-01-11 09:02 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-12 03:25 - 2015-03-10 23:10 - 00000000 ____D C:\Program Files (x86)\OkayFreedom 2015-12-12 00:37 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-12 00:37 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-12 00:23 - 2014-05-29 15:01 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\LogMeIn Hamachi 2015-12-12 00:22 - 2014-01-07 20:08 - 00000000 ____D C:\ProgramData\Realtek 2015-12-12 00:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-12 00:21 - 2014-12-18 22:57 - 00000000 ____D C:\Windows\PCHEALTH 2015-12-12 00:19 - 2015-05-15 14:20 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk 2015-12-12 00:19 - 2015-03-27 11:55 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2015-12-12 00:19 - 2014-12-18 22:59 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-12-12 00:19 - 2014-12-18 22:58 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-12-12 00:19 - 2014-12-14 16:11 - 00000893 _____ C:\Users\MadlinNoxXedalia\Desktop\CLIP STUDIO PAINT (64bit).lnk 2015-12-12 00:19 - 2014-11-07 17:43 - 00000571 _____ C:\Users\MadlinNoxXedalia\Desktop\PaintTool SAI Ver.1.lnk 2015-12-12 00:19 - 2014-11-07 17:43 - 00000571 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaintTool SAI Ver.1.lnk 2015-12-12 00:19 - 2014-11-05 18:36 - 00000958 _____ C:\Users\MadlinNoxXedalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk 2015-12-12 00:19 - 2014-08-17 18:23 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk 2015-12-12 00:19 - 2014-08-17 18:20 - 00002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk 2015-12-12 00:19 - 2014-08-17 18:19 - 00002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk 2015-12-12 00:19 - 2014-08-17 18:19 - 00002030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk 2015-12-12 00:19 - 2014-07-05 02:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-12-12 00:19 - 2014-03-28 21:02 - 00002511 _____ C:\Users\Public\Desktop\Skype.lnk 2015-12-12 00:19 - 2014-03-15 21:34 - 00001905 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk 2015-12-12 00:19 - 2014-02-03 22:03 - 00001607 _____ C:\Users\Public\Desktop\Play League of Legends.lnk 2015-12-12 00:19 - 2014-01-07 20:22 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2015-12-12 00:19 - 2014-01-07 20:22 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2015-12-12 00:19 - 2014-01-07 13:28 - 00001425 _____ C:\Users\MadlinNoxXedalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-12-12 00:19 - 2009-07-14 06:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2015-12-12 00:19 - 2009-07-14 05:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-12 00:19 - 2009-07-14 05:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2015-12-12 00:19 - 2009-07-14 05:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2015-12-12 00:19 - 2009-07-14 05:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2015-12-12 00:19 - 2009-07-14 05:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2015-12-12 00:19 - 2009-07-14 05:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2015-12-11 17:54 - 2011-04-12 08:43 - 00760088 _____ C:\Windows\system32\perfh007.dat 2015-12-11 17:54 - 2011-04-12 08:43 - 00173736 _____ C:\Windows\system32\perfc007.dat 2015-12-11 17:54 - 2009-07-14 06:13 - 01797514 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-11 17:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-12-10 22:36 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows 2015-12-10 14:40 - 2015-06-22 17:30 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-12-10 14:40 - 2015-06-22 17:29 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-12-10 14:27 - 2014-08-07 21:49 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\CrashDumps 2015-12-10 12:02 - 2014-04-04 22:40 - 00000000 ____D C:\Program Files (x86)\Steam 2015-12-10 11:27 - 2015-06-12 11:45 - 00000000 __SHD C:\Users\MadlinNoxXedalia\AppData\Roaming\ggfgacfg 2015-12-10 11:25 - 2014-01-19 19:23 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Skype 2015-12-08 00:39 - 2014-08-28 02:08 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\ElevatedDiagnostics 2015-12-07 23:14 - 2015-04-28 14:49 - 00000000 ____D C:\kein programm ber bilder von handy 2015-12-05 18:54 - 2014-07-18 16:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\My Games 2015-12-05 17:53 - 2014-01-11 09:02 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-05 17:53 - 2014-01-11 09:02 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-04 15:57 - 2014-11-05 18:35 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\osu! 2015-12-04 02:08 - 2014-08-02 19:56 - 00000000 ____D C:\ProgramData\Package Cache 2015-12-01 13:16 - 2014-08-17 18:18 - 00000000 ____D C:\ProgramData\Adobe 2015-12-01 12:35 - 2014-01-07 13:27 - 00000000 ____D C:\Users\MadlinNoxXedalia 2015-12-01 00:31 - 2014-08-17 18:30 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\Adobe 2015-12-01 00:30 - 2014-07-26 18:10 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\LocalLow\Adobe 2015-12-01 00:30 - 2014-01-09 04:50 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Adobe 2015-12-01 00:21 - 2014-08-17 18:17 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-11-30 22:51 - 2014-01-07 19:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-11-21 18:34 - 2014-11-07 17:43 - 00000000 ____D C:\PaintToolSAI 2015-11-20 21:49 - 2014-12-14 16:15 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\CELSYS_EN 2015-11-20 20:19 - 2015-03-20 23:29 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\CELSYS 2015-11-19 16:31 - 2014-05-02 03:26 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames 2015-11-19 16:31 - 2014-05-02 03:10 - 00000000 ____D C:\AeriaGames 2015-11-19 16:28 - 2014-05-02 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live 2015-11-19 16:08 - 2014-06-19 13:51 - 00000000 ____D C:\Users\MadlinNoxXedalia\Documents\ZU VIELE ORDNER 2015-11-14 21:59 - 2014-10-21 19:04 - 00000000 ____D C:\Program Files\Tablet 2015-11-14 21:58 - 2014-10-21 19:04 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\WTablet 2015-11-14 21:56 - 2014-01-15 14:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\TS3Client 2015-11-14 20:55 - 2014-01-15 14:37 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Local\TeamSpeak 3 Client 2015-11-14 20:22 - 2014-02-04 14:10 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\LolClient 2015-11-12 15:16 - 2014-02-25 21:13 - 00000000 ____D C:\ProgramData\Origin 2015-11-12 11:51 - 2014-07-05 09:33 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-01-07 20:10 - 2015-12-12 00:23 - 0003546 _____ () C:\Users\MadlinNoxXedalia\AppData\Local\BTServer.log Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\MadlinNoxXedalia\Setup.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-10 06:38 ==================== Ende von FRST.txt ============================ |
12.12.2015, 19:01 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Keine Datei 2015-12-10 00:42 - 2015-12-10 00:42 - 00000554 _____ C:\Windows\SysWOW64\out.bin 2015-12-10 00:40 - 2015-12-10 15:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\kelvin-56 2015-12-10 00:39 - 2015-12-10 22:28 - 00000000 ____D C:\ProgramData\statics-07 2015-12-10 00:34 - 2015-12-10 15:38 - 00000000 ____D C:\ProgramData\onewire-05 2015-12-10 00:32 - 2015-12-10 00:42 - 00000000 ____D C:\ProgramData\ko
Bitte alle Java-Versionen deinstallieren und mit der aktuellen ersetzen. Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken (z.B. hier) in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Kauf-Empfehlung: ESET Smart Security Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
13.12.2015, 05:32 | #13 |
| Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Sorry wenn die Frage blöd kommt, aber was passiert mit den Viren im Virencontainer von MBAM wenn ich dieses deinstalliere? Sind die dann wieder "frei"? |
13.12.2015, 09:18 | #14 |
/// TB-Ausbilder /// Anleitungs-Guru | Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Nein.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
13.12.2015, 23:20 | #15 |
| Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. Hier der fixlog.txt von FRST .w. Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-12-2015 durchgeführt von MadlinNoxXedalia (2015-12-13 21:17:31) Run:2 Gestartet von C:\Users\MadlinNoxXedalia\Desktop Geladene Profile: MadlinNoxXedalia (Verfügbare Profile: MadlinNoxXedalia & DefaultAppPool) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => Keine Datei 2015-12-10 00:42 - 2015-12-10 00:42 - 00000554 _____ C:\Windows\SysWOW64\out.bin 2015-12-10 00:40 - 2015-12-10 15:38 - 00000000 ____D C:\Users\MadlinNoxXedalia\AppData\Roaming\kelvin-56 2015-12-10 00:39 - 2015-12-10 22:28 - 00000000 ____D C:\ProgramData\statics-07 2015-12-10 00:34 - 2015-12-10 15:38 - 00000000 ____D C:\ProgramData\onewire-05 2015-12-10 00:32 - 2015-12-10 00:42 - 00000000 ____D C:\ProgramData\ko ***************** "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Wert Daten erfolgreich entfernt. C:\Windows\SysWOW64\out.bin => erfolgreich verschoben C:\Users\MadlinNoxXedalia\AppData\Roaming\kelvin-56 => erfolgreich verschoben C:\ProgramData\statics-07 => erfolgreich verschoben C:\ProgramData\onewire-05 => erfolgreich verschoben C:\ProgramData\ko => erfolgreich verschoben ==== Ende von Fixlog 21:17:31 ==== |
Themen zu Trojaner durch E-Mail Anhang, Avast Web Schutz gibt dauerhaft Meldungen. |
anhang, anwendung, avast, datei, e-mail, gelöscht, gen, heute, infektion, komplett, löschen, malware, meldungen, namens, nichts, offen, onlinepay24, prozess, scan, schutz, sekunden, trojaner, virus, web, win, win32 |