| |
| |||||||
Log-Analyse und Auswertung: Windows reagiert oft nicht. Fund durch AviraWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.04.2016, 14:51
| #1 |
 |  Windows reagiert oft nicht. Fund durch Avira Moin, da mein Laptop (zwar betagt, aber durchaus nützlich) beim zocken, aber auch beim surfen, oft nicht mehr reagiert, habe ich Avira drüber laufen lassen und die Funde in Quarantäne geschoben. Trotzdem reagiert der Laptop oft nicht und ich möchte gerne wieder ein sauberes System haben. Leider reagiert Avira aktuell nicht, sonst hätte ich gerne die Funde gepostet. Ich hoffe hier (mal wieder) auf Hilfe. Vielen Dank |
|
23.04.2016, 20:57
| #2 |
| /// TB-Ausbilder   | Windows reagiert oft nicht. Fund durch Avira Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
23.04.2016, 21:14
| #3 |
| | Windows reagiert oft nicht. Fund durch Avira Hi Matthias,
__________________danke für die Hilfe. Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Staples (2016-04-23 22:05:01)
Gestartet von C:\Users\Staples\Desktop
Windows 10 Home (X64) (2015-08-02 01:20:32)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1502668225-1892257724-3303000117-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1502668225-1892257724-3303000117-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-1502668225-1892257724-3303000117-503 - Limited - Disabled)
Gast (S-1-5-21-1502668225-1892257724-3303000117-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1502668225-1892257724-3303000117-1002 - Limited - Enabled)
Staples (S-1-5-21-1502668225-1892257724-3303000117-1000 - Administrator - Enabled) => C:\Users\Staples
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0315.1050.17562 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM\...\Steam App 30) (Version: - Valve)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Haushaltsbuch 5.0 (HKLM-x32\...\{0E6C1531-9546-4153-9D88-689519385319}) (Version: 5.0 - Euchler Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{E7A3B455-76AD-423A-AE5E-F431C69BF2B0}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.3.0 (HKLM-x32\...\{6B824BBF-D53C-4B61-BD66-D84734F145F8}) (Version: 1.3.0 - The Mumble Developers)
Music Manager (HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\MusicManager) (Version: - Google, Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.7-279 - myphotobook GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - Ihr Firmenname)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}) (Version: 3.30 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Warkeys 1.21.0.0b (HKLM-x32\...\Warkeys) (Version: 1.21.0.0b - )
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2A7B3111-CA95-4031-AEBE-F8E78F591055} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {2D34A571-4CEC-421F-9378-CFB7FBCD5780} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {34AE0563-2C0C-441F-B688-908CC3065303} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {34BF107D-76F5-45AD-A9DD-3313F342FAE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {374703C8-047E-458E-A707-64ED95105CB7} - \HDvid Codec V1-updater -> Keine Datei <==== ACHTUNG
Task: {37522DE3-CD46-4659-A0FA-9ACA2B27868A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {388D3AC4-01BA-4663-9003-C0F3B7DDCF9A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {38F102F6-73BF-4552-A978-F529AEB166D0} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {3914F8FB-D065-44BA-ADFB-A266017A2A98} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {3D1F5DB5-186F-4BDE-87AD-C24E5576C1B2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3D46462C-CD47-4D47-B630-A827F78431E1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {452475D1-F5A5-4BD8-9CCE-824B69FBFA48} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {4A2F2C6C-B346-4172-8DD1-E64DE3FD24AA} - \ConfigFree Startup Programs -> Keine Datei <==== ACHTUNG
Task: {53BD5C85-07E8-4A3B-975B-CF63B0078021} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {54FC8C20-F3B3-405F-B5D3-2C297BCBBB95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {55A71768-B655-420A-B641-74DC7784B873} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {567F5A78-2F13-44C0-8F13-EFD9C5A76050} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {57CFA2A7-4180-456B-BF8A-A1CAC6D0FF5F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {5EC10D66-F719-4668-86C7-4CE76079A0C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {600A2786-3EDA-4639-B8CF-19A96B5D463D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-18] (Adobe Systems Incorporated)
Task: {6F9C441D-CCCA-4CE0-8F2C-E9C5111740C5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {71459263-08A6-43E0-B086-911E2AA8F233} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {76B30A95-2680-42E6-BC07-2AF24B1A6DF5} - \HDvid Codec V1-enabler -> Keine Datei <==== ACHTUNG
Task: {7998CF8D-D393-41ED-8499-9424214EAD15} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {8350377D-88D4-4A82-8581-C3E3F5D702E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {8AF38B8A-F573-4FD1-97FA-34C76E69408F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {94D7DAC8-D08B-4E54-AA90-4E816D264D74} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {A0E8D8A4-582C-4A2F-90CC-FF163157F9ED} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A5B4F7AE-FD38-41D1-8867-3A682AAF3F4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {AA6B7129-EF76-4BCC-A791-2011AD059DF1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AC9AFF9F-874B-4DC6-9A2E-37AE14FDBEC6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B02C24DE-42E0-45C3-8DCB-74F600BF51FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {B28A4DF6-2185-42D2-B0A7-E0B90985A4F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B430142D-9787-4A1B-A30D-853E4F5EA53C} - \HDvid Codec V1-codedownloader -> Keine Datei <==== ACHTUNG
Task: {B45B70A8-461A-4044-88D2-DAAE989E045A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {C1F73BFD-54A2-4477-9E0C-9757930AD47E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {C2F99E66-9961-453E-AE82-927BB96932A5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C9E936DA-9486-4A23-8FF0-225CEA97CB40} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {CA3E81D8-FC27-43E9-B52B-E784F76687EE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CF2FA2FF-1A46-4DE6-A460-C662304D48B7} - System32\Tasks\{428DD254-78FD-48CF-AFB3-2C3E7F513096} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="2M02-K09C-4652-C94K-5T44-HAM6-KX7M-078A-3X3C-L9TT-2W5U-821H-1C12-9810-A291-0000"
Task: {D98728C8-1886-465A-8839-A6CA5519CD38} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {DB99FD54-021F-4A44-BD01-3FEB47A1DD02} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DBBE0970-979F-4DAD-BEBD-1871B5B13953} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {E450177C-00C7-42B1-B73D-9D3E38CA19D2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {EBB5871C-28D0-44B3-81EE-11DC19349E85} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {ECBB05AA-0B80-470E-9367-AE7504FB3970} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-31] (Adobe Systems Incorporated)
Task: {F107F1CF-52E4-4871-959E-200C438020FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FD9D15E4-1BE1-4205-A2A6-8D415DA064B9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core.job => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA.job => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-08-02 02:52 - 2015-08-02 02:52 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-02 02:52 - 2015-08-02 02:52 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2010-04-06 14:53 - 2010-04-06 14:53 - 00578936 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2015-08-05 22:14 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-05 22:14 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-22 21:51 - 2016-04-22 21:51 - 00959176 _____ () C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-11 22:14 - 2015-08-03 03:30 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-08-11 22:14 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-11 22:14 - 2015-08-03 03:08 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-11 22:14 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-22 21:51 - 2016-04-22 21:51 - 00679624 _____ () C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [125]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [1792]
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys [1792]
AlternateDataStreams: C:\Users\Staples\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\AppData\Local\Verlauf:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\Documents\desktop.ini:gs5sys [3074]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2015-07-29 09:43 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Staples\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Mobile Partner. RunOuc => 2
MSCONFIG\Services: rpcnet => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
MSCONFIG\startupfolder: C:^Users^Staples^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Battle.net.lnk => C:\Windows\pss\Battle.net.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GameXN GO => "C:\ProgramData\GameXN\GameXNGO.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP ENVY 4500 series (NET) => "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3CA2Q7BT060F:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: MusicManager => "C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{DAB9098E-BCC6-43EA-914C-180FB28B1190}C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe
FirewallRules: [TCP Query User{251DD3FB-685E-4277-A791-97947ED3BBDC}C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe
FirewallRules: [{463D4E6D-28F7-4D94-A1EF-2AE3B45CC574}] => (Allow) C:\Program Files (x86)\Diablo 3\StarCraft II\StarCraft II.exe
FirewallRules: [{AE158F70-72C1-46F9-BA84-33C2EA6B3B3A}] => (Allow) C:\Program Files (x86)\Diablo 3\StarCraft II\StarCraft II.exe
FirewallRules: [{1DF298B3-BCA9-4322-BF0D-7E7A8D0411B3}] => (Allow) C:\Program Files (x86)\Diablo 3\Hearthstone\Hearthstone.exe
FirewallRules: [{6BE7CCFD-90A5-47A6-98C0-D94F8828BEFE}] => (Allow) C:\Program Files (x86)\Diablo 3\Hearthstone\Hearthstone.exe
FirewallRules: [UDP Query User{43046A62-F0A0-4B78-BC6D-73F1B01E7651}C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{87291E13-B742-4A4A-AED6-D08F55710435}C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [{BFE6636C-05E2-496D-83EB-354A37E72F72}] => (Allow) E:\FSetup.exe
FirewallRules: [{2F6F6651-43F1-45FE-8A9C-14AE9E829319}] => (Allow) E:\FSetup.exe
FirewallRules: [UDP Query User{E0D19048-7F9B-4F6A-91B7-1590A722B9B4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{78FCE144-CD62-460B-AA88-D6AC01C7055B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{5A874BB2-6927-4F44-AE2F-4E3EA3A92D8D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F3921869-22F6-48EA-8FA0-2065F05EEE26}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C309552C-6031-4C74-8CFE-268AFE41FC91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F516593-A61A-4EBB-8DC7-9D4BD3A6339A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7CAD7E71-0BD5-4A7C-9DBB-A1066D3C6A25}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{6DC5F174-9CCB-4632-AF90-D738CD1E5594}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{076E4404-43AE-4B3E-91B4-D17DA167A4E9}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{79128DD4-E18B-4A1D-A061-2F0ACB0A4CBE}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{A5C16E36-0195-4CE1-AB02-693C5900B83E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BAE76957-0503-40B0-B2F3-8B0C9CBCBD4E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{33236DBE-44A0-48ED-91AF-01B34211077E}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{D07EA77B-DED6-4010-99C5-BFA6E53C158F}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BCC5A689-B1ED-412A-B131-C003122C2F5C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D90623C6-113B-469F-B20E-6667CFCCBBE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5CF2A2CE-FC1A-4BA6-B8D6-CA8ED53E2855}] => (Allow) LPort=1900
FirewallRules: [{BDA74D07-EE95-44EB-BCA8-DAE09A7C4185}] => (Allow) LPort=7900
FirewallRules: [{3FF958D2-792D-4E41-945D-DFF5316E9344}] => (Allow) LPort=24234
FirewallRules: [{52C311B7-95FA-42CF-A667-B353CFF3CE01}] => (Allow) LPort=7679
FirewallRules: [{1564CB85-C992-4B74-B414-6CB4ED63B1FF}] => (Allow) LPort=7676
FirewallRules: [{05B80B2B-64CA-4120-AED3-FDC1C63268F8}] => (Allow) LPort=8643
FirewallRules: [{94C5872C-096D-45FE-A386-A704F37CCD41}] => (Allow) LPort=8743
FirewallRules: [{85D1FCA6-5AAE-40ED-BC8A-661A80BB825C}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0CDCC238-9293-4960-A01E-ADBC24DE2426}] => (Allow) LPort=5357
FirewallRules: [{E6C70617-CBAC-4EAE-8821-ED72246690C8}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{7A11A418-B75D-4C52-96DA-9CA4B8DD999A}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{E81E2219-DCB7-40E3-9C0B-65EE6AB363AF}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{4B2CDB83-6F00-4483-9EC4-5DDEA19FA0AB}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{820B410A-B60B-46BC-B15D-A930CEC2752A}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{1A50E5AF-C87D-4180-9BDD-1356CD48961F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{262DE6E1-3D09-4960-B0BD-452E77ED4E4B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{1886E3CF-BBAA-45BA-BDBF-DF68C5649FDA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{622BAA4C-8B46-4565-B206-E2786189BFCA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6389EC2A-ABC7-46A4-B4B6-79C2FEC0B024}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{16313845-2B0C-4CF9-A3A4-19C03180546F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{DD06D80F-7ACB-4661-8F85-699B83430D5A}] => (Allow) LPort=1900
FirewallRules: [{D6471186-80C3-43C1-84E3-742026E8539C}] => (Allow) LPort=2869
FirewallRules: [{70392273-5556-4955-B447-E97E32091F68}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{84DDAC82-808E-4E2D-9789-A52F53C0D4DC}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe
FirewallRules: [TCP Query User{50C46697-1E82-4C15-9E29-B1A32888100E}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe
FirewallRules: [UDP Query User{E5048485-2062-4C31-AC52-00DCEC838ACB}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe
FirewallRules: [TCP Query User{23A89A76-ED93-43B5-8B46-17A9B4C72C2F}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe
FirewallRules: [{974C9DC9-9006-4816-8119-CA81896AAA61}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{17EB269A-3379-47DF-B6B9-9499EA3D64DD}] => (Allow) svchost.exe
FirewallRules: [{AC3A1281-9F11-429D-ADFD-D6D233994896}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{485D1D0E-997B-4638-B1CF-57A62F63A6FD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{04E04B5C-DE15-460A-914A-A5B081BD09C2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9BE9D350-3FA7-420B-AAD5-56F5F27AB135}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DEF5B45F-AF3C-4AB4-891C-F2C91B263928}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{05C1E0E9-3DEA-440C-BD56-17C383E892B5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E52537E4-F94C-4C42-B831-1F656622A8CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7BF7CD7-6A47-4FC6-AFFF-7A8DB6844C2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5A860695-8579-416A-A287-40C07810B5BE}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe
FirewallRules: [UDP Query User{6B00BD4E-D83B-4199-BF07-A93E703B642B}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe
FirewallRules: [TCP Query User{6081101E-1662-45E3-97DC-A46F1856706C}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe
FirewallRules: [UDP Query User{92F466A6-9A25-459E-82D3-C6D2B2AC43C1}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe
FirewallRules: [TCP Query User{839A40D7-5698-45A5-AEC4-E880FC49092E}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{BB8B1D12-AAE0-4DE7-98E5-ED54A144FDB6}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{5A85E686-28AD-40A9-AD95-0AB1053FAB9C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{9056D4F4-F01C-40EA-B5C0-325981AD555C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{075F0F34-0735-46B8-8665-55A38DCBB6F4}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe
FirewallRules: [UDP Query User{C75B5420-C5D6-4C49-A150-E68C2BB76418}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe
FirewallRules: [TCP Query User{31F80D6F-AEF1-4457-819E-786C7090118D}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{C0F385F3-870D-4B35-AAB2-F5D43D48C33C}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{EE979479-45C4-459C-887E-C2E698DF3D85}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{E04E306A-36DD-459B-ABEC-3D2B65388F3A}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{D5BBB418-E1FF-4F0D-808F-03F8C93F1389}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4781C4DA-2B16-4012-875F-A5E91EA891F3}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{F4E51C64-B712-4C49-8607-2D1F80E314F6}C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe
FirewallRules: [UDP Query User{1E67D163-DC92-4131-9178-206AA862968B}C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe
FirewallRules: [TCP Query User{91008239-45AF-45C7-876E-C2CC8F1AECD9}C:\users\staples\downloads\downloader_diablo2_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_dede.exe
FirewallRules: [UDP Query User{08768379-FEF5-42D1-BB62-FDB41C2153A0}C:\users\staples\downloads\downloader_diablo2_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_dede.exe
==================== Wiederherstellungspunkte =========================
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Stefan Hellma (Galaxy
Description: GT-I9505
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Samsung Electronics Co., Ltd.
Service: WUDFWpdMtp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/23/2016 09:23:32 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5608) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (04/23/2016 09:23:32 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5608) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (04/23/2016 09:23:22 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5608) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (04/23/2016 09:23:22 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5608) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (04/23/2016 09:23:11 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5608) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (04/23/2016 09:23:11 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5608) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (04/23/2016 09:23:01 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5608) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (04/23/2016 09:23:01 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5608) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (04/23/2016 09:22:51 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5608) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (04/23/2016 09:22:51 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5608) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Systemfehler:
=============
Error: (04/23/2016 09:58:20 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (04/23/2016 09:58:03 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (04/23/2016 09:21:17 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (04/23/2016 09:05:08 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (04/23/2016 07:11:03 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.
Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x100000004ba46. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".
Error: (04/23/2016 07:07:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" wurde nicht richtig gestartet.
Error: (04/23/2016 07:07:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" wurde nicht richtig gestartet.
Error: (04/23/2016 07:04:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/23/2016 07:04:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.
Error: (04/23/2016 07:04:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
CodeIntegrity:
===================================
Date: 2016-03-17 00:34:13.874
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-14 08:44:09.391
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-11 22:12:58.712
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-06 16:59:53.713
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-01 23:08:44.158
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-28 21:20:12.104
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-26 16:56:32.380
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-23 20:21:56.876
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-23 09:00:54.734
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-23 09:00:54.718
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Prozentuale Nutzung des RAM: 47%
Installierter physikalischer RAM: 3954.67 MB
Verfügbarer physikalischer RAM: 2064.35 MB
Summe virtueller Speicher: 7922.67 MB
Verfügbarer virtueller Speicher: 5840.73 MB
==================== Laufwerke ================================
Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:41.92 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:145.24 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 40D49AEE)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Staples (Administrator) auf STAPLES-TOSH (23-04-2016 22:03:27)
Gestartet von C:\Users\Staples\Desktop
Geladene Profile: Staples (Verfügbare Profile: Staples & DefaultAppPool)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [Google Update] => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [MusicManager] => C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [583680 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk [2016-02-29]
ShortcutTarget: Warkeys Update.lnk -> C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
BootExecute: autocheck autochk /p \??\C:autocheck autochk /m /P \Device\HarddiskVolume2autocheck autochk /m /f \Device\HarddiskVolume2autocheck autochk *
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{214a7604-97a2-44e4-9116-57a232caae45}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e151f280-f994-498c-b104-4491eea55f73}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
SearchScopes: HKLM -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {4FEE286E-218C-4BF0-B386-BA499B29169B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {D1F998F5-B874-47D1-BDDD-B50E44A73288} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857
FF DefaultSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-31] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-31] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857\searchplugins\bildde.xml [2015-12-13]
FF Extension: Adblock Plus - C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-25]
Chrome:
=======
CHR Profile: C:\Users\Staples\AppData\Local\Google\Chrome\User Data\default
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-17] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-08-02] (Broadcom Corporation.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-17] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-08-02] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-11-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 MWAC; \??\C:\WINDOWS\SysWOW64\drivers\ [0 ] () <==== ACHTUNG (Null Byte Datei/Ordner)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-08-20] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-08-02] (Toshiba Corporation)
U5 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [212072 2009-09-24] (TOSHIBA CORPORATION)
U5 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [50664 2009-06-19] (TOSHIBA Corporation)
U5 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [94336 2009-06-19] (TOSHIBA Corporation.)
U5 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [63856 2009-08-05] (TOSHIBA Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-23 22:03 - 2016-04-23 22:04 - 00020981 _____ C:\Users\Staples\Desktop\FRST.txt
2016-04-23 22:03 - 2016-04-23 22:03 - 00000000 ____D C:\FRST
2016-04-23 22:02 - 2016-04-23 22:03 - 02375680 _____ (Farbar) C:\Users\Staples\Desktop\FRST64.exe
2016-04-23 21:58 - 2016-04-23 21:58 - 00016148 _____ C:\WINDOWS\system32\STAPLES-TOSH_Staples_HistoryPrediction.bin
2016-04-20 12:03 - 2016-04-20 12:03 - 00000000 _____ C:\WINDOWS\SysWOW64\shoE1C4.tmp
2016-04-19 00:09 - 2016-04-19 00:09 - 00000000 ____D C:\Users\Staples\Documents\Diablo II
2016-04-19 00:07 - 2016-04-19 00:09 - 00000717 _____ C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
2016-04-19 00:07 - 2016-04-19 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-04-18 23:25 - 2016-04-18 23:25 - 02771704 _____ (Blizzard Entertainment) C:\Users\Staples\Downloads\Downloader_Diablo2_deDE.exe
2016-04-18 23:12 - 2016-04-18 23:13 - 02689174 _____ (Blizzard Entertainment) C:\Users\Staples\Downloads\Downloader_Diablo2_Lord_of_Destruction_deDE.exe
2016-04-15 20:41 - 2016-04-15 20:41 - 00000017 _____ C:\WINDOWS\SysWOW64\shortcut_ex.dat
2016-04-12 21:11 - 2016-04-15 20:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-08 21:43 - 2016-04-08 21:43 - 00016622 _____ C:\Users\Staples\Desktop\Sobri.odt
2016-04-03 07:37 - 2016-04-03 07:37 - 00275040 _____ C:\WINDOWS\Minidump\040316-38109-01.dmp
2016-03-28 21:07 - 2016-03-28 21:07 - 00000218 _____ C:\Users\Staples\Desktop\Day of Defeat.url
2016-03-28 20:14 - 2016-03-28 20:14 - 00000000 ____D C:\Users\Staples\AppData\Local\Steam
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-23 22:01 - 2014-01-18 21:26 - 00000000 ____D C:\Users\Staples\AppData\Local\Battle.net
2016-04-23 21:39 - 2014-08-04 23:59 - 00001154 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA.job
2016-04-23 21:32 - 2016-01-10 22:13 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-23 20:39 - 2014-08-04 23:59 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core.job
2016-04-23 19:32 - 2016-01-10 22:13 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-23 19:20 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-23 19:18 - 2014-01-18 21:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-23 19:03 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-23 16:28 - 2015-10-30 21:27 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-23 16:12 - 2015-12-12 21:58 - 00000000 ____D C:\WINDOWS\Panther
2016-04-23 16:06 - 2014-01-18 21:34 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-04-23 15:52 - 2014-07-22 18:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-23 15:44 - 2014-08-15 21:33 - 00049536 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\agremove.exe
2016-04-23 15:42 - 2015-08-02 01:59 - 00017920 _____ C:\WINDOWS\system32\rpcnetp.exe
2016-04-23 10:42 - 2014-12-08 22:53 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-04-23 09:31 - 2010-10-31 01:15 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BE5EF183-990B-42DC-8793-FA5A454ADFA0}
2016-04-23 06:24 - 2015-08-02 02:11 - 00000000 ____D C:\Users\Staples
2016-04-22 21:51 - 2015-08-02 03:25 - 00002400 _____ C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-22 21:51 - 2015-08-02 03:25 - 00000000 ___RD C:\Users\Staples\OneDrive
2016-04-22 21:04 - 2015-07-10 11:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-22 20:04 - 2015-08-02 02:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-22 15:46 - 2015-09-03 20:13 - 00001218 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-04-22 15:46 - 2015-08-24 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-20 12:16 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-19 00:14 - 2011-09-22 17:56 - 00000618 _____ C:\BnetLog.txt
2016-04-19 00:09 - 2010-10-29 17:20 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-04-17 22:22 - 2014-01-18 21:17 - 00000000 ____D C:\Users\Staples\AppData\Roaming\Mumble
2016-04-16 22:27 - 2010-11-01 16:50 - 00000000 ____D C:\Users\Staples\AppData\Roaming\TS3Client
2016-04-15 20:39 - 2013-12-27 17:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 23:02 - 2013-08-15 01:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 22:56 - 2010-10-31 19:28 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-11 17:51 - 2015-08-02 02:09 - 00007412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-11 17:51 - 2015-07-10 18:34 - 01165958 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-11 17:51 - 2015-07-10 18:34 - 00279796 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-08 21:43 - 2014-07-05 10:58 - 00000000 ____D C:\Users\Staples\Desktop\JTP
2016-04-06 20:32 - 2015-07-10 13:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-03 07:37 - 2015-08-02 17:39 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-31 22:57 - 2012-12-25 11:58 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-31 20:28 - 2012-12-25 11:58 - 00003876 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-30 20:47 - 2014-12-27 00:56 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-03-28 21:07 - 2014-07-22 19:35 - 00000000 ____D C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-25 22:17 - 2016-03-21 00:26 - 00000000 ____D C:\Users\Staples\Desktop\Tomb Raider II
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2010-10-31 19:55 - 2010-10-31 19:55 - 0000095 _____ () C:\Users\Staples\AppData\Local\fusioncache.dat
2014-08-01 23:59 - 2014-08-01 23:59 - 0016958 _____ () C:\Users\Staples\AppData\Local\gem.ico
2014-08-01 23:59 - 2014-08-01 23:59 - 0127112 _____ () C:\Users\Staples\AppData\Local\mybet.ico
2014-03-29 01:34 - 2014-11-18 20:59 - 0007607 _____ () C:\Users\Staples\AppData\Local\Resmon.ResmonCfg
2014-06-17 15:35 - 2014-06-17 15:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-11-02 12:45 - 2010-11-02 12:45 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-12-07 00:47 - 2015-12-07 00:47 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Einige Dateien in TEMP:
====================
C:\Users\Staples\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-18 23:41
==================== Ende von FRST.txt ============================
Geändert von StefanHe (23.04.2016 um 21:20 Uhr) |
|
23.04.2016, 21:17
| #4 |
| | Windows reagiert oft nicht. Fund durch AviraCode:
ATTFilter 22:15:24.0248 0x145c TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
22:15:26.0529 0x145c ============================================================
22:15:26.0529 0x145c Current date / time: 2016/04/23 22:15:26.0529
22:15:26.0529 0x145c SystemInfo:
22:15:26.0529 0x145c
22:15:26.0529 0x145c OS Version: 10.0.10240 ServicePack: 0.0
22:15:26.0529 0x145c Product type: Workstation
22:15:26.0529 0x145c ComputerName: STAPLES-TOSH
22:15:26.0529 0x145c UserName: Staples
22:15:26.0529 0x145c Windows directory: C:\WINDOWS
22:15:26.0529 0x145c System windows directory: C:\WINDOWS
22:15:26.0529 0x145c Running under WOW64
22:15:26.0529 0x145c Processor architecture: Intel x64
22:15:26.0529 0x145c Number of processors: 4
22:15:26.0529 0x145c Page size: 0x1000
22:15:26.0529 0x145c Boot type: Normal boot
22:15:26.0529 0x145c ============================================================
22:15:26.0576 0x145c KLMD registered as C:\WINDOWS\system32\drivers\41952443.sys
22:15:26.0857 0x145c System UUID: {88AB3D5C-8AA2-5A06-C7E5-DEA68E409D3C}
22:15:27.0389 0x145c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:15:27.0389 0x145c ============================================================
22:15:27.0389 0x145c \Device\Harddisk0\DR0:
22:15:27.0389 0x145c MBR partitions:
22:15:27.0389 0x145c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D1C3000
22:15:27.0389 0x145c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D28B800, BlocksNum 0x1D0FA800
22:15:27.0389 0x145c ============================================================
22:15:27.0420 0x145c C: <-> \Device\Harddisk0\DR0\Partition1
22:15:27.0467 0x145c D: <-> \Device\Harddisk0\DR0\Partition2
22:15:27.0467 0x145c ============================================================
22:15:27.0467 0x145c Initialize success
22:15:27.0467 0x145c ============================================================
22:15:32.0795 0x1b6c ============================================================
22:15:32.0795 0x1b6c Scan started
22:15:32.0795 0x1b6c Mode: Manual; SigCheck; TDLFS;
22:15:32.0795 0x1b6c ============================================================
22:15:32.0795 0x1b6c KSN ping started
22:15:35.0092 0x1b6c KSN ping finished: true
22:15:35.0779 0x1b6c ================ Scan system memory ========================
22:15:35.0779 0x1b6c System memory - ok
22:15:35.0795 0x1b6c ================ Scan services =============================
22:15:36.0014 0x1b6c [ 22CE801AD25C51E2553F41A076BB0CB2, 0520216417F1619FB642734EC937C59D5E79A24306C1E9B793C82FAE077851E6 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
22:15:36.0061 0x1b6c 1394ohci - ok
22:15:36.0092 0x1b6c [ 2C49A2441EBB24C6ACFB524C1459115F, 0ABACB6F21C41C0297994E61F1BFABB3905AF6B569D0446FE8E174EB9225B8EF ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
22:15:36.0108 0x1b6c 3ware - ok
22:15:36.0170 0x1b6c [ B87D3D07FE6F15328C6860D542F0E2BD, 46CF069EDD7DBFB4DB800BABA3081DAB363DD2CFD724AFF5916D3419F62A3574 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
22:15:36.0201 0x1b6c ACPI - ok
22:15:36.0233 0x1b6c [ 1E3C4EDBB7F3F668B7205E351010BB79, A3CA12F72836C4F77B671264828B370B9EBA9CD71110E2C0514994760B6B12FF ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
22:15:36.0248 0x1b6c acpiex - ok
22:15:36.0264 0x1b6c [ 13B1C26AEDCB40082CDD97506F968129, 883442206B4C60AA493E84CC3037B6C1568441E1F43D2B1FCBFD8D87D135D511 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
22:15:36.0279 0x1b6c acpipagr - ok
22:15:36.0311 0x1b6c [ B3D64FF927D611721DA73A61BF3A18B3, 96B51AFDC3078B5088AAF66F0CF3E07D2FCBBC84A19D309A25DF0A5C6CECB958 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
22:15:36.0326 0x1b6c AcpiPmi - ok
22:15:36.0358 0x1b6c [ 19F793B2203D94AC1F8AEDB08B494E2E, DC98CCF9935E1F1C32FA88575A9A678B74916EFF48E39A64CF1FF92232F64A52 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
22:15:36.0373 0x1b6c acpitime - ok
22:15:36.0467 0x1b6c [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:15:36.0467 0x1b6c AdobeARMservice - ok
22:15:36.0639 0x1b6c [ A9D55370A0CBADD1E1E2B4796ACD26DF, 9FD0C2B1206321B34D97FF3D01C5C811022DA76DA667DB6ECCF2746437A706A2 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:15:36.0654 0x1b6c AdobeFlashPlayerUpdateSvc - ok
22:15:36.0764 0x1b6c [ 2A24E10C1A1DE0E0035E353EED494A1C, CBBFA86578BE74CAADDCA923D65E3BFFC57BC17B887936ADE5C6952530546A22 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
22:15:36.0795 0x1b6c ADP80XX - ok
22:15:36.0858 0x1b6c [ 6C12C7E01A4F64E0AA9C88AF66955CC9, 81A413702909341F8694823EC83FBA0089523D7EC927B80E55E0779BB83AD263 ] AFD C:\WINDOWS\system32\drivers\afd.sys
22:15:36.0873 0x1b6c AFD - ok
22:15:36.0920 0x1b6c [ EF09D07626820F7F89519514C17FE768, C3EC1DC163CD5946270ED876CD414889BBF2C586A8AF5DC7825FA5D77001E827 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
22:15:36.0936 0x1b6c agp440 - ok
22:15:36.0967 0x1b6c [ 8A289EF0721F95267BF2404BABEE146D, E263D258F03DF3BB405D49AE7230C37E7EB8F392FDEE48059C7C1E3709520D35 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
22:15:36.0998 0x1b6c ahcache - ok
22:15:37.0030 0x1b6c [ C301499987AF909258774AE9DC5778BB, 3ED539C999847116AE9DB9C8C5A34AB09703BAE3018E1EAF6DBC779BB6736F32 ] AJRouter C:\WINDOWS\System32\AJRouter.dll
22:15:37.0045 0x1b6c AJRouter - ok
22:15:37.0092 0x1b6c [ DD69535D379F9E40AD0D6002887AAA99, 579DD18CE2B264B4058C6069B8AEE6FD9FE6A882B7DA19E300DFE40B37A4E5BE ] ALG C:\WINDOWS\System32\alg.exe
22:15:37.0108 0x1b6c ALG - ok
22:15:37.0155 0x1b6c [ BBADD85854BFB5D43C60B7AC8EEA3DBA, 968C043ABEA46F5C79525863B3FE2681AC0FA4202036C9EFD20B408DECF407E2 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
22:15:37.0186 0x1b6c AMD External Events Utility - ok
22:15:37.0201 0x1b6c [ 6763084E8322A4876D1613854640F914, 89EEEB47517A9964FA799821E5E45BDD6009EBDC628D6DADE6A7F03DE7CDA6CD ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
22:15:37.0217 0x1b6c AmdK8 - ok
22:15:37.0248 0x1b6c amdkmdag - ok
22:15:37.0295 0x1b6c [ 17BA5C907E14947574CBB788F4CEB85F, EAA3DBF436637C58666A91905E388287FC54334EBB2589A00727EB09AC4870E3 ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
22:15:37.0326 0x1b6c amdkmdap - ok
22:15:37.0358 0x1b6c [ DE29D8AB57AD67D4940CAB4A48B3E230, 4E92AFCD9107573DAB8E65AC6318E4B8851DCCBE17E135DFF8CF5733210B52E6 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
22:15:37.0373 0x1b6c AmdPPM - ok
22:15:37.0405 0x1b6c [ 4C1F9BBAF5CCD76D4642F3B92B97B454, 514CCAA8B586B1019658BE101046386EB727AD48D7913AEF9A168763E91F0DE5 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
22:15:37.0420 0x1b6c amdsata - ok
22:15:37.0451 0x1b6c [ F8195C1A15955180DD663E7FF4C2F6DD, F3C0C6B38FB9478217EE25EBDBDF7A18F01B97655BC38373E70E71171705D5E9 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
22:15:37.0467 0x1b6c amdsbs - ok
22:15:37.0483 0x1b6c [ DD2F5BBCFAC4D8E48DB1A95A7EEBFF08, 619E3106072C6F785144D785C4AFB4C607CAF7ED29AAA4A1411BE262E62B7ADE ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
22:15:37.0498 0x1b6c amdxata - ok
22:15:37.0670 0x1b6c [ 37CD9EB03B36D8329F96BA921470DB54, 0CD3BFBA51F84D83E3B208D2BED7CE8E91B447B2037014663EC7CB8E5A925201 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
22:15:37.0717 0x1b6c AntiVirMailService - ok
22:15:37.0780 0x1b6c [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
22:15:37.0795 0x1b6c AntiVirSchedulerService - ok
22:15:37.0858 0x1b6c [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirService C:\Program Files (x86)\Avira\Antivirus\avguard.exe
22:15:37.0873 0x1b6c AntiVirService - ok
22:15:37.0951 0x1b6c [ 1F5CC3C23E10290A3FF9CAA74AA30D07, A4F1F3465A5E0A914EE5A4FEF4A6B639956BA04B7145EF68820BC2A15DEE4162 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
22:15:37.0998 0x1b6c AntiVirWebService - ok
22:15:38.0061 0x1b6c [ E4AFE476D9F758514A8A571DF6A24372, A37055A2CDB577CC8B76D4B020924A6C68D94166C1C9A64F7C0E9E16692709FC ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll
22:15:38.0076 0x1b6c AppHostSvc - ok
22:15:38.0108 0x1b6c [ 46AAF119090573A80D603745582229ED, 8D7C4AED66DD32A104965DC23D17C0815CD1BE2E3D52375C1A63863664EE174F ] AppID C:\WINDOWS\system32\drivers\appid.sys
22:15:38.0123 0x1b6c AppID - ok
22:15:38.0155 0x1b6c [ 24315B385F515D6D5476757EAFD62633, CE645397BF43CC54B864A0E4FCB86F76C10B9C2D2482E85DBBE15EF7BF045F17 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
22:15:38.0186 0x1b6c AppIDSvc - ok
22:15:38.0201 0x1b6c [ 2CE396457D5C18F034D243EC7E159010, DDF588A568DF5EAE058DF315535BD746760363E2242EF8C705F8DCBA2D5DA4A7 ] Appinfo C:\WINDOWS\System32\appinfo.dll
22:15:38.0217 0x1b6c Appinfo - ok
22:15:38.0248 0x1b6c [ A8AC0B8ED134888731D1A1BCEF930FA1, 917D2C99CB28C5F20BA386148B6A93541AEF900A9A99D310D732B501322945E5 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
22:15:38.0280 0x1b6c AppReadiness - ok
22:15:38.0373 0x1b6c [ 685EBF5E358AC2CA03AB404AE084F5B1, 7398D524207ECD35ADF891DD83BC57C111CC74EA3AAB6D11F9A3B195C400A70B ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
22:15:38.0467 0x1b6c AppXSvc - ok
22:15:38.0498 0x1b6c [ 0756EECAC010BE449D07502DF27E7701, 6A895CA80050D021DB5E130102F626027339A22673B7C15C51A375C0401F03D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
22:15:38.0514 0x1b6c arcsas - ok
22:15:38.0608 0x1b6c [ BD63768F58666341BE007DAA21B3A063, 1D6112E97042E19E4D916AA22F8AEB7FCC2F36CA45F55049D77042DAF3B8847C ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:15:38.0623 0x1b6c aspnet_state - ok
22:15:38.0670 0x1b6c [ A5792F971EFE86B7F56EE7299ED1082B, 82DCD15E2C9D8A3EA663941C9CE73020FEEF2F91354D0BB51E8A142AA1E30217 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
22:15:38.0686 0x1b6c AsyncMac - ok
22:15:38.0701 0x1b6c [ 8921DF6060DB5C7700AA48CB12E9EA08, 8F18841B454CDE4926C50B23F818D00ECE0AE884DB198E396445CB44CB39B2C4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
22:15:38.0701 0x1b6c atapi - ok
22:15:38.0748 0x1b6c [ 0966FD5BAB1F9BE200875E9EED0A0A13, F4BE70C0581B51ED6DAE6412A5FF74AE310BF88DE89C5A5E5880BEED543B01D7 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys
22:15:38.0764 0x1b6c AtiHDAudioService - ok
22:15:38.0811 0x1b6c [ 240FF83DD79546B26F187FAB20F83864, C4DC0159016B4A4630357131E614814C068D07BEA94AAF6393E882A78C9FCA1E ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
22:15:38.0842 0x1b6c AudioEndpointBuilder - ok
22:15:38.0905 0x1b6c [ 5D6D5DA39A402AE7B05047781699ABDE, E3E4A7BA6E92190F9D9D6AD9AE084E293D2E271089CA78503AD72D7F39492459 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
22:15:38.0967 0x1b6c Audiosrv - ok
22:15:38.0998 0x1b6c [ 5CF5E80616F74B769AABCF76FEA791D1, CA56643D41DB4E139FE85098DCD67187AAC126CE2414276364A97334E15F9F53 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:15:38.0998 0x1b6c avgntflt - ok
22:15:39.0030 0x1b6c [ 8AC3D6C2E2B0B22E918817A96DA4875E, AE6FB86A09373918DD7FA7E19DA9B2915AAAE6DDF5939245F44B5512E3710E1B ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:15:39.0045 0x1b6c avipbb - ok
22:15:39.0123 0x1b6c [ 8B86696A7030DDBD85B64621BD5B9C44, 9C22C8C5AC39A7138A669A6C4CA9753A6D2F21CFDFB8A1F1A34CB0AFC9DA9F0D ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
22:15:39.0139 0x1b6c Avira.ServiceHost - ok
22:15:39.0170 0x1b6c [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:15:39.0186 0x1b6c avkmgr - ok
22:15:39.0233 0x1b6c [ 02488D56FE0DB002CE3B1E120A0ED889, 487067731C2CA1BA8A1CF1C403C2342C153E6BE0CE9B003D914D9647059EFDBD ] avnetflt C:\WINDOWS\system32\DRIVERS\avnetflt.sys
22:15:39.0233 0x1b6c avnetflt - ok
22:15:39.0264 0x1b6c [ 2F7F80543129210CA75995D0DCA488E8, 353E598FF26FA363C02A2B44BA8D7D1ED97B8AC8C69F1B5C5D521BD0D5D5AB94 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
22:15:39.0295 0x1b6c AxInstSV - ok
22:15:39.0342 0x1b6c [ 00D64E82900E4EC9062805ED87C2D75A, 577110F9A7C6C2C4CF86FFF4F60E23F61623ED325FC950033900A5102754A677 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
22:15:39.0358 0x1b6c b06bdrv - ok
22:15:39.0389 0x1b6c [ 5164A66EC1565711A7B4CF2F143B4979, DA29F0FB63F3EB2BF92D51FEB4BB7D2B964553D2F634556325953927464CB3A5 ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
22:15:39.0420 0x1b6c BasicDisplay - ok
22:15:39.0436 0x1b6c [ F4C58BBF2972BD84C73F6A14CA35AC4E, B7A226EB861B63ACF4BF9B5A331ACA6FFC9B787DCCAA7697EEFC4F634508A6D5 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
22:15:39.0451 0x1b6c BasicRender - ok
22:15:39.0498 0x1b6c [ F8FE7E12F8151E0A17C23CF840599F9A, 5D1AA3A5DAC08B521A7BE775F32434AFF1F5F19B69CD16D2D94B0D399E61C371 ] bcbtums C:\WINDOWS\system32\drivers\bcbtums.sys
22:15:39.0514 0x1b6c bcbtums - ok
22:15:39.0780 0x1b6c [ 0D18E63714387277DDBBAE762F7C4317, D7AD836BE80756E0A99B753B502AFA4CECAD15747052D17D4060D6553F939F6C ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys
22:15:40.0045 0x1b6c BCM43XX - ok
22:15:40.0217 0x1b6c [ ACB44407FF63C3A5A22AB5782F209604, 86BE221F07EB49D2149710CCCE4F0C24677560FEFD41F093C6D2BA0C962CF5C3 ] BcmBtRSupport C:\WINDOWS\system32\BtwRSupportService.exe
22:15:40.0280 0x1b6c BcmBtRSupport - ok
22:15:40.0311 0x1b6c [ 25349D0B334E528667980948ED107D89, 70EF9D3B8DCAC6E9720C6F3EBC77392FADC182A6925F9024FE30A21321E0137F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
22:15:40.0326 0x1b6c bcmfn2 - ok
22:15:40.0358 0x1b6c [ DF78B56EEE6004DEE8CE57763128075E, 5758CAF4B0182F3F2E2508B3BB58B0271F2689808D09675B2753FE373D1D77D2 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
22:15:40.0389 0x1b6c BDESVC - ok
22:15:40.0436 0x1b6c [ 1E8A9267F8886803AAE02982FC1B5BC4, 655DF84E037BD6E582A6BA89737A4388956219171AF7253D126E54A23F16BE59 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:15:40.0451 0x1b6c Beep - ok
22:15:40.0498 0x1b6c [ 7FAFFFC4C59F5010D6E7CEA152076B92, 945FD6C04E109D4E5A4164BAA9A8120EC85AB809555AAD83E61B9F179F976FD7 ] BFE C:\WINDOWS\System32\bfe.dll
22:15:40.0514 0x0154 Object required for P2P: [ 37CD9EB03B36D8329F96BA921470DB54 ] AntiVirMailService
22:15:40.0545 0x1b6c BFE - ok
22:15:40.0608 0x1b6c [ BD60F5633F6BD617D9ECCA3FFDC0D37E, 2F0DECAEB7096CD628387263381E123C883F483BD87F7F2BA6DEFBB5A184BAA3 ] BITS C:\WINDOWS\System32\qmgr.dll
22:15:40.0702 0x1b6c BITS - ok
22:15:40.0733 0x1b6c [ C9FD65687EF89715999C582D3E568812, 42BA59A78A47C510CB2AFDC6C6080B33F9F611F84FEE5262DFF16D7633C50EB1 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
22:15:40.0764 0x1b6c bowser - ok
22:15:40.0811 0x1b6c [ EB4F4B88DF20C7B134F33A64EFD56BED, 7C32485FDDEEA23760DF24FC9576FBA11330C5BBA9053869FDAA9AD8A16B1610 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
22:15:40.0858 0x1b6c BrokerInfrastructure - ok
22:15:40.0889 0x1b6c [ 2AAD720B32904B97EDD8C3211344F79E, 41B1AEA5FAA48033B2581E18D68EFC986C3D65B383847E250C054CE3133A893C ] Browser C:\WINDOWS\System32\browser.dll
22:15:40.0920 0x1b6c Browser - ok
22:15:40.0952 0x1b6c [ F8DD3B0EAC1EF1D087AE47E5819540AC, 866C951B52E3202AC89552AEA72A45123367199335578F03815E2ED55DA2FDAE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
22:15:40.0967 0x1b6c BthAvrcpTg - ok
22:15:41.0108 0x1b6c [ 74C9D52F3F594529465E18B2BFF80487, F1ECD8B730AD8B90673735FD6D2D9F6F0754F8BAB7135B16A41128145D5F9377 ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
22:15:41.0139 0x1b6c BthEnum - ok
22:15:41.0170 0x1b6c [ 647E2A425AD43637EAA01096A58B7089, 8F76D024FEBCBA1AC54363133DE1E0DD5B9D696E5E688EFEBC3B79F7F1B9C568 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
22:15:41.0202 0x1b6c BthHFEnum - ok
22:15:41.0248 0x1b6c [ B95040CAD3434D9EE003065363A0FAFF, D441E0676EA1AE1ABC305732024311CA59715E6763B3D7ADB728DEEFC403E182 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
22:15:41.0264 0x1b6c bthhfhid - ok
22:15:41.0311 0x1b6c [ F334BF7B0737CEB3B6822631EAD55A87, 4E5AEB1F8E109BA01A5D1CDE2E3C677FF07F2AFE8B195CB5F82AA28816D2060E ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
22:15:41.0342 0x1b6c BthHFSrv - ok
22:15:41.0373 0x1b6c [ 29AEE352AED4FCD2191436D263D75347, 3D21262EA26BF423BFA4A9146E53F8B036B2A1157DBE91A11C5603AF7A670B6F ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
22:15:41.0389 0x1b6c BTHMODEM - ok
22:15:41.0420 0x1b6c [ 38C97371F058E889F730BF35530732F4, 7CD16DF9C51D40CF80392E6DF444D6F5546B0E8B6A6DAC6DFD70BB45E014FA27 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
22:15:41.0436 0x1b6c BthPan - ok
22:15:41.0483 0x1b6c [ 91DC04363515659BD7D5752664E0CEB1, F5A865E563969E2AD1FE69AA8FF5FD18489F2BE4C17EB2DA6FC3C1CE6945364B ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
22:15:41.0530 0x1b6c BTHPORT - ok
22:15:41.0577 0x1b6c [ 26DD0127A05B333E36316E6EA9A6AAE2, A2DC4483FF5639EE8DD315AB2989865CA6A6992C578FD7F7D31698A015355941 ] bthserv C:\WINDOWS\system32\bthserv.dll
22:15:41.0608 0x1b6c bthserv - ok
22:15:41.0702 0x1b6c [ 5866AE46EEF644E6DE5C95942AE419D7, 0726C0845D2BA4247AB26ACF05006F6FA96015158CD49795801BB906DA80C007 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
22:15:41.0717 0x1b6c BTHUSB - ok
22:15:41.0748 0x1b6c [ BC279FCEE9FC8CBF991D5DE539771AA9, 5DE007672BFBFA78C44CC08251F495420402AFF4AD01541AA84AD37BD4A58190 ] btwampfl C:\WINDOWS\system32\DRIVERS\btwampfl.sys
22:15:41.0764 0x1b6c btwampfl - ok
22:15:41.0780 0x1b6c [ F34AD5A9F944D91BD285D1C29EEECB2B, 2EDA8C481B7F7F49AC8399485AE7C2D182568EE2E62394DC78C9A821ADAEA5EC ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
22:15:41.0795 0x1b6c buttonconverter - ok
22:15:41.0811 0x1b6c [ A10A1E05A943B10ECE5D57D131B7404D, 71BB816B6841001A4305DF1814926B639265E91895CA5D06284B0970E40CE386 ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
22:15:41.0827 0x1b6c CapImg - ok
22:15:41.0842 0x1b6c [ F2829DC6D292DCAC5029893BB2E9FEE3, AF2A25722D3BE37BABD1F6668786AAF39E9D6CA18CE8E845E63266E218C64526 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
22:15:41.0858 0x1b6c cdfs - ok
22:15:41.0905 0x1b6c [ F3A9E38AE23AD4015764AF89E4AE3519, 57ED6AC834177E128720FEC5B5793F35C7C36474E2D787F182B6730933222CC9 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
22:15:41.0920 0x1b6c CDPSvc - ok
22:15:41.0952 0x1b6c [ CA160E02F35A61C6F5C681FB4669C519, E6BC66156EE226F16804C4FDC8A60EB15CE6212EAFB9FB841FAC899979E140E2 ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
22:15:41.0967 0x1b6c cdrom - ok
22:15:41.0998 0x1b6c [ 320E7A02D81A468E8C1FEEFDB856AFAE, E65127D3D6B628F9D19EA509FEBD9E4DC1BF20D0C62C3C9E1D7087DF972B2AA7 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
22:15:42.0030 0x1b6c CertPropSvc - ok
22:15:42.0045 0x1b6c [ 60D7D304DF75DFF6A46CF633F583B592, 4141D8D1C6FE829C02053DA91AC6B0628BDEB3322CAAD4AD958190F9D173340E ] circlass C:\WINDOWS\System32\drivers\circlass.sys
22:15:42.0061 0x1b6c circlass - ok
22:15:42.0077 0x1b6c [ FF9D4BCE19E5D36CB3A845A3286DA6C3, A0E2C38D629359EEC6F8EEC6F92A3E571AEF018BAF259F395DC497ED4827460B ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
22:15:42.0092 0x1b6c CLFS - ok
22:15:42.0155 0x1b6c [ 5C4648673693724C8D4A1A92E1AA06E6, 5D548241715687BFA52E40B867EF73CB45D01B7F9A9B7F00B92BF2B4C97BE1D0 ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
22:15:42.0186 0x1b6c ClipSVC - ok
22:15:42.0233 0x1b6c [ 8EBA63416EC166EBA6EF6D34A505D8C8, 5EB0236ABEA2277B71D9F009DA71934C618606B20BBEC07B8595195E40C12A2B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
22:15:42.0249 0x1b6c CmBatt - ok
22:15:42.0295 0x1b6c [ 3B64DA873CEA5BEC42570BFF1054A014, 3649B25855CB9BE5BA3B3FEE4221575381FB2D488B8B050B5DD0088386AA0F7B ] CNG C:\WINDOWS\system32\Drivers\cng.sys
22:15:42.0327 0x1b6c CNG - ok
22:15:42.0358 0x1b6c [ 5EEA0856000F81B3D709BC81B3AA1EF2, C04E4E31D3FC38102BA410D312F58AF848920EE37004A5C306D79229C9B6079A ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
22:15:42.0373 0x1b6c cnghwassist - ok
22:15:42.0452 0x1b6c [ 74CD3BF688E2B408227FE012A2F2D8ED, CC01AC79CEB9DC94FA5675D66F048928C9968B8944E34F5482A73C14B70EE8A8 ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
22:15:42.0467 0x1b6c CompositeBus - ok
22:15:42.0483 0x1b6c COMSysApp - ok
22:15:42.0514 0x1b6c [ D38774D1D383A2CDB9A4F64B7206913B, 6CDDC46D1D431342F00CA537FC327B23B8AA4D513CEEEE61F3E19C77975DF9C8 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
22:15:42.0530 0x1b6c condrv - ok
22:15:42.0592 0x1b6c [ 5C2C63BC5CE4A753C16CED512F91A04D, 4ACFA702B4CD7E30525D9595533E6B8EACBFF7F38EE7A05E8AC087BB229AD9D4 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
22:15:42.0623 0x1b6c CoreMessagingRegistrar - ok
22:15:42.0670 0x1b6c [ 35DB06AACD8AD5999161DA71FF0E16F0, 22AD27811AAD14666ACEF4115447B0CFAA70D1E73923059FB2A9B4C3CBE500A6 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
22:15:42.0686 0x1b6c CryptSvc - ok
22:15:42.0827 0x1b6c [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:15:42.0858 0x1b6c cvhsvc - ok
22:15:42.0889 0x1b6c [ F038EAF73AAB72A4A89185A5A7B9FD75, 8213A60B3BEAFC1C554C5D049DFE3C6E44CEFE639EDD6A335AC18A9DAEDA2D4B ] dam C:\WINDOWS\system32\drivers\dam.sys
22:15:42.0905 0x1b6c dam - ok
22:15:42.0952 0x0154 Object send P2P result: true
22:15:42.0967 0x1b6c [ 5E57B9FBB4E9C43EE5B69BEE01A1819F, A1F8D1E52AF446CEA2EB50064E3A24B713B19197D61C3EAECB81B3CCD80558E7 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:15:43.0014 0x1b6c DcomLaunch - ok
22:15:43.0045 0x15c4 Object required for P2P: [ 5CF5E80616F74B769AABCF76FEA791D1 ] avgntflt
22:15:43.0061 0x1b6c [ 0605AB12BF1856DF21AB708F28EA91CF, 3A6A7F8F84044DC1EA490A007E6DBC52203BA237ECF1B845961D9BB95E9BF8C8 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
22:15:43.0077 0x1b6c DcpSvc - ok
22:15:43.0139 0x1b6c [ BABB7BB5AD3CECFF466E6080F43CFC58, 1B8FF66557EC4C749156ED6DACC4D61D5DC4E25DD58F6DB3713C356214B80FDA ] defragsvc C:\WINDOWS\System32\defragsvc.dll
22:15:43.0170 0x1b6c defragsvc - ok
22:15:43.0217 0x1b6c [ 63C9464B165D31ACC46B6B089AB36B41, DE38DE4E6331D07630B63224F8014C27368C29791EDB58CC5DAE7CBACD37160A ] DeviceAssociationService C:\WINDOWS\system32\das.dll
22:15:43.0248 0x1b6c DeviceAssociationService - ok
22:15:43.0295 0x1b6c [ 7B3DA16FAA498838BB457E0B7E380EDF, B73DCFFA60886F10765E4B76A58CFF18C08CAFEE620700361FC8FEC7E80B5958 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
22:15:43.0311 0x1b6c DeviceInstall - ok
22:15:43.0327 0x1b6c [ CF3895DD260ADE05BC91D8FBE0A82907, D7D8A29E873BE5C3832C9264F0165F6CD50D42ED0E04B0FCF07F054793092334 ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
22:15:43.0358 0x1b6c DevQueryBroker - ok
22:15:43.0405 0x1b6c [ 25435407D97419627F4B10653433BF2B, 5429B0DB7C5302E9A6AF92C046637183D4147D4A206963ABEA3A611214D6AB04 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
22:15:43.0420 0x1b6c Dfsc - ok
22:15:43.0452 0x1b6c [ 85137571AEC8AC757D497B9DD30D544D, 6E15C9FB4010B26A8E5AFD4E85F7362B2616EB8503ACCE28EC31AC1E7D18566F ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
22:15:43.0467 0x1b6c dg_ssudbus - ok
22:15:43.0530 0x1b6c [ E59C209F1F633C1AEAF151B2CA46BBAA, 6A4DA927418B56A228CC8D9DFA3351B2B53A9328F5C56C10F0C7B19974B2ED89 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
22:15:43.0561 0x1b6c Dhcp - ok
22:15:43.0624 0x1b6c [ 95AA7877FD4161BFBC8493F9279B1901, F6B7DF75D763A89901BD12454BEF92D161B392F721B8568505073929D9F419BD ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
22:15:43.0639 0x1b6c diagnosticshub.standardcollector.service - ok
22:15:43.0717 0x1b6c [ F96AADEF864DA2E52C45DE1498B18753, 19FF8EA929D21E4C223E5F9383DCE83E15E6815D5356A343DD6D9EACF29F1560 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
22:15:43.0780 0x1b6c DiagTrack - ok
22:15:43.0811 0x1b6c [ FDCD449AE9E75D7690593D16ADAF4DB4, 3366C4BDB031EB525F85850E903C46802A2AC762C0772C6F6E543DDA4AF1E9D5 ] disk C:\WINDOWS\system32\drivers\disk.sys
22:15:43.0827 0x1b6c disk - ok
22:15:43.0873 0x1b6c [ 8E481EDF066552D551613EC9FE7D179F, 96E955CA82B4CDEC00ED08003FDC8DD61E685F421912EDBF7B0DA740048416F9 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
22:15:43.0889 0x1b6c DmEnrollmentSvc - ok
22:15:43.0936 0x1b6c [ F10A8F6D036CEDD14A5471782C52F041, E0DA3C4F76DBBEAED549375E57819F8825B33A118F7674D417D294054863F648 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
22:15:43.0952 0x1b6c dmvsc - ok
22:15:43.0999 0x1b6c [ 7228733177F673B4D51BD1AA082D47C1, DBE155CDCFAA7C32407A207F637F252FA0CE30F1DE7E7DBEC42DB37FADB5BFA7 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
22:15:44.0014 0x1b6c dmwappushservice - ok
22:15:44.0061 0x1b6c [ 592E41B3C11CA12203D3708AD8FC3D37, 6C69D5D603FBF038C069EDDCE29F7C6A60CAAE58B985AB218E1497F2BA934D42 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:15:44.0092 0x1b6c Dnscache - ok
22:15:44.0124 0x1b6c [ 6184C7A2F12625C108AEFD3A43429967, 689153F319BB1013FF60F71317E8380A6945EEE8141EDBDD6B185A966E23BB93 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
22:15:44.0155 0x1b6c dot3svc - ok
22:15:44.0186 0x1b6c [ A616D8297C1BEA690BBC796736A7A78D, 9365470F4609606410AD79D98E1E77D815DC7C5AA924FB639FCF713EE8EDEA76 ] DPS C:\WINDOWS\system32\dps.dll
22:15:44.0217 0x1b6c DPS - ok
22:15:44.0342 0x1b6c [ 45771610FF181434073B5A0A00F20F8D, 6A17DB09AA6D021F000F7315317235E1FCF41FD58EA7DF81A7C9F5A6DE999984 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:15:44.0342 0x1b6c drmkaud - ok
22:15:44.0389 0x1b6c [ 00D9A948FB7344C62CEBED88E50EE39A, EF33FE7FB34DE571F3956C1F7AC8EFAA25BFD9F3AFA3ECD25DD34C5890873245 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
22:15:44.0420 0x1b6c DsmSvc - ok
22:15:44.0452 0x1b6c [ F2328181D289CE83E9979733EAB6742A, 73B1CDA6ED8C42B36126909F1335B72126A5DDC6FC7CE8BA2CA274A2B92E82FD ] DsSvc C:\WINDOWS\System32\DsSvc.dll
22:15:44.0483 0x1b6c DsSvc - ok
22:15:44.0577 0x1b6c [ 310334DAF2C455744703E2D582942DF3, C25C42B4C5BA3456DCB2C24546D7E38A9F5321992B81138A8BDCE021C4BE6D13 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
22:15:44.0655 0x1b6c DXGKrnl - ok
22:15:44.0686 0x1b6c [ 6E36BDBB46DF7F865D0DD30663AE3891, 98967B01EA450AD4D5FE8085F710359C022D783B839A51BD4A266718156B01EB ] Eaphost C:\WINDOWS\System32\eapsvc.dll
22:15:44.0702 0x1b6c Eaphost - ok
22:15:44.0858 0x1b6c [ 3070013B01EDA42C7EB67D731340C396, C083CA05650750876E70CB6AB51D5C047C06098C2ED86B083A74C97830247BFC ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
22:15:44.0952 0x1b6c ebdrv - ok
22:15:45.0014 0x1b6c [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] EFS C:\WINDOWS\System32\lsass.exe
22:15:45.0030 0x1b6c EFS - ok
22:15:45.0061 0x1b6c [ 59EE187E333EE9914DD9BEA5F4E0D85D, E34BB8075E38FC6AEC056323C6E3B5B4E7041EE6F4D51699B706DEEA18BDB911 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
22:15:45.0077 0x1b6c EhStorClass - ok
22:15:45.0108 0x1b6c [ 9297F1CC486F24BDFD2874156AC5430F, 1AF8689ADE4E658FC9418F7886B6C19F7D005EAB2AEF9B0E14FC81C61A74CECF ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
22:15:45.0124 0x1b6c EhStorTcgDrv - ok
22:15:45.0155 0x1b6c [ 9E8FF6B95FD420FA9E40BE548E5C8D92, 8825B81418335D03CFAADB792C1466023C459BE489ACACBD6686FFB544F22D30 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
22:15:45.0186 0x1b6c embeddedmode - ok
22:15:45.0202 0x1b6c [ DC2F91EAE9A28FA8C6610A9B7701B70D, 480DB509BF944AAC3617594F1245B4603069DE39186BC1FA7EDB8E0536B05E79 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
22:15:45.0249 0x1b6c EntAppSvc - ok
22:15:45.0264 0x1b6c [ F7FCCA6300485EF60CEA6D991D6C8C78, 24080D80CF1FD678DF4C9CAE70F65F8D9232F5F6A6F2B73A77B5E3C91E6505F3 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
22:15:45.0280 0x1b6c ErrDev - ok
22:15:45.0342 0x1b6c [ 2093F65AA84478E28C8E9D05BC413845, 086D4E0D4B993F4041AA8A9DCBEEDB53BD05B88E2BEFB218837FB10FACDF4233 ] EventSystem C:\WINDOWS\system32\es.dll
22:15:45.0374 0x1b6c EventSystem - ok
22:15:45.0436 0x1b6c [ DCCDC3F35F0618692117DF90800A4284, B636B2A39AE89A9C2CDE17EC52DA669DA8AA9E2B04CA5CA19926DA8009655244 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
22:15:45.0452 0x1b6c exfat - ok
22:15:45.0467 0x15c4 Object send P2P result: true
22:15:45.0467 0x15c4 Object required for P2P: [ 8B86696A7030DDBD85B64621BD5B9C44 ] Avira.ServiceHost
22:15:45.0483 0x1b6c [ 435FC0D25ADFD1A2FBA8C98BD4D79E23, F89D02518923D5AAB4A63686F26EE6118584AA9641D2C0B5B1AE4A728D5C06A4 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
22:15:45.0499 0x1b6c fastfat - ok
22:15:45.0561 0x1b6c [ 046FC9CF53A91E2FBA498CA7B0C3B028, BCFB06DF53065706DD6287E8C47BF5047F8A1E33981E1881E6ED7510337F5BC8 ] Fax C:\WINDOWS\system32\fxssvc.exe
22:15:45.0608 0x1b6c Fax - ok
22:15:45.0639 0x1b6c [ 4E4B7D935DBF522B2F23D3573596181D, 9D0EC9F65920EE0FFFB2D49C58E4D5151C8CEEB7AA82543D226E4B84EEE4B3F0 ] fcvsc C:\WINDOWS\System32\drivers\fcvsc.sys
22:15:45.0655 0x1b6c fcvsc - ok
22:15:45.0702 0x1b6c [ 583EB1C7690E361213BBD0472155128B, 5F5871490A6DAC4A824F4428941AC86FBFA9AA349B99B5D9544E5D62EB459FA8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
22:15:45.0717 0x1b6c fdc - ok
22:15:45.0749 0x1b6c [ 94B1A46EDD335F0C54C7BDAFC43348E6, 58073D58D0BE7389C2A4736AFE108835E5AE9C9950FF630644F585C99B964043 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
22:15:45.0764 0x1b6c fdPHost - ok
22:15:45.0780 0x1b6c [ BC855BB7DFE06F27F78E0EB2A8CCB70D, D16C3DAB99C16B077BA5DA5E9E0646B0B9237B00ABAE867D9F81A2D072D583B1 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
22:15:45.0795 0x1b6c FDResPub - ok
22:15:45.0811 0x1b6c [ F1125F20D56F28DDCD1A6F3E81EB4F5F, A6620ECCB15FAA70E4A43ADA4CE82CF97D708B6FA07F3FAED276359E7F92FD0F ] fhsvc C:\WINDOWS\system32\fhsvc.dll
22:15:45.0842 0x1b6c fhsvc - ok
22:15:45.0858 0x1b6c [ CDFD81CACE0E11596A3BB61EC4CF6467, 569FA86A215B054131AA9AFEECFEE7FD7143DCFFE275B84196004AEA538B2476 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
22:15:45.0874 0x1b6c FileCrypt - ok
22:15:45.0889 0x1b6c [ 3F02FEDAE894CBF4BAADDF8C8E1D53A8, DA32ABB1CDA867B8456C46F8581FA7F3A8D8B89D9F6E7422F51941D5FFA15B13 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
22:15:45.0905 0x1b6c FileInfo - ok
22:15:45.0920 0x1b6c [ 2824933386E30DE5BA089DF539CE19A3, 7B33E514576C68B444AE99CBA1360EBFAE8A46EEE5C01F4EE4CF471A712AB148 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
22:15:45.0936 0x1b6c Filetrace - ok
22:15:45.0967 0x1b6c [ 6A598249640F8BEDD79EC73917E1664F, A675238EA19E6632CDEB4EEFF7CF509EAAEF76AD8DFD247664E5607555D9CEE1 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
22:15:45.0983 0x1b6c flpydisk - ok
22:15:46.0014 0x1b6c [ 44B6A6832134DF651E887E941478CA35, FCF4EB726D00F5A17DD66C81CFDA49427281C94CF9CA2008397D591AEA61AE05 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:15:46.0045 0x1b6c FltMgr - ok
22:15:46.0139 0x1b6c [ C197284A9D565A38497733AF2BDFA111, C6615AF0D366C2DD6D431B073901EED02D49AA3F252230735DBB52A90BCFA833 ] FontCache C:\WINDOWS\system32\FntCache.dll
22:15:46.0233 0x1b6c FontCache - ok
22:15:46.0296 0x1b6c [ 109AACC7FB0170535F71491F673AFD38, 212B6761ABBAC29993DA0A47C3DDE8074EA9E5A8FFA8FF6EAB95AC69D8FDD5A0 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:15:46.0311 0x1b6c FontCache3.0.0.0 - ok
22:15:46.0327 0x1b6c [ 3F3B9E8CECD5604BC7746EF3A852EB67, 51AF62A9563379266C0C873E82F55427900032DFD7AC3EBDCDF77F8F8DE91A5D ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
22:15:46.0342 0x1b6c FsDepends - ok
22:15:46.0358 0x1b6c [ A60583221C7BB7CEC35C63285A297BE1, 3C842FBEAD1FA2BD8D37B2B0E8EDF77F4F50508C56FB25DFA81DE9679090D51D ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:15:46.0374 0x1b6c Fs_Rec - ok
22:15:46.0420 0x1b6c [ 58013A50225174EEF1410E37795D7908, F8E557CA4110ABB203192DEAF59D91A5FEF2A5EA394637276DAB7F4D2E7BFA39 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
22:15:46.0452 0x1b6c fvevol - ok
22:15:46.0483 0x1b6c [ 0DAAE3EFCE00133AB3E383A36C47CDAF, 9145665F4F0575F951803AAFAA1A7DC0FAA35430CAE7D90E902074D60D6F4C62 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
22:15:46.0499 0x1b6c gagp30kx - ok
22:15:46.0530 0x1b6c [ F59155B95D01C08F9ED774B626B504A1, EF0FCF35AD9CD5E5D695F0C064244D2B327E7FB10FD7CBB0586253EC75562918 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
22:15:46.0545 0x1b6c gencounter - ok
22:15:46.0561 0x1b6c [ AE24452F55C6F1784CBD7489D0CDDB02, 4E13C51CBF30A8662B1180AC74E968CFC428B6EA7931F09357E7D120063D4823 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
22:15:46.0592 0x1b6c genericusbfn - ok
22:15:46.0624 0x1b6c [ 96F0D3A583A91B634EE2AC2507356EDC, 43D2575F33D28F61C13D2DCF358BFA9DCEAE276C83152DBE7AE2020A66929CD9 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
22:15:46.0639 0x1b6c GPIOClx0101 - ok
22:15:46.0733 0x1b6c [ E50CE978F571B900D9A7E2F1C5BCC070, EA14873A5F1B700D7CDBE55B9D214DC457262866A90D80B3E8325A8EB7932CE7 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
22:15:46.0796 0x1b6c gpsvc - ok
22:15:46.0827 0x1b6c [ BA2455D93BD57989A04FE4094AA6F941, B579FB367C063EA30C034381148410D49D38E183A5A4D51D2334A81DAEE95CEC ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
22:15:46.0842 0x1b6c GpuEnergyDrv - ok
22:15:46.0905 0x1b6c [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:46.0920 0x1b6c gupdate - ok
22:15:46.0920 0x1b6c [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:46.0936 0x1b6c gupdatem - ok
22:15:46.0967 0x1b6c [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:15:46.0983 0x1b6c gusvc - ok
22:15:47.0014 0x1b6c [ C277A49F8A8295840DEBC9240B75A282, 8B2BA0E6A8300323765D95ECD843105B0FC4B80B85EE2220E677C4E9A760C9D8 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
22:15:47.0030 0x1b6c HDAudBus - ok
22:15:47.0077 0x1b6c [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
22:15:47.0077 0x1b6c HECIx64 - ok
22:15:47.0108 0x1b6c [ D5A57EF4822A0388352FFF9F5CD53495, 509F365386859157E9078821FAA56D2A3C0BA296CA129E0D42453428A14687A5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
22:15:47.0124 0x1b6c HidBatt - ok
22:15:47.0155 0x1b6c [ 39575B53EB80C77FF2A3F1449D00B7F5, 37E66B38BACE00AFEF7093F990A234399D8451A9D2C2C8CBECAB69C664E63EA6 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
22:15:47.0186 0x1b6c HidBth - ok
22:15:47.0202 0x1b6c [ 35C3B602664116E737FF729F9A7156AD, 7A3C5CAD716E819CC53405971F3ACD135BCF023EC2228C1095E2116BCC384E62 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
22:15:47.0217 0x1b6c hidi2c - ok
22:15:47.0233 0x1b6c [ C4ABE526BBF2A18E8AF70177FBAD9C6E, 4DA06B563A08AC15D949F4599F73F172B3BFCB5D23B34240D1E2114438A11929 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
22:15:47.0249 0x1b6c hidinterrupt - ok
22:15:47.0264 0x1b6c [ 348416C7D7EB05BC3099FE2F2B27985C, F30E8682E9DD731A1AD7328FB8A48A2BB7D6E52780AE1FDE839D26E84B4FA7B5 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
22:15:47.0280 0x1b6c HidIr - ok
22:15:47.0327 0x1b6c [ 5576DF399CF2D3B63608F7F282151249, 04939E79B8B8035547CE6FFE9001252CA810BAD46D8DB75FF5C13EB10EEB5C57 ] hidserv C:\WINDOWS\system32\hidserv.dll
22:15:47.0342 0x1b6c hidserv - ok
22:15:47.0342 0x1b6c [ 01F732724AF6EFE69886DA95A4E51820, E048A480F9396418BDE9659596E7EDA5FF97D3CE029D186048609B47575BEAE1 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
22:15:47.0374 0x1b6c HidUsb - ok
22:15:47.0421 0x1b6c [ 7433A8D28EE11A661C7A45AF28BA7987, 8A73DB423924E84CD3629BF6C7298CD093D2437B73B3F4520D39330923DDA2D6 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
22:15:47.0452 0x1b6c HomeGroupListener - ok
22:15:47.0499 0x1b6c [ 3FDBFBE5AE639996EB8D482C16BA7EA9, 7E48304818AABB4C5B0CB7FD32D96D6F90F4180AB0F668A2FE653A7097A40673 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
22:15:47.0530 0x1b6c HomeGroupProvider - ok
22:15:47.0577 0x1b6c [ 3844CE7DD23530CAD59D8CABA57CCB05, A44BB60686A0E98FF370D9DED5B32C3F34F0352ACFA3B3052BA4023922B53DB7 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
22:15:47.0592 0x1b6c HpSAMD - ok
22:15:47.0624 0x1b6c [ CA6EADBB8731CA27BDA4037BF290AC14, 31EC9397D55D4EEC416AD722134E2D6B5D14E46D2150CB94889C4BFDAACBF421 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
22:15:47.0671 0x1b6c HTTP - ok
22:15:47.0717 0x1b6c [ 8841D927EB1F7FFC8B1805BC0CF190ED, B063E686380EEF582CF736E33751812F0041C593C7F30EE97D13DEDC9B246AB5 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
22:15:47.0733 0x1b6c hwpolicy - ok
22:15:47.0749 0x1b6c [ 53436C3835E80F4421652A67F44D6313, 8731091945A839713348DF3060A4C96033874E2B3DC7E099BEEC8C65B07F98CF ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
22:15:47.0764 0x1b6c hyperkbd - ok
22:15:47.0796 0x1b6c [ B2DC6C2F313EBB967B556B4E73A75451, B1816A0AE15705F0325F167EA76166779607D6086EC36A4A960E3BA47B4EBC4B ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
22:15:47.0811 0x1b6c HyperVideo - ok
22:15:47.0842 0x1b6c [ D4CDEE4A62BDFFF6E8558A9552148EA7, 55306786CB45082AE374937EBA256FF9CD640BB2E8C19DC6C704489D4743F5CC ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
22:15:47.0858 0x1b6c i8042prt - ok
22:15:47.0874 0x1b6c [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
22:15:47.0874 0x1b6c iaLPSSi_GPIO - ok
22:15:47.0889 0x15c4 Object send P2P result: true
22:15:47.0905 0x1b6c [ F1DF87463AC308047B089E9F0456B4C8, DFFF3C63D3124C2B879B888104042406FE326D4E7C8C1881A269BD4287B9CD33 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
22:15:47.0921 0x1b6c iaLPSSi_I2C - ok
22:15:47.0967 0x1b6c [ 85977CD13FC16069CE0AF7943A811775, 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
22:15:47.0983 0x1b6c iaStor - ok
22:15:48.0046 0x1b6c [ 9FDD4763A115D04F565C38183DE4646F, A8B0653E7C5F5B3CB2A1B642F502269FB1BB1E35DBB1CBABDBDADF92C9815727 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
22:15:48.0061 0x1b6c iaStorAV - ok
22:15:48.0092 0x1b6c [ 4E69EE8F8E5DA036535D433C544AF9E2, 2ADE9B97CE1C19FF984D8BB99CF31415872C2D9628864BD78C0E44D21CC94EE3 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
22:15:48.0124 0x1b6c iaStorV - ok
22:15:48.0139 0x1b6c [ 15C59DF20F74A0C2C764B991FED7F4A5, 6E9804775E815F32A4D73C346E627D64A3096525E78FAE3B6E43CFECAE270428 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
22:15:48.0171 0x1b6c ibbus - ok
22:15:48.0202 0x1b6c [ 2268D73AECBE7E5953E2C6169238CCB4, CB07A720047DB2187E6E17BD26408D9F375715D2174CCE4BFB40465831088072 ] icssvc C:\WINDOWS\System32\tetheringservice.dll
22:15:48.0233 0x1b6c icssvc - ok
22:15:48.0233 0x1b6c IEEtwCollectorService - ok
22:15:48.0311 0x1b6c [ 6F9C31435DD3E3D3BC247212EA144EBF, 05C4A0BD4BABD27783CEFEE6108C1A05911A212189233F09AF1A56BDC60F60F8 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
22:15:48.0358 0x1b6c IKEEXT - ok
22:15:48.0405 0x1b6c [ 4B6363CD4610BB848531BB260B15DFCC, 13A8AA9571497086341AC00797EFF212FF76EE62F9CFF758D3C08B377EC7BF04 ] Impcd C:\WINDOWS\System32\drivers\Impcd.sys
22:15:48.0436 0x1b6c Impcd - ok
22:15:48.0608 0x1b6c [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
22:15:48.0780 0x1b6c IntcAzAudAddService - ok
22:15:48.0811 0x1b6c [ 498759139F71142888CF7EFA1ABE18C8, 9CD0CD748B143F947B4DEDE39344A8C284717CC8AC97E25827EB73CF10831419 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
22:15:48.0811 0x1b6c intelide - ok
22:15:48.0842 0x1b6c [ DC270DDCDDC2EF65D484A65CC5166222, A88BEAD819ABEFE28B6F9A10586ADCB0EE2A5ED9273F176E9313750609C7892F ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
22:15:48.0858 0x1b6c intelpep - ok
22:15:48.0889 0x1b6c [ B4D9C777762B1F7356958B9C0AA93BEB, F11B07FE939A107AB4EED4857854DF269C2D86A80C8507C8B1E95F7805975EDB ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
22:15:48.0905 0x1b6c intelppm - ok
22:15:48.0936 0x1b6c [ 22BD83268B80A8C89AAC0BDF46E4EB5D, E7DC0C2E4104B51EA545BA8D0CFF11FD6A15BFD8EE16E546E8FC220853402CB3 ] IoQos C:\WINDOWS\system32\drivers\ioqos.sys
22:15:48.0952 0x1b6c IoQos - ok
22:15:48.0967 0x1b6c [ A49E47A6E1429123F46A7CA9C05AEFC1, FFD68CA46DFAA4954FD76145808E2C74BDC34FFD6979BB3FB6A3EE4DC33CDC78 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:15:48.0999 0x1b6c IpFilterDriver - ok
22:15:49.0061 0x1b6c [ 8FBA61B7CB44F136226BE3B346FC6D19, 2190A523AC948B18C2C7B6DC96ABB654DAB471AD5E5E13F79899416E91777AED ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
22:15:49.0108 0x1b6c iphlpsvc - ok
22:15:49.0124 0x1b6c [ E0C276985AF968CE295B8E09C121321F, 07B54165E80D4254C29A6CF00CC634E70F190EF0EB8EEF73EC14F38B841087A5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
22:15:49.0171 0x1b6c IPMIDRV - ok
22:15:49.0202 0x1b6c [ 5D3744E6FDEC1A6FB3FA9B1DD4AF0694, 209BE9FC25C8BF8CE058B7E993B6A902B881380DADC69F5208733077DA7F4382 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
22:15:49.0217 0x1b6c IPNAT - ok
22:15:49.0249 0x1b6c [ B18202D72C0EF4B53CEC6F59E3E1B955, 6DA244E6485372C16CF0B38838DC90B48079A85F5D22B0F2F197C8DA37F0A293 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
22:15:49.0264 0x1b6c IRENUM - ok
22:15:49.0296 0x1b6c [ CD04CBCCCB4C0E4BB06B98E0F45C888A, 106B3E823C188BD14328F2BEA28559D2F637C270064B2FD214522FAC4E616F4C ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
22:15:49.0311 0x1b6c isapnp - ok
22:15:49.0358 0x1b6c [ 5D90E942C94B20E0F321015C0ABF3EEA, 4110551B172D4A5524DD857D7CB65FAF2594310BE7883D5641BC0DF5EF49C82C ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
22:15:49.0374 0x1b6c iScsiPrt - ok
22:15:49.0389 0x1b6c [ 4192DFE6CA143C0AD8AF42C51A82BECA, 31FB3A261D0D5241CC87EF7DFF8BFC1A1EACE8CEC42138918EC5958DAEE100CD ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
22:15:49.0405 0x1b6c kbdclass - ok
22:15:49.0436 0x1b6c [ B63C0DB341DCB46CF7AA259333A737DD, F1B43BA68707F3F99CD31AB2035F5E86CD967AE4E5393928C69861785E960872 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
22:15:49.0452 0x1b6c kbdhid - ok
22:15:49.0468 0x1b6c [ 53C79A7FABDAAFD11EAB31963FB2CED7, 357418645DDCEFA5546AE78EDCAE86D50928710CA7A3F65F01CF721AADA36623 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
22:15:49.0499 0x1b6c kdnic - ok
22:15:49.0514 0x1b6c [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] KeyIso C:\WINDOWS\system32\lsass.exe
22:15:49.0530 0x1b6c KeyIso - ok
22:15:49.0561 0x1b6c [ 1E99B26BDB9B9C9BC775ED4543558560, 890870A6737B4910735D1B23F714AA73FCCD1C131D135FACBA6909F06D31B3FF ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
22:15:49.0577 0x1b6c KSecDD - ok
22:15:49.0577 0x1b6c [ 6198A79011C67497B324798B3D4272CE, C587F7D86837550D07918F6AACF26BF65EBAF7FF57475DC9196B4D011E83AE47 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
22:15:49.0592 0x1b6c KSecPkg - ok
22:15:49.0608 0x1b6c [ 503597D9B72DBD9998F722F12A51ACFC, 9B3585282191163AA70243BAD921ED8725A98454E0D3879E0F671E0E4F56AB4F ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
22:15:49.0624 0x1b6c ksthunk - ok
22:15:49.0671 0x1b6c [ ED5AE20C27F27F293C6C61AEC9881054, 4D5BE394D129BD559B0A9D237F3F59CB3D24C15ABDD97AE2E64931D6B9D14FF1 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
22:15:49.0702 0x1b6c KtmRm - ok
22:15:49.0764 0x1b6c [ C529DA0AD5A21878E318801B024AF8E7, A14E8ADCA33C37B1D256CB4926A19F56D2D19B94EDF314A4ED34A8B5AB62CA5A ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
22:15:49.0796 0x1b6c LanmanServer - ok
22:15:49.0811 0x1b6c [ D6D9F4CAFD3F1A7E30AD02E508552CD2, F0D225E5951CFE1D8349F634CC91BDD5B3F9DCF6233CCB965E99BFEAFE642265 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:15:49.0842 0x1b6c LanmanWorkstation - ok
22:15:49.0889 0x1b6c [ 24881F16D2829764681F5FAE7B86D7D3, 290348CFAF3165847E4B53965D22E9D417EE20FFD23293B5C1855C57E6328599 ] lfsvc C:\WINDOWS\System32\lfsvc.dll
22:15:49.0921 0x1b6c lfsvc - ok
22:15:49.0952 0x1b6c [ 6ED675774BDC3735AB6DA12D29F825CF, 4317C7CF491F4E806975E7A973CFF11CFEE9E94730DDABCC67C3D693691DDDE5 ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
22:15:49.0983 0x1b6c LicenseManager - ok
22:15:50.0014 0x1b6c [ DB789F57CE94C827FBFF709CA5ABD29E, 4CA4DD079A63649C36F76A31C4081F11F5CF6574AC573B63EF930DB19B1D1C95 ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
22:15:50.0030 0x1b6c lltdio - ok
22:15:50.0061 0x1b6c [ FECBC6C4981772E5D0F517B34A5496EE, 15DB097BFB221B91E580E5CD1DD6B34A9A2C78A1A6FCE4162A855BB4AFE673E9 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
22:15:50.0092 0x1b6c lltdsvc - ok
22:15:50.0139 0x1b6c [ 24C87BDC66AB192FEB273BEE5FD5AA38, BFAAE1F2450DEBD1A14877C046C6EBA91014DB0B5D0FB95EC14CB714B773B3C0 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
22:15:50.0155 0x1b6c lmhosts - ok
22:15:50.0233 0x1b6c [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:15:50.0249 0x1b6c LMS - ok
22:15:50.0280 0x1b6c [ 3BB39166E446D456C277C17DFEA3DAC6, 1A08E1D017BBCE91E508D876835FA7AD2DA0859A8CFE8F8F31B4F12B48E2573D ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
22:15:50.0296 0x1b6c LSI_SAS - ok
22:15:50.0327 0x1b6c [ 25CF625E46307A5D6674C8DFA1A289AA, 1D00EB70B6B0157013A7C15EF194F51B8596612066EF31B337D8134D6BD0BBBE ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
22:15:50.0327 0x1b6c LSI_SAS2i - ok
22:15:50.0358 0x1b6c [ 722C52B12EA4C198D56994934C9DDAB6, 5F4AB818251C770821BAF41C19B1C483A31CCC28EB96F2084D4092E33EAF906B ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
22:15:50.0358 0x1b6c LSI_SAS3i - ok
22:15:50.0405 0x1b6c [ 3371FF1D5D745C3306C6A2C4E99C25A9, DD6F0099001501BAEDDF8411FBCD930BD6472662D209199249203CB2FDAA23FB ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
22:15:50.0405 0x1b6c LSI_SSS - ok
22:15:50.0468 0x1b6c [ E2EEF074F5260378F9AAFBCD592319A3, DC56674A08FA03FA7AF7DD8B3CC55D8324D1CB51546092A990A935FF9AB48A3C ] LSM C:\WINDOWS\System32\lsm.dll
22:15:50.0514 0x1b6c LSM - ok
22:15:50.0561 0x1b6c [ C692B9C0352315417CF49FFA664957A3, C2D4F9A936B809889F7C51FE48214A1923175913A6C5D0B72D3BA469214B5174 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
22:15:50.0592 0x1b6c luafv - ok
22:15:50.0655 0x1b6c [ 6A4C75FD28F60062FEA3DF3B15D956C0, 4FC58F3320D33BDACCF759A50C623A3E58E4320749E6691B397DF0C8EAAA8A6F ] MapsBroker C:\WINDOWS\System32\moshost.dll
22:15:50.0686 0x1b6c MapsBroker - ok
22:15:50.0733 0x1b6c [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
22:15:50.0733 0x1b6c MBAMProtector - ok
22:15:50.0858 0x1b6c [ 301E3FDFCF33640BB8763BA444BC5093, 362B069BB9A313A06B376CE27E6F7F8D569F6CA39A8ABC96D9DF231EE462C604 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
22:15:50.0905 0x1b6c MBAMScheduler - ok
22:15:50.0967 0x1b6c [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
22:15:50.0999 0x1b6c MBAMService - ok
22:15:51.0030 0x1b6c [ 8F22037D3F5A6BB676525D825A1388B9, 2AAC748D46136DFA1BE45150BF0AB7707D45391CAC1F63B964D341D11B135C91 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
22:15:51.0046 0x1b6c MBAMSwissArmy - ok
22:15:51.0077 0x1b6c [ 85CFE7AB85B43B6B7AC7961AA3983A9F, 4E88B75818FD00C0ABBDF8E02EBFB550A67B46E5E13D3B3DF52611793F7DA0DD ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
22:15:51.0077 0x1b6c MBAMWebAccessControl - ok
22:15:51.0124 0x1b6c [ B2ED9A7A5587A128A0EFD0DBE7662E95, 63070AAFD44E3CD2A4B262DF27222B103455A4D8C2E45914502BFA03D84D32C9 ] megasas C:\WINDOWS\system32\drivers\megasas.sys
22:15:51.0124 0x1b6c megasas - ok
22:15:51.0155 0x1b6c [ 083F71488E6780A67290273180256EA5, 5F43CE66F5A48850BABB70F4D219FDD002F9BC2B2F0E58E66FE2C492AA335E50 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
22:15:51.0186 0x1b6c megasr - ok
22:15:51.0280 0x1b6c [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:15:51.0280 0x1b6c Microsoft Office Groove Audit Service - ok
22:15:51.0343 0x1b6c [ 5907A10D46747A2B6DBFD6A198254DC2, 6C283E9DC75C7ABFD270D6FABBF4F54628A1786E7CE2F603BF664CBB9E4FE583 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
22:15:51.0374 0x1b6c mlx4_bus - ok
22:15:51.0405 0x1b6c [ 91ED6F0EDF4158D63C52194F17D4F42E, ACF543978E253650C167C6C370699AEA7340EBCECF7CAB904CBDD334D1BD6928 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
22:15:51.0421 0x1b6c MMCSS - ok
22:15:51.0436 0x1b6c [ 2C4CC9F6ADBED5A6D131FDB97A78FF68, 04DC76E3F0959C0A9B00DF2133B075194FB7DCBD76832B9D25B0E37223D300DC ] Modem C:\WINDOWS\system32\drivers\modem.sys
22:15:51.0452 0x1b6c Modem - ok
22:15:51.0468 0x1b6c [ D8DB13529C8AD6FBAF8E2F382024374F, 13025035C479E2EF76EDCB90D83BE65B4ADD9F7000AD31FEAD628D5DDFE69158 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
22:15:51.0499 0x1b6c monitor - ok
22:15:51.0530 0x1b6c [ 2DAAF1EE1C30F2FCF59851A64ADA0422, 08CD801E63E2862DE058CD732C3DB3D87B1A2898732365440E3F8919932E96FC ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
22:15:51.0546 0x1b6c mouclass - ok
22:15:51.0561 0x1b6c [ D30FE074503283829ED194BCAE6239C3, A3A127381ECC798417D01F6B8A1894EED7D71989047BC4D1D74D0E7C8394AD65 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
22:15:51.0577 0x1b6c mouhid - ok
22:15:51.0624 0x1b6c [ D5EC9413527B286CFEEB0294C53ABB95, B094C611F5A7E33D2F8667B2A4D6260E1D57BD135867F984EE5B674C7EE72B95 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
22:15:51.0639 0x1b6c mountmgr - ok
22:15:51.0686 0x1b6c [ 63282F5EB7E5BFB58FD1EC93C6ADB457, 25096C4AE319E854153C75DCEC0A67A63F6B05FDD0B49D4D373724B3BF55D665 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:15:51.0702 0x1b6c MozillaMaintenance - ok
22:15:51.0733 0x1b6c [ 989A1BBD9C49B107B4A47D06E6827A69, 62D90B22AE13AC84324DFD5FEBA595813AD07469B7FEC41380CE223D93020CCA ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
22:15:51.0749 0x1b6c mpsdrv - ok
22:15:51.0811 0x1b6c [ 51D4584BC245AF1B679CAF01669ACE23, AA0BE0D216A00113F5C07DD95CBC15C4448BF2CBD4954CF16D1E9689455447DB ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
22:15:51.0874 0x1b6c MpsSvc - ok
22:15:51.0936 0x1b6c [ 5B37FDC07159FE9F5F52399F7D78F60B, A0C20EB9A7918395A13A5E21917887DDC9897C475D33091B518354163CAE108A ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
22:15:51.0968 0x1b6c MQAC - ok
22:15:51.0999 0x1b6c [ C1E74DD1D84861D8F12FF8BC0BA11975, 5912A0455C840F5C8AD6383823C9C7DE6FF8B5CAF1B72EA181864999891EAF30 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
22:15:52.0030 0x1b6c MRxDAV - ok
22:15:52.0077 0x1b6c [ 1DF2C5FD2710A13B07E663A12F0E0EEA, 8EBCA9269F52A5CF602F5DE2B0C2AB2BFD82F415465DBB74C73D43F321D9FD46 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:15:52.0108 0x1b6c mrxsmb - ok
22:15:52.0124 0x1b6c [ 185932B1149BD707F8A13174CDAB365B, BC26CB10DD6E81A94477564444E91F76D47E685E897BD77B9C1393F0D31AB718 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
22:15:52.0155 0x1b6c mrxsmb10 - ok
22:15:52.0171 0x1b6c [ 99E24D4DBACBC569833B9A67710D65E7, 93BC765E7B6E19E83AFF783DE8080A80A1D69A406B496F1E36C47AE6E86AFB76 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
22:15:52.0186 0x1b6c mrxsmb20 - ok
22:15:52.0218 0x1b6c [ 6F8BE4FB6262012E61BBADB5444628DC, E87489207AA48106C08E4BADDD8D66D14BC9DD6AD2A4CDD880BA655932CDDE60 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
22:15:52.0249 0x1b6c MsBridge - ok
22:15:52.0280 0x1b6c [ 283BDF3602F442336DAF242BDD07FB98, 185F046B6AA24FFD1567F00AA70357C82002FF627E329CEF9B926645A6DDB172 ] MSDTC C:\WINDOWS\System32\msdtc.exe
22:15:52.0311 0x1b6c MSDTC - ok
22:15:52.0327 0x1b6c [ 7C55F1751CAC199680D4489D1EE46544, 967EC8137D321F6139C3382D19A338FD97A3023EB654747AC57C2008BE4AF677 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:15:52.0343 0x1b6c Msfs - ok
22:15:52.0374 0x1b6c [ 988588C16A53C2581488C15FF18934BF, F021FD31163CB5C7012CF96EF642C5E551708C835039075268F4CBED002D441D ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
22:15:52.0389 0x1b6c msgpiowin32 - ok
22:15:52.0421 0x1b6c [ 09622DBC24D0178F15DB8461BB6970DF, C0B3F9B2219AAF87E417EE9FF54C64B8AD9944E101EA79B5DC81D99E8C2ECF30 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
22:15:52.0436 0x1b6c mshidkmdf - ok
22:15:52.0468 0x1b6c [ 34BB07495C0159BE4189841E16F3BC2F, 264B5735D9A68C85BEDE363D4C0AE1FCC381B39EA884B4BAEE185EB8A873184A ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
22:15:52.0483 0x1b6c mshidumdf - ok
22:15:52.0499 0x1b6c [ 7BF3F0DA362C053918F5F2EC43CE39E2, AA773FA3F83C0C572160D3D0286A697DC628FF4F3655EF21D01C6D1B7BE5DF1C ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
22:15:52.0514 0x1b6c msisadrv - ok
22:15:52.0561 0x1b6c [ 669DA2006C0B9D882D2014617E1E88F5, 090F558818806CAEF6C81D369F8BFFE4A8240295EF37CAA7102A18F4CD20D868 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
22:15:52.0577 0x1b6c MSiSCSI - ok
22:15:52.0577 0x1b6c msiserver - ok
22:15:52.0608 0x1b6c [ B2D0FD21FE67D6434769CC6F7A7883CA, B2368BD72952C6EE6DAF1AA006DF575A3019E4721BEFB108D3DF1B9E07B2BC5D ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:15:52.0624 0x1b6c MSKSSRV - ok
22:15:52.0640 0x1b6c [ FB3801F176376286A3F8F20FFB8CDC53, EEF89081665B9BBA93AE9F5912C40C1698E8BA8DBBCCC3BBE0BAB5A86B7E05D4 ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
22:15:52.0671 0x1b6c MsLldp - ok
22:15:52.0702 0x1b6c [ 85EBF0A28B8B132B67C84C6CE5EBAC29, D0012CF4822A3D16F7BF61C94C5650DC1ED310A0DD1A3333465D28C73D40ECDB ] MSMQ C:\WINDOWS\system32\mqsvc.exe
22:15:52.0718 0x1b6c MSMQ - ok
22:15:52.0733 0x1b6c [ 8CBDF0E7A6CD824352F37A682A33DF7E, 4567FF4C73648FF26EA68EAE2B524B767099789086C158875C97768C77B81359 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:15:52.0749 0x1b6c MSPCLOCK - ok
22:15:52.0765 0x1b6c [ 33E5B6261D69ACD4948A5C64B9D8F29F, 1D32340640312372E52E59AFB5DB872E6F9DFE3AC16B56F9D928AE230DA02B8A ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:15:52.0780 0x1b6c MSPQM - ok
22:15:52.0843 0x1b6c [ 557DF8C0DBBBF518AC395C6EB1B179AE, B294B5A7882C0C60D91FB853FC87505B6E7638D25E360FDAE002AEBB714ED471 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
22:15:52.0858 0x1b6c MsRPC - ok
22:15:52.0874 0x1b6c [ 0A29AFA668F5DD50482A98ECE70C77A7, 4C1F23B062361D97B1C8D864AB227E5F398F774A99B5E60A1149A4F78D5BEC20 ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
22:15:52.0889 0x1b6c mssmbios - ok
22:15:52.0905 0x1b6c [ 30CE30877FD5BFADE74FA27D7829BF89, B5EA1F8C91E75722DB1E3E2172C8607FEDBF35BDC4141258A3E6D29D8B0E193B ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:15:52.0921 0x1b6c MSTEE - ok
22:15:52.0936 0x1b6c [ 13D88C0B8A2FA001CD72D454955A6974, 19DD5C8BBD07B64F355737436BF702FFC209D84A8855D2224D3377E233D4BB34 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
22:15:52.0952 0x1b6c MTConfig - ok
22:15:52.0983 0x1b6c [ 00C7F0F06A0A48B9CDB6B3AC3BE288F0, BF469A2DDF495ACB9FEE9063C6680C95BCC8686682C9EDAE6D1893D4058E8AA6 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
22:15:52.0999 0x1b6c Mup - ok
22:15:53.0015 0x1b6c [ 8E237527CA260C71D39ED4081BDF3419, CA52DD174C756A404B1FAD3F2A70E50085C2820BF12369259F61DA649101A179 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
22:15:53.0030 0x1b6c mvumis - ok
22:15:53.0030 0x1b6c MWAC - ok
22:15:53.0108 0x1b6c [ 48D0587A8302FD3302CFE6F59F7345B0, 26D48AF3F7FF4867E179347CD635055DEA9A751C6C61CE2C391A7F74FC0DC1DE ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
22:15:53.0155 0x1b6c NativeWifiP - ok
22:15:53.0186 0x1b6c [ 11BE8117653C542D264788A700AC5BFE, 87EAAC2DF62BB26619DA72950F5EE41DCA1DBDF93F098647F9D200D588F14003 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
22:15:53.0233 0x1b6c NcaSvc - ok
22:15:53.0264 0x1b6c [ 286C6276B2BA86F29A0F687D05466277, AC8551536F37717A0ACE4A260F5696D1276F7AC62F669E8F12AA158DD86F71A5 ] NcbService C:\WINDOWS\System32\ncbservice.dll
22:15:53.0296 0x1b6c NcbService - ok
22:15:53.0311 0x1b6c [ C55DA734ED2A831E0BACAAFA01CEB7FF, 9D989B03D07BBAD287B317D238691664B0694331D6A69B7A1AA3D8AB7D1323FC ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
22:15:53.0327 0x1b6c NcdAutoSetup - ok
22:15:53.0358 0x1b6c [ CF8296427834CF8BBB3EE1444C17362D, 6EFBE1F015DFFA0704C66DF5C88089DD5771E1542018E4AE98389CFF3D0B2309 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
22:15:53.0374 0x1b6c ndfltr - ok
22:15:53.0452 0x1b6c [ D43EAFF4887321A07D9F9A9DD7225E07, CF29073BBABE12D56744B041118F15C6C08CB89EF12413E359A6875C90FA383F ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
22:15:53.0499 0x1b6c NDIS - ok
22:15:53.0530 0x1b6c [ A0719D1EBA971DFC5DF5F7CC010385F8, A982487D3A74E66F3C29AAA5B46CE9A0969F07F267DDEFE58C58573573AB0024 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
22:15:53.0561 0x1b6c NdisCap - ok
22:15:53.0577 0x1b6c [ 0C557932CCCC65AEB37326DD36504527, C0AF3066DEE4BCC32DB30CCC16B7A91442A8383BB36C7C4E3CC0A5EFE0FAAA9B ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
22:15:53.0608 0x1b6c NdisImPlatform - ok
22:15:53.0624 0x1b6c [ 56F9345D1945826135FBAB7589592B1F, 6BC2A5900076B917823C7392C582A2648D0C8000F2F65D309D5B48E36D4FB4D6 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:15:53.0639 0x1b6c NdisTapi - ok
22:15:53.0671 0x1b6c [ AADFC340939D99E5D756E713E1D452EB, EFEFDBB2188DE82C2C5E67929861B269FD4C127D34D1DE6D0596ABC33E2C2B51 ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
22:15:53.0702 0x1b6c Ndisuio - ok
22:15:53.0702 0x1b6c [ 312DFD787D99D3BF1427B0388BC04F71, C082CA1F332AD57FF2100748518D3D7B3D0F1B042F69BD7401C44B77AFE97462 ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
22:15:53.0733 0x1b6c NdisVirtualBus - ok
22:15:53.0749 0x1b6c [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
22:15:53.0765 0x1b6c NdisWan - ok
22:15:53.0780 0x1b6c [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:15:53.0796 0x1b6c ndiswanlegacy - ok
22:15:53.0811 0x1b6c [ 6E98F16983C4AE8703FF9F90AB4B31DD, BB8BD5DB4B5FB31F3A257747C27CBEFA4B7837EC5C0CF3D4F408E626E4003F4C ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
22:15:53.0843 0x1b6c ndproxy - ok
22:15:53.0858 0x1b6c [ F1B7CC77F412C8D45B2DDCF76EDA4F9D, 25F2AA76E675D9BCC0B1FD47AFEC6DF2D0B47E7B1C8AF6FB27C1ED2FB902961A ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
22:15:53.0889 0x1b6c Ndu - ok
22:15:53.0921 0x1b6c [ 824FDC990A3F79069BE468A132EB6888, D09F7A9EC04E37DA504CE54EEC25C312B407B6A8B214CBB074BEB50DE420F52A ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
22:15:53.0936 0x1b6c NetBIOS - ok
22:15:53.0952 0x1b6c [ F0D791348AD254360CC3C3E501CCB745, E4CAB4D3C2CD3169731283B00DEBFE26438BB66A3F0D78BDB68E876A14FC7070 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:15:53.0983 0x1b6c NetBT - ok
22:15:53.0983 0x1b6c [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:15:53.0999 0x1b6c Netlogon - ok
22:15:54.0046 0x1b6c [ 7C8A7380CBE45DFD3DF118D8601499A7, C137280B7696F8CF4258BDC8B241C66BB3AA5708C5410D85255E46C7E8284826 ] Netman C:\WINDOWS\System32\netman.dll
22:15:54.0077 0x1b6c Netman - ok
22:15:54.0171 0x1b6c [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:15:54.0186 0x1b6c NetMsmqActivator - ok
22:15:54.0186 0x1b6c [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:15:54.0202 0x1b6c NetPipeActivator - ok
22:15:54.0264 0x1b6c [ BBE9D72EFC7BD66B28309C3607683DBA, FC372EFBC650CE0BDB117858D840A1FB361947B1C67D1DD16BABA95D0286856A ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
22:15:54.0296 0x1b6c netprofm - ok
22:15:54.0343 0x1b6c [ 24B38B871128BB08849701CEA722DA1B, 7E62AE8570E7DE83F79012B4D1492DD03496C0678F0BD98DC9C0EFF66D1B8D13 ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
22:15:54.0374 0x1b6c NetSetupSvc - ok
22:15:54.0405 0x1b6c [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:15:54.0421 0x1b6c NetTcpActivator - ok
22:15:54.0421 0x1b6c [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:15:54.0436 0x1b6c NetTcpPortSharing - ok
22:15:54.0483 0x1b6c [ 46E862DA2CF8F351375EF537276B69B5, AC0FE0977E56380849DCE668AC0F5AF183AAB115ED84ADD964E390CC0BEDF6D3 ] netvsc C:\WINDOWS\System32\drivers\netvsc.sys
22:15:54.0499 0x1b6c netvsc - ok
22:15:54.0546 0x1b6c [ 88CE4AC85F36B6347C1D820FA373B998, E10B5DF8883928A2062FC6180DE4CF0DE33C68622C2E3E4E1AFC56A0682F8E75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
22:15:54.0577 0x1b6c NgcCtnrSvc - ok
22:15:54.0593 0x1b6c [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] NgcSvc C:\WINDOWS\system32\lsass.exe
22:15:54.0608 0x1b6c NgcSvc - ok
22:15:54.0671 0x1b6c [ D5B50FCE0B749FC82BD8FD3A79FF623E, DB5E21011E020C08A5BE2B250BDEF9ACEA9891D6B7022BB9AAA5C6B92A4C87F8 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
22:15:54.0702 0x1b6c NlaSvc - ok
22:15:54.0733 0x1b6c [ 41557BE174E9EC6AC703A8A4ADBC6650, 8CF6DF3FDC3C7C44B32851538A67BF86A54AB6444A424D7A20B7A9A94B4158D8 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:15:54.0749 0x1b6c Npfs - ok
22:15:54.0765 0x1b6c [ AC3F70FCFBCE97AA2F12BA43EE13B86E, D0AC50FB022C0F3031531CEE210D47FC3244C6FB55FAAD4AAB04081F0A21DAE4 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
22:15:54.0796 0x1b6c npsvctrig - ok
22:15:54.0827 0x1b6c [ 0AF4872D3D6FD3A030E836DAC2B3EF2D, 03EE7B6FAFC0BB5C26793BC5FF8BD1019AC96B3104688009C1E062C3F4F34D6D ] nsi C:\WINDOWS\system32\nsisvc.dll
22:15:54.0843 0x1b6c nsi - ok
22:15:54.0858 0x1b6c [ 66A98C407085B8920DF1E6D722F1ADB8, 3FE307E4A9E41B08E0453507E50D6D0C67FA6F4245A863D90181463C749C83B5 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
22:15:54.0874 0x1b6c nsiproxy - ok
22:15:54.0968 0x1b6c [ 466EC5659C02ED53DBD47DC1BC2B8086, 1F35DE75386F7D029C01D67B09D5E5157141C6892858885C11972CE73D6078AC ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys
22:15:55.0046 0x1b6c NTFS - ok
22:15:55.0077 0x1b6c [ 383E546EF4982262A0EF6CC2B6E9D525, 3C6C90B62E8EB094E6928C388E5081A3F73DF87B0F34F716B72EA7B6EF71FBB7 ] Null C:\WINDOWS\system32\drivers\Null.sys
22:15:55.0093 0x1b6c Null - ok
22:15:55.0124 0x1b6c [ 466F875F1D4C6ABB46AF28007009237C, 26F5A5579737A7CF2267F79DDE5A551149C682D5FD24663B53FCEC5AA6B448CE ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
22:15:55.0140 0x1b6c nvraid - ok
22:15:55.0140 0x1b6c [ 76F19EAE7A52CBAF7B8EC428BE6E0DA0, CF1E55D92FA32744A20AB75D466A3E05E6FACF4694F9265C41F5C27C1E7243DC ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
22:15:55.0155 0x1b6c nvstor - ok
22:15:55.0171 0x1b6c [ 0D0CB77D74B38E0EC62341C19E469D8D, A05D3CC67FEEB2FD219BFAA34BF98CB3F3718042124AF28F0E9FDFB9F132DD76 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
22:15:55.0186 0x1b6c nv_agp - ok
22:15:55.0280 0x1b6c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:15:55.0296 0x1b6c odserv - ok
22:15:55.0343 0x1b6c [ EA3FFE8617B9FCA1620AD9876E92F4F1, 68D5143CA71D10A2BB44E29B3C76580596669D0624076BCF6CCBA7AF3140538E ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
22:15:55.0374 0x1b6c OneSyncSvc - ok
22:15:55.0452 0x1b6c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:15:55.0468 0x1b6c ose - ok
22:15:55.0702 0x1b6c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:15:55.0827 0x1b6c osppsvc - ok
22:15:55.0874 0x1b6c [ CAFB5A95883158A0579DED2ED5CB0627, B23F7D19142DD3544F96ADB36F152F4EA7F6C524A1281EC26A2B95D7D044822C ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
22:15:55.0905 0x1b6c p2pimsvc - ok
22:15:55.0936 0x1b6c [ 3612CE3432E0A2BE0081E6B488ACF84C, F1A641735FD374CA293FB98FADA2C41E2033B17FECCA3B6D225D0E591AFFF413 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
22:15:55.0968 0x1b6c p2psvc - ok
22:15:56.0046 0x1b6c [ 38F1AE32339731F6E5A7281AE8042545, 308954518C45D29FC199525F0CC7FE4EA805322EC0B871DDDCBEEC15355514C8 ] Parport C:\WINDOWS\System32\drivers\parport.sys
22:15:56.0061 0x1b6c Parport - ok
22:15:56.0093 0x1b6c [ 707889D2F95AAE8C9DD254D8767AD908, BE7BD94728D7629F8B7567523FFB42B8979941CEA2EA03E11BFCD51CF119FC27 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
22:15:56.0108 0x1b6c partmgr - ok
22:15:56.0155 0x1b6c [ A09B0D8F9F0FC17EBCE6481AC9FD5CDF, 8E8D68992D98CF3DBC4B70C7902B3EC28A1E2DA8D4DB38F0AD9D52B1A5A1D40F ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
22:15:56.0186 0x1b6c PcaSvc - ok
22:15:56.0233 0x1b6c [ 2834089EA4E550FF3B96E61FB4AA34ED, D25DAB47F9778675E984E0738D2014024C2758D52D7E071167A12FF466B7898E ] pci C:\WINDOWS\system32\drivers\pci.sys
22:15:56.0249 0x1b6c pci - ok
22:15:56.0280 0x1b6c [ 3D587E4295B11B8480F7ACB09A89D718, 8C3BD62B3451E1B2E7197EDAE381785406DF86C03BEEC486602C642FDD37DBC1 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
22:15:56.0296 0x1b6c pciide - ok
22:15:56.0312 0x1b6c [ B8F07002B5F1DA23CFF979C2806B09F3, AD5C589A02BB8185AA070420BF30E78BC8BE3C6F9B0F66319A8CA05B70A5ED32 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
22:15:56.0327 0x1b6c pcmcia - ok
22:15:56.0343 0x1b6c [ FF588077D0C6AC2EA3FCBF1903CE08D0, 64BE1646FB6D8CC902B6F386255F7C0420E3C334E14DECD527DD541B43A1DCD6 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
22:15:56.0358 0x1b6c pcw - ok
22:15:56.0405 0x1b6c [ 5A4426450501534666F9E6157E258A0B, 2735EE7C5581D2FF5454662623BE94D08043C894580D540F0E5D3E21C7D7EC45 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
22:15:56.0421 0x1b6c pdc - ok
22:15:56.0468 0x1b6c [ 688F47C342E1BBC87A48AB71D316233E, CE99AB67C7E7A11AC69C2F4513AEBDACA385BA7F8CC49BE6313CE04ED404A0E7 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
22:15:56.0515 0x1b6c PEAUTH - ok
22:15:56.0546 0x1b6c [ 189265498945593D5256CFF7FEBB9665, 9CB88CC3C726BFE6EDCE8D9E4544306AACD3FB9E969E3A438D9FD533F25C1281 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
22:15:56.0561 0x1b6c percsas2i - ok
22:15:56.0577 0x1b6c [ 9B86965114F6831A5130EFE6657B17D9, 4C5B657DB9A9F96BFD3EAFA756ED60D911EB58857C439F5FA6E495A473ED1145 ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
22:15:56.0593 0x1b6c percsas3i - ok
22:15:56.0687 0x1b6c [ 8A5A52C855FB5BFEF019AE9938AEA8AE, 77CB8A09B209DB5895319BA9D073A67148926E22C47836343050DFC178AFAEEE ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
22:15:56.0702 0x1b6c PerfHost - ok
22:15:56.0749 0x1b6c [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect C:\WINDOWS\system32\DRIVERS\pgeffect.sys
22:15:56.0765 0x1b6c PGEffect - ok
22:15:56.0812 0x1b6c [ 42172DDE99D9F2AB3B0739506699A566, 6B0FAD656A24787E9429EA89F7DC03CC535D8E5D093378F93164ECADCEE5CFDF ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
22:15:56.0843 0x1b6c PimIndexMaintenanceSvc - ok
22:15:56.0952 0x1b6c [ 82FDEC2A262728F62F2111A84CC04B16, A1FCE38D4F55F10BB9B3BFB7D9E3EF7C27D499D9C8882218C8A9A73487798188 ] pla C:\WINDOWS\system32\pla.dll
22:15:57.0030 0x1b6c pla - ok
22:15:57.0077 0x1b6c [ 7B3DA16FAA498838BB457E0B7E380EDF, B73DCFFA60886F10765E4B76A58CFF18C08CAFEE620700361FC8FEC7E80B5958 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
22:15:57.0093 0x1b6c PlugPlay - ok
|
|
23.04.2016, 21:18
| #5 |
| | Windows reagiert oft nicht. Fund durch Avira zweiter teil rootkit Code:
ATTFilter 22:15:57.0124 0x1b6c [ F1E9C35A8DFD4D64382CFB9019A950F9, 24E0381C6909F9876D6DC4697DC6405FE18DF91531891B2CCA6DB0191B9C6DF4 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
22:15:57.0140 0x1b6c PNRPAutoReg - ok
22:15:57.0171 0x1b6c [ CAFB5A95883158A0579DED2ED5CB0627, B23F7D19142DD3544F96ADB36F152F4EA7F6C524A1281EC26A2B95D7D044822C ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
22:15:57.0186 0x1b6c PNRPsvc - ok
22:15:57.0233 0x1b6c [ 62C0BD179961132EF2C5B952210C11F5, 2473FBB3619D0DDA229D4BEC30CEFE7497C27ED3844A5B7655F6F2D328FEAF61 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
22:15:57.0265 0x1b6c PolicyAgent - ok
22:15:57.0280 0x1b6c [ 6390391EDFC43DD11CE9E6AADCAC20EA, C8BC222FFBB9E47489D16BB5248E0E2E594011C46CFF71F5DBCC4D5CC6788098 ] Power C:\WINDOWS\system32\umpo.dll
22:15:57.0296 0x1b6c Power - ok
22:15:57.0327 0x1b6c [ 1433EB7908E5E1E20FFD50E4126C3484, 34D81680C8F2F2C5892FC0E0A6DFCBB241AFF493267A1FE182ED28AE9F712456 ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
22:15:57.0358 0x1b6c PptpMiniport - ok
22:15:57.0530 0x1b6c [ 12E2582F69ACA40A6BAE91DA578CBF34, 648C6394763906AA4163976DA2C3308F8B706486D9D8F16258CB1D61C2929930 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
22:15:57.0655 0x1b6c PrintNotify - ok
22:15:57.0686 0x1b6c [ 22DE54C3974E4FD98F61D095C22C59B7, 64E78D6DEC4A28ABB0A23F2CF078459D81796EC79235AE45976ABB4F72B1D1E6 ] Processor C:\WINDOWS\System32\drivers\processr.sys
22:15:57.0702 0x1b6c Processor - ok
22:15:57.0749 0x1b6c [ 27D0B024BB356C6BEB1214B61E47DE02, 8CBDD62E243CC652F2197AE83DEDD21D91D2792558A6D7D1CC680B37607DEF4B ] ProfSvc C:\WINDOWS\system32\profsvc.dll
22:15:57.0780 0x1b6c ProfSvc - ok
22:15:57.0796 0x1b6c [ EDD52C352CBAAAD13FD7BD5DCEA309B3, EC7D294B23FD5C309E5C4C455896937B85DC615E1B36C9F8F3BDC90E75EBF9CF ] Psched C:\WINDOWS\system32\drivers\pacer.sys
22:15:57.0812 0x1b6c Psched - ok
22:15:57.0858 0x1b6c [ DD3FF2053356D11C785999BBC633F3E0, E9A5B7C657F4523E5DEF7AEE7ECFCC94E911FC65F1D491BEF01239F357B8D8E0 ] QWAVE C:\WINDOWS\system32\qwave.dll
22:15:57.0905 0x1b6c QWAVE - ok
22:15:57.0952 0x1b6c [ 51590F442C6E5D43244BA30DDB0CE79D, 9C7FD0A19753C13FD4A27EBFD60703A2414D5A2F6F451F0B32769C8D7C953980 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
22:15:57.0968 0x1b6c QWAVEdrv - ok
22:15:57.0983 0x1b6c [ E951E70019865B06126AF850BCCA2026, C590DE38C7603149AFA0271D57EEBAF956F18F50584FCF04BC2C8D8CEC5C5932 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:15:57.0999 0x1b6c RasAcd - ok
22:15:58.0046 0x1b6c [ 0BF8607133AE264BC3C41A5BAA5FFB7B, 9A4F6AC6013AB5C2A99BCFC2CCF161DD225DE8D85D61579655ADBF04A4383A61 ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
22:15:58.0062 0x1b6c RasAgileVpn - ok
22:15:58.0108 0x1b6c [ FE0976379F9E7DB6F7945FCEB88C7E29, BA331CE55C02E86478714DA87FAC547B50D53BC7D02BCA5A64D484DED44BFAA5 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:15:58.0124 0x1b6c RasAuto - ok
22:15:58.0140 0x1b6c [ CA60F6C03611AF1710BC903ED9F566FB, B5C9E8BAC631738761E11168AB68EB1ECC5EC96BF9A8248B9127DCF744CA4691 ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
22:15:58.0155 0x1b6c Rasl2tp - ok
22:15:58.0202 0x1b6c [ 586A17C10D417D889F1FF7D8636E2F34, EEDA4EE8D2BC5C8C7756AB79F1F19AF8B1C4057996748FAE4E3F37844DB0EB33 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:15:58.0233 0x1b6c RasMan - ok
22:15:58.0265 0x1b6c [ E5FA41160F5A3D78D8F7765E5C5F6BB0, 31BA423FFFC3206717DC34B482149421EE28B27A4A3BA2DC78C3B3A9EE0C1365 ] RasPppoe C:\WINDOWS\System32\drivers\raspppoe.sys
22:15:58.0280 0x1b6c RasPppoe - ok
22:15:58.0312 0x1b6c [ DF0834AE921E633E05D1FDC55C318957, 851A00961224DACBEF9DA427122F6B4B73BB99849D5ECB55DBBD311B2EA84C33 ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
22:15:58.0327 0x1b6c RasSstp - ok
22:15:58.0358 0x1b6c [ FC9B7AC6E2B837EF7CD6C64F7068D41D, 9B0DD842033E82BC7EE80416A62B084BF5200923EB7A6C80415BB28004E9B5E3 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:15:58.0390 0x1b6c rdbss - ok
22:15:58.0421 0x1b6c [ FB7375657F8A5932C35EAA45E9B4B416, 99594708BFD6DC9F8CECBF092058D4D0D4F1BC3204E86F9FDAD5207ED5ECF194 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
22:15:58.0421 0x1b6c rdpbus - ok
22:15:58.0468 0x1b6c [ A32AED8C644734B283A7C9D08D76064D, A12F67C57E43B6A2FE6449EA3822B1108FE70C66AF9911798777F85D760E384C ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
22:15:58.0499 0x1b6c RDPDR - ok
22:15:58.0515 0x1b6c [ 37CC7E41243EFBB4FBC0510E5CA32A02, 634E2F81D61F937F30E5ECE01FB581E090C6DA073EF7B1A3F6083ECAF363CB46 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
22:15:58.0530 0x1b6c RdpVideoMiniport - ok
22:15:58.0577 0x1b6c [ DAF957B25A35757E9D814611FAE8FE3B, 5244A427B2DEB5349B9F336A4A39A6834A6E8118A8EDA00738C6CE09F2452C24 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
22:15:58.0593 0x1b6c rdyboost - ok
22:15:58.0655 0x1b6c [ 2C72E029C153D25325CA182A669E4ADE, 5CE0E04A6B53A1F11E8159DFD1E59F2AE6631E3B5BD27BAAEC4A35BC02A55722 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
22:15:58.0687 0x1b6c ReFSv1 - ok
22:15:58.0733 0x1b6c [ BABEE4A896D005BD0D205F1C932DA25E, 269FDF65BE3A226FA2A5CA25085366E32ADAD30A020484FE844962E8C61CB1D2 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:15:58.0765 0x1b6c RemoteAccess - ok
22:15:58.0812 0x1b6c [ 066062967A77867BDCF665960EFDAD32, 68143DBDFA7C68786C22F5CC4E80200255C663A844069C080E7816F423ABB1F4 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:15:58.0827 0x1b6c RemoteRegistry - ok
22:15:58.0905 0x1b6c [ B0511B21366DA51DB2D7813B7E76D776, 99D7FCC6B0DDF9EE475252966BA5F926C9FE9856EB72582473CFA573F4B9DD96 ] RetailDemo C:\WINDOWS\system32\RDXService.dll
22:15:58.0968 0x1b6c RetailDemo - ok
22:15:58.0999 0x1b6c [ 67E83C0C9A2B5ACEE9EF690E6B7E9189, 63D2A73B2031B52C66EF0455393BF05C55F9F7B0B9E48C54A39E547D46E090F6 ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
22:15:59.0030 0x1b6c RFCOMM - ok
22:15:59.0062 0x1b6c [ 6451FE42C35FDE3862D99579444F4A8F, BD56A1120AACF6143E6EB739E12BEE86DF142F1159865608BDF1BBE54B66AFCE ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
22:15:59.0077 0x1b6c RpcEptMapper - ok
22:15:59.0124 0x1b6c [ F24131EAD1D0B73463052BB042A37B6C, 43B5772310B200DF1914C8E4D10401A0BCE9082BDEAC34736AFB2920B39D7956 ] RpcLocator C:\WINDOWS\system32\locator.exe
22:15:59.0140 0x1b6c RpcLocator - ok
22:15:59.0155 0x1b6c [ 5E57B9FBB4E9C43EE5B69BEE01A1819F, A1F8D1E52AF446CEA2EB50064E3A24B713B19197D61C3EAECB81B3CCD80558E7 ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:15:59.0202 0x1b6c RpcSs - ok
22:15:59.0249 0x1b6c [ DC66C1D262D64E30A30B68E9F21AC74B, A5ED3D31BCD68DBC00A956787517ACA167C86F5FFDAF7C9A85505FA2B705C6CB ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
22:15:59.0265 0x1b6c rspndr - ok
22:15:59.0296 0x1b6c [ 907C4464381B5EBDFDC60F6C7D0DEDFC, A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89 ] RSUSBSTOR C:\WINDOWS\System32\Drivers\RtsUStor.sys
22:15:59.0312 0x1b6c RSUSBSTOR - ok
22:15:59.0374 0x1b6c [ 952209B8749D7AB91D5BB95665C5D13E, B7E6D7293A2D2B7492FD240E52E041E0BA4818F99FEBB3C6B718C1871D190E26 ] rt640x64 C:\WINDOWS\System32\drivers\rt640x64.sys
22:15:59.0390 0x1b6c rt640x64 - ok
22:15:59.0452 0x1b6c [ 4E821C740A675F6D040BE41D59A62B1D, F09A0247DD21580AEE268FB88371D581B6383FC354B5FBBD147E5338BF7681A4 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtHDMIVX.sys
22:15:59.0452 0x1b6c RTHDMIAzAudService - ok
22:15:59.0483 0x1b6c [ 88F7703F2A4677C828124AE2110D3EBC, 529F6A5815806F2EA2235802BD28AF8D7A40E7799356BD3EC337C9E71B6B53E6 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
22:15:59.0499 0x1b6c s3cap - ok
22:15:59.0515 0x1b6c [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] SamSs C:\WINDOWS\system32\lsass.exe
22:15:59.0530 0x1b6c SamSs - ok
22:15:59.0562 0x1b6c [ B467E932FE4E16E201DC7E56870CB559, 6FCE9A2DFC5D222BBEA4AA271A17B830FCF8EAE44B07BEE5FF34AE50CABCBB6A ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
22:15:59.0577 0x1b6c sbp2port - ok
22:15:59.0624 0x1b6c [ 3E115C63649402D321D396F8D606C9B0, F4BA7FE0E89D563A57B6865E4CF1334998987D11A0D70FF7491726A507B40DF4 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
22:15:59.0655 0x1b6c SCardSvr - ok
22:15:59.0671 0x1b6c [ 67EFFD3D1BB6D2B67DF7F8FDCB1A51FC, DE41539FAC730F5CFF6C8754ECFF1253AFDC1C86743AE71B61D716B7A84E85FD ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
22:15:59.0702 0x1b6c ScDeviceEnum - ok
22:15:59.0733 0x1b6c [ 31DDA0716EC265CA57DAF9D2295FD76F, E6F39C1B3CF81918277DB8C6E3DF9A82812E1C9063DEB1FB85FE433DC9A16CBA ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
22:15:59.0749 0x1b6c scfilter - ok
22:15:59.0812 0x1b6c [ 2EA574C3DCFCD47502946B85B342AA0C, F6DA375BE13FBCF20755C766E19159CC44A0B16163CF297B8AE49DD0602AEE73 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:15:59.0874 0x1b6c Schedule - ok
22:15:59.0905 0x1b6c [ 320E7A02D81A468E8C1FEEFDB856AFAE, E65127D3D6B628F9D19EA509FEBD9E4DC1BF20D0C62C3C9E1D7087DF972B2AA7 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
22:15:59.0937 0x1b6c SCPolicySvc - ok
22:15:59.0968 0x1b6c [ CC41D16FB823F9BE167BE773F225CD1F, 97020D419CFC161A4EEF238F8580ADC2D026221217BF41728C54F52ACDBB9FCB ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
22:15:59.0983 0x1b6c sdbus - ok
22:16:00.0015 0x1b6c [ A906C527B838A4922611C63EBD250F91, 6BB0054A9C2408138BDF49D834FF99B5B9764E7747ABC15016F54FBA1D28394F ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
22:16:00.0060 0x1b6c SDRSVC - ok
22:16:00.0082 0x1b6c [ F4BF50A7D16A97A887BFA0F193693C42, EEBF5AAC149C72F490BAC954B25BB6882B10FC38F93CA4F4829A06702B1ECEF9 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
22:16:00.0100 0x1b6c sdstor - ok
22:16:00.0132 0x1b6c [ 648A299839E8F48A946C41DE270D28F5, EEC9A5FCBE3FF78FB5E0452FF1932A8B0C7399688041E22555703CB1977A4428 ] seclogon C:\WINDOWS\system32\seclogon.dll
22:16:00.0156 0x1b6c seclogon - ok
22:16:00.0172 0x1b6c [ 29452A9DA3E3482F0C2963312F979053, E1782D36C336C4B4C261AD665C1E9051905AA86020E08FC94069972AF4C4DB4B ] SENS C:\WINDOWS\System32\sens.dll
22:16:00.0188 0x1b6c SENS - ok
22:16:00.0266 0x1b6c [ 919BA7E3054E4F1D61A3524ADCE6A970, 3C382673DF5AF2F38A5AE4A268F5856B0CC9E65D52213DE6D2C06E252753B73C ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
22:16:00.0328 0x1b6c SensorDataService - ok
22:16:00.0375 0x1b6c [ 01C2EEA7870FE26A4A6CCBA5421CC7E5, 9E643AB6BCBECE4F2A5FD4C96547A4E3F2BDFEFC5FE24B802467718EC69929F8 ] SensorService C:\WINDOWS\system32\SensorService.dll
22:16:00.0406 0x1b6c SensorService - ok
22:16:00.0438 0x1b6c [ D2FEE824B4AA0BE377F1353E5F915BF4, 00D754C62F3482BBD0EA72C896139C39D15192B2D9FCC7B755D1FB9DF9FCFD9B ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
22:16:00.0484 0x1b6c SensrSvc - ok
22:16:00.0516 0x1b6c [ 9DB0BBE3ABE1F49651AE51EC5BCABE58, 0B46C1F231F41766AB73EE7E9834D3CDACA602D12E702D9277E28B47417D9CA4 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
22:16:00.0531 0x1b6c SerCx - ok
22:16:00.0578 0x1b6c [ C4AF79C37334D995D95C22C14FDBF7FD, 4D4985921261909F2123467A22EDB102B490710F60AB935624435E5BB808A0E9 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
22:16:00.0594 0x1b6c SerCx2 - ok
22:16:00.0656 0x1b6c [ FC541A272F47BE03E67A9FCB87FA8C3E, 730A3616FD67E9F2832442144B2655A8EF78B9AFCB204113E73E257256491354 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
22:16:00.0672 0x1b6c Serenum - ok
22:16:00.0688 0x1b6c [ 2A5F5F95FCA123DCBF53B5F603B64789, DE5C9E1D88B2C180B137DA7839F3EF6C936A171ABA49F89C10EE9C73A2226F3F ] Serial C:\WINDOWS\System32\drivers\serial.sys
22:16:00.0703 0x1b6c Serial - ok
22:16:00.0750 0x1b6c [ C8738887228B7BFA3B1A906816A8BB12, 328283569201791891D5E9FB3028DB5B9FD93A7BEFC00C7DEBC2CC5731DE64D5 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
22:16:00.0766 0x1b6c sermouse - ok
22:16:00.0828 0x1b6c [ B1CB58853153397DFFA2D13A81451D09, CC9B3B064711E9B5CB38DC1C84DC410033939848BD31BB0D12F990E8154F357E ] SessionEnv C:\WINDOWS\system32\sessenv.dll
22:16:00.0859 0x1b6c SessionEnv - ok
22:16:00.0906 0x1b6c [ 67832B68752CDF7FDE56949E4A2E70BF, A72320EA8575A751DF86A1EE7969AD9D548D6185F2520197262E11B79FF8222B ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
22:16:00.0906 0x1b6c sfloppy - ok
22:16:00.0969 0x1b6c [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs C:\WINDOWS\system32\DRIVERS\Sftfslh.sys
22:16:01.0000 0x1b6c Sftfs - ok
22:16:01.0078 0x1b6c [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:16:01.0109 0x1b6c sftlist - ok
22:16:01.0125 0x1b6c [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay C:\WINDOWS\system32\DRIVERS\Sftplaylh.sys
22:16:01.0141 0x1b6c Sftplay - ok
22:16:01.0156 0x1b6c [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir C:\WINDOWS\system32\DRIVERS\Sftredirlh.sys
22:16:01.0172 0x1b6c Sftredir - ok
22:16:01.0203 0x1b6c [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol C:\WINDOWS\system32\DRIVERS\Sftvollh.sys
22:16:01.0219 0x1b6c Sftvol - ok
22:16:01.0250 0x1b6c [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:16:01.0266 0x1b6c sftvsa - ok
22:16:01.0313 0x1b6c [ F10E5536E1C753E01CF19FA4F466CE90, C9897F22B176D84CA233F864078895E3DAD4DAD090FACBB01BD6E59EE337B47C ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:16:01.0359 0x1b6c SharedAccess - ok
22:16:01.0406 0x1b6c [ 4AC12D495B3CB4275F74C68A7A017561, DC53EBD606ECCD8BCF6D618C0EB58B03F5C20F09E0F0AEDE9B8082D6B208B19A ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:16:01.0453 0x1b6c ShellHWDetection - ok
22:16:01.0469 0x1b6c [ ED058030296CF9B79C8D48BF43724323, 01DC7C2590DF48116CD1A126F207FE5DE439A53286BAE3736E22EE3D1CA80BE3 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
22:16:01.0485 0x1b6c SiSRaid2 - ok
22:16:01.0500 0x1b6c [ 633D3D1581E9DCCD5A2D8F039104C9A5, C44B5097016C2AEC8B41F77425FE44413562F9DCF0C0C11CA69D8178970B4706 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
22:16:01.0516 0x1b6c SiSRaid4 - ok
22:16:01.0563 0x1b6c [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:16:01.0578 0x1b6c SkypeUpdate - ok
22:16:01.0610 0x1b6c [ F06D0E0C7CD13DD01DCCBAEB1EBC9283, 6E8C78EE466901650EF4028D6B64F2BF5969C883E8F498E9FAAA3C2A955F0A01 ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
22:16:01.0625 0x1b6c SmbDrvI - ok
22:16:01.0672 0x1b6c [ 35B8FC714C2E7F07F7DC7C64452153F8, 6D45EB01B5F972ED0E5520E771F007FFEE892054FABDB3DD00D3E9915D3A0A31 ] smphost C:\WINDOWS\System32\smphost.dll
22:16:01.0688 0x1b6c smphost - ok
22:16:01.0750 0x1b6c [ DE3A5C27EC842A113F68A2705FF63B00, B134EF63708A892B673B539F544F7980FF72838D822E8E4CCDDB359B22CB8805 ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
22:16:01.0781 0x1b6c SmsRouter - ok
22:16:01.0844 0x1b6c [ CD1056818A6FCEF4D32BD1D6E34070D5, F5BFB61ACB220A73B0DC4487B049F52E9F9FA2D4188C001E7A5838D47CEA6343 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
22:16:01.0859 0x1b6c SNMPTRAP - ok
22:16:01.0906 0x1b6c [ 187B4AD4446C59F8FCC4A10F473EE3D1, 0AAD961B3D7B3484DC89CB86F3EC96CEBFABB7224A5BFB48083DE8F1805EA7B4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
22:16:01.0922 0x1b6c spaceport - ok
22:16:01.0953 0x1b6c [ 2799FCA215919FDC9A87C5FCAB530828, BDE968BF26693AA4D70AB669896BCA49C6F533EA226386B35B0EA589A55227B5 ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
22:16:01.0969 0x1b6c SpbCx - ok
22:16:02.0016 0x1b6c [ 58C17D92AD61EC7A98B05F4FAD0D205A, B881134A1BD9194145A9D18BDB34D57E2C167F06C2A9368459D0C33E6E0D6501 ] Spooler C:\WINDOWS\System32\spoolsv.exe
22:16:02.0063 0x1b6c Spooler - ok
22:16:02.0297 0x1b6c [ 5C31E109943E67CFC801810C00AB63EE, 9A80D7CDA1135EBCE10E753986A59CFA3D8D49F9B0BE38FDF99880B1DD88C41D ] sppsvc C:\WINDOWS\system32\sppsvc.exe
22:16:02.0578 0x1b6c sppsvc - ok
22:16:02.0610 0x1b6c [ AA1F23501511EFE9CF9771F6B20E8D45, E786852D9877CCFD35444F8FC694467132F868D87A8C344FD1016FFDE74695A5 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:16:02.0641 0x1b6c srv - ok
22:16:02.0672 0x1b6c [ F5B169EDF9D5E3C7200D89D30E065D13, 12BAF3A3CB76F0900FA53681C9AD16F40308F493BA22C0F60E1E268D0D6AF825 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
22:16:02.0719 0x1b6c srv2 - ok
22:16:02.0735 0x1b6c [ 2E142E027F0AA698BA4DCE49CBDB43CD, A21027BBBC75A55A8B302D028113A0683016E4C72790A8C561DDB1AE7FDB4289 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
22:16:02.0750 0x1b6c srvnet - ok
22:16:02.0797 0x1b6c [ BF71B3FB5B7557CB740CDB09C5FB50D9, D6F9E65FDC9C4ADAFE82D94F71A1F5960DB3BEEBF4FE5B2D087515C4FAA5F287 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:16:02.0813 0x1b6c SSDPSRV - ok
22:16:02.0860 0x1b6c [ EF1BC04215C201ADA3F7F5A2F034EA21, E1A7A0FA2032B9E7D3951100E74C04D93CD848C88D23D57FBA0BFA2816B29C61 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
22:16:02.0891 0x1b6c SstpSvc - ok
22:16:02.0922 0x1b6c [ 9B74226E10CD57E965F87014841016F9, 95C76049DBBF3B31A9B01CFD0EDAAC47DE9A1F096B61D05C47FB85E1AFC07288 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
22:16:02.0938 0x1b6c ssudmdm - ok
22:16:03.0047 0x1b6c [ C26E2C89EFB4BB39CD135B5DED804B78, 99288C6023DC6AC6554521EA671AB387ACE2AE2BCDE145C7012202842FF40841 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
22:16:03.0172 0x1b6c StateRepository - ok
22:16:03.0235 0x1b6c [ D27C8C88CEB69075465B41DA6ECF3374, B1A70A30787080474E901E4743996EEE4FCD09BEDBBA89CE57ACAE05A67907AB ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:16:03.0266 0x1b6c Steam Client Service - ok
22:16:03.0297 0x1b6c [ DDE064A4298FD1FBF804D3ED691E7EDB, B0D117B1FC0DA2CB76F5F63699E2F108930B6C6721AC443111D48215ED624278 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
22:16:03.0313 0x1b6c stexstor - ok
22:16:03.0344 0x1b6c [ 7C4D2F167FA6153B4FE7145FE6D3DF15, F39ED9CDF323DDC57D0F64F9CC121E911EA53819A3A941A2F6EA557C35FCB372 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
22:16:03.0360 0x1b6c StillCam - ok
22:16:03.0406 0x1b6c [ 60F04DF1AB55D6D4BDA02052DD20537E, 52996EDF2C06968DADC9BDF24E4039929B81643493C7193B8CC4A6BD1A3AE761 ] stisvc C:\WINDOWS\System32\wiaservc.dll
22:16:03.0453 0x1b6c stisvc - ok
22:16:03.0469 0x1b6c [ 32C95F44108C3E7DB58F773346E3C9D0, F852D8ECA06080EA6DE1A90509071965A750D9CFC9627F0D4DB8ECC57133B0B5 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
22:16:03.0485 0x1b6c storahci - ok
22:16:03.0516 0x1b6c [ 8883C8CE4942A99B84E1CC6EFA19738E, 60C1CDA4382F8EE70D810DBB1BCAF5F389433563FF23EEB84859612F396D8CE6 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
22:16:03.0531 0x1b6c storflt - ok
22:16:03.0563 0x1b6c [ 7042792AC7045D1EE8CC9FE743FD5194, F0CF2E542A51C887B476FAAFFA35504A85C3D127CCBD03C13C24984AEDCF506D ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
22:16:03.0563 0x1b6c stornvme - ok
22:16:03.0594 0x1b6c [ 63513EF3121689B3A59BD217618A2E42, DE9B89732801DEC60BD116D58CFB427F7E37F093BE8A9F6E0CAC729B5346B314 ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
22:16:03.0625 0x1b6c storqosflt - ok
22:16:03.0672 0x1b6c [ CC96FF061C772340F2ED89ABBA567ADC, 028CD44405B7FAFC7BF331DD729E44E0594A63386F48CF39D7725A58B3DE22D6 ] StorSvc C:\WINDOWS\system32\storsvc.dll
22:16:03.0719 0x1b6c StorSvc - ok
22:16:03.0735 0x1b6c [ 000F5CFCEF0F06DC8FD1D2F568E48AE4, C1FE485E57A1B912CE79556E0EFF03CC11362E7966D250E3AA4962DCCB8F8EE6 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
22:16:03.0750 0x1b6c storufs - ok
22:16:03.0781 0x1b6c [ 7415087F9006D6818F85F3CBD79B1A50, C768EBB2263375D285D689FEEF546147D42D7376977424A4D6FD655CC78EA7CD ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
22:16:03.0797 0x1b6c storvsc - ok
22:16:03.0828 0x1b6c [ E49858EA5865A015EB78B7F7C1C07DE2, 1ADBBAC2D2E2E3C40AB0BDDE068001E76A8DAB79C54F06479F7A4567DAD7A7A8 ] svsvc C:\WINDOWS\system32\svsvc.dll
22:16:03.0860 0x1b6c svsvc - ok
22:16:03.0953 0x1b6c [ 802278EE4ACCE9EA1F1481DF20EB1667, E78F0DA2CA0B2C2DF3B7E3B2A22C03380FE649813EE6EB31067C5FB6727DB7BD ] swenum C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys
22:16:03.0969 0x1b6c swenum - ok
22:16:04.0000 0x1b6c [ 313D2C0DBA0B23A8302254FD317D2EC8, 20B98D6F33FEC7ACBCEED9757A3FEAD837FA7BA378BA25575A33EA45E076FC6B ] swprv C:\WINDOWS\System32\swprv.dll
22:16:04.0047 0x1b6c swprv - ok
22:16:04.0078 0x1b6c [ 12D0CB1DCAE6725B6CA54CC2038C4C8C, 7D224298E440B8C5FDD99A52485A6245DE5109C9A02E65AD38F1EC6DBF4AEEF2 ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
22:16:04.0094 0x1b6c Synth3dVsc - ok
22:16:04.0141 0x1b6c [ 1C3F9491A1880C43F95A6F675736BF85, 15B47D3583400B8F8A10483B0E0B0228723F8E95750FADE0CACA64BAB48D8C97 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:16:04.0156 0x1b6c SynTP - ok
22:16:04.0266 0x1b6c [ E1415A51EFD0FB87649954C76BEE32D9, F65B35DE88351CEA4A0DD9CC76EB50EE777F323C4D15EEFCA43321CA4C525FBC ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
22:16:04.0281 0x1b6c SynTPEnhService - ok
22:16:04.0344 0x1b6c [ 4EF908A86E6866783D66E2DF97666269, 4FF31CC0AEB36FF55D442E8C12DE3F311CF959D3094013609A177BEE31BA5CF9 ] SysMain C:\WINDOWS\system32\sysmain.dll
22:16:04.0422 0x1b6c SysMain - ok
22:16:04.0485 0x1b6c [ 8863F06F520C1C76254B7DB45057BADA, EE8DA20185FBE37F64E8FE2A6FB477D602159AD6B63FFDD807981E6D28629888 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
22:16:04.0500 0x1b6c SystemEventsBroker - ok
22:16:04.0547 0x1b6c [ 95875059929EF91B55EA612D7967DD3D, 5F734209C8C9725376F7C146ED84999CC6D019C4C10B1795F53E72BE8853E2DD ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
22:16:04.0578 0x1b6c TabletInputService - ok
22:16:04.0625 0x1b6c [ FE33F417DFD9847CB571D3C7EE5FA7E3, B3C7BE7998B9B093DD969A2588EE8CEBD9771331A63D4B1D86A188317B5EE71C ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:16:04.0656 0x1b6c TapiSrv - ok
22:16:04.0766 0x1b6c [ BA8CDF0FC9469005A84453A128EEB6AE, 5E037452DAB8B9004BCB761FD2161477E1D22D6F398CE97665F95FD0D6DD26B5 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
22:16:04.0860 0x1b6c Tcpip - ok
22:16:04.0922 0x1b6c [ BA8CDF0FC9469005A84453A128EEB6AE, 5E037452DAB8B9004BCB761FD2161477E1D22D6F398CE97665F95FD0D6DD26B5 ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
22:16:05.0000 0x1b6c Tcpip6 - ok
22:16:05.0047 0x1b6c [ D378A1AF58AFA84BB6AC753F2C1BE9F4, 8BBA623193D51E6A8DD0627FA08C93B918EF1BA2EEBA46CDBB86FE6A1007FDEE ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
22:16:05.0063 0x1b6c tcpipreg - ok
22:16:05.0094 0x1b6c [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] TDCMDPST C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
22:16:05.0094 0x1b6c TDCMDPST - ok
22:16:05.0141 0x1b6c [ 28E1E63A1AC65E17B3194238FA2CF3BF, 9A52D6DD14BEBB7B407B2703A111D1B302F1B84AA40A14D21FCA554F395E935D ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
22:16:05.0156 0x1b6c tdx - ok
22:16:05.0188 0x1b6c [ 1B43FDBFE5A98F6B3D90595C6B2E5277, B13068E99FD301887C12EACDB94DB0B87F1186569AEAD65C1553E74B462EE972 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
22:16:05.0203 0x1b6c TemproMonitoringService - ok
22:16:05.0219 0x1b6c [ CCDBD2817C10A4F631280CBB3AE44FFB, A022DEF4D3CF75F41FA26275347F4BA38A513AD32FF18385C2E756DECB61D404 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
22:16:05.0235 0x1b6c terminpt - ok
22:16:05.0297 0x1b6c [ A0608264209A836821D6AB8C67B108AB, 7912C75F72BCAB7426A2E00C597C8D94C185B5DD31BD6C4BE5D56FECD5B0D9EA ] TermService C:\WINDOWS\System32\termsrv.dll
22:16:05.0344 0x1b6c TermService - ok
22:16:05.0375 0x1b6c [ 261830B1E3650E4471E1F98850B929B7, D281B8A93315E64C7AF5002E5BFBE6AFF8B35FD6AA747AE07D7AA96F4AFAA613 ] Themes C:\WINDOWS\system32\themeservice.dll
22:16:05.0391 0x1b6c Themes - ok
22:16:05.0438 0x1b6c [ 04F4382FF6CF40F4DB99EF01448AAAF5, 96C26B1703964FAFAB9ABC8F4337C28AAEC3198138145644C50B47EC4DEB4F9E ] Thotkey C:\WINDOWS\System32\drivers\Thotkey.sys
22:16:05.0438 0x1b6c Thotkey - ok
22:16:05.0469 0x1b6c [ 79431E9EEAE85C3E579D28265D2E3F21, 4C4A5CCCA8754D15737EC6E838E9F8A2B0D044F1FEB435B332EC70BB0CFA7DE1 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
22:16:05.0516 0x1b6c tiledatamodelsvc - ok
22:16:05.0547 0x1b6c [ 354DAA630928CD4DA2BC84A0DA4ADA9D, AFAE4948EA4F899267DC52DF9A06450FC3E77083B563E541581DA90685C7E98C ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
22:16:05.0563 0x1b6c TimeBroker - ok
22:16:05.0641 0x1b6c [ F120967184A27E927052E8DDBB727851, B54A1D2B4D52C0DF19AC81617A26CA164C5779C568DB86A6FD97D0A14D5FEEB4 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:16:05.0657 0x1b6c TMachInfo - ok
22:16:05.0688 0x1b6c [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv C:\Windows\system32\TODDSrv.exe
22:16:05.0703 0x1b6c TODDSrv - ok
22:16:05.0735 0x087c Object required for P2P: [ 63282F5EB7E5BFB58FD1EC93C6ADB457 ] MozillaMaintenance
22:16:05.0782 0x1b6c [ 98C864481D62F86EC8AF65BE3419A95B, 61F0C7CBFAB151FBB62081A37C655D4E818A558E140F3F3BA5C26B024AE24EBB ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:16:05.0797 0x1b6c TosCoSrv - ok
22:16:05.0860 0x1b6c [ 2AB7A4697462EDB0C9DFAFC529746BA9, 4EAF4839CA35C8FCE9C086D43E7417E52F0714A2227AE983C0B5C88A66A1B554 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:16:05.0860 0x1b6c TOSHIBA eco Utility Service - ok
22:16:05.0922 0x1b6c [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:16:05.0922 0x1b6c TOSHIBA HDD SSD Alert Service - ok
22:16:05.0969 0x1b6c [ 8021F63311797085949FA387F7C83583, 7781994B9F06784807D32FD5A93C5406A441908870B1328BBDA9D15C5DD98C1B ] tosporte C:\WINDOWS\system32\DRIVERS\tosporte.sys
22:16:05.0969 0x1b6c tosporte - ok
22:16:05.0985 0x1b6c [ C523A9186C39D65CC9ADEBB2E1B93CCD, B04E73CAFFD8100512686F3487D28FE62AC3538F6A71DBC94AA724824256E2E4 ] Tosrfcom C:\WINDOWS\system32\Drivers\tosrfcom.sys
22:16:06.0000 0x1b6c Tosrfcom - ok
22:16:06.0032 0x1b6c [ E54143FA5F4D7D651364EBD2E6C1EECC, 52986D58A5176F57CCD7AD68DAA7A00E4A9F93872425BC6D20113CA50D4C31B3 ] tosrfec C:\WINDOWS\System32\drivers\tosrfec.sys
22:16:06.0047 0x1b6c tosrfec - ok
22:16:06.0094 0x1b6c [ DE44A2A2459D0504F146E599F4BD2074, E400F8E0C9D9CC8A523765754634073F531E7B76E8135A734DA976EA86AC5282 ] Tosrfusb C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
22:16:06.0094 0x1b6c Tosrfusb - ok
22:16:06.0172 0x1b6c [ 97687D094AA597DA366E1194B218CC6C, 8A617E1901235518FDB7504FCDCE641D9F7C5D256A11D5FEFD35E7696972E2B8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:16:06.0203 0x1b6c TPCHSrv - ok
22:16:06.0219 0x1b6c [ F4AEDABC8F3A9D632F8206D0C7F8CA09, 6E76749CD4B857B4D930267E3CF448AF4D14FAC851873C5E71572E62CAD2FA36 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
22:16:06.0250 0x1b6c TPM - ok
22:16:06.0282 0x1b6c [ 2D0338A3009075FCCB119CB7F3280F82, F42F3B8DA0F8B2C99892E66CDEF471A1CD30A30CF437ADFF464A2C786A6B87A6 ] TrkWks C:\WINDOWS\System32\trkwks.dll
22:16:06.0297 0x1b6c TrkWks - ok
22:16:06.0375 0x1b6c [ 62D6A900C5DFF2ECF131384E5A5C85AB, 1AF1FB868C59DFF452E3351EE5070B2C746DE606B9E2F1834CE2256F41ABE7A9 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
22:16:06.0407 0x1b6c TrustedInstaller - ok
22:16:06.0422 0x1b6c [ 676C801CAA61AADD0C918CC536A74B78, DB5DEC9445272E46D32DC2A9A99A9AE45729E424E61C679ECFD973AA88457BE6 ] TsUsbFlt C:\WINDOWS\system32\drivers\TsUsbFlt.sys
22:16:06.0453 0x1b6c TsUsbFlt - ok
22:16:06.0485 0x1b6c [ 2BB6CC0DD1CEE86330743B56FA9FE91F, EE71E3DEECA7599947AB09E8967FE8066348D82B4C17D8CBE800FCDE9CF4989D ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
22:16:06.0500 0x1b6c TsUsbGD - ok
22:16:06.0547 0x1b6c [ 14B46248612DF1B1A695040FFFBCFAFC, 8C373A3C416FC9AB3872A187E64AC7A6E69FF605BD8784E8F2B1C28C293A0495 ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys
22:16:06.0578 0x1b6c tunnel - ok
22:16:06.0610 0x1b6c [ 63165D1FA4D51838CD8D7AA3CB4E2651, 70500C52A86ED002502EEBC3A40F5F4EEAEF086B9AC8540C9178FDD770E1265C ] TVALZ C:\WINDOWS\system32\drivers\TVALZ_O.SYS
22:16:06.0625 0x1b6c TVALZ - ok
22:16:06.0657 0x1b6c [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL C:\WINDOWS\system32\DRIVERS\TVALZFL.sys
22:16:06.0657 0x1b6c TVALZFL - ok
22:16:06.0672 0x1b6c [ D0BE5EA1652D55029C9A898FB8ACFCE0, 80C4BC30B967C79B3457F43EB9B530CA2571C6158958879AC55E5A81F71CFF15 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
22:16:06.0688 0x1b6c uagp35 - ok
22:16:06.0719 0x1b6c [ 13C15E4B238895FE4731DB1D612EEB5F, 211E4B05AA09F7FBE2487C3241A98D1F970FEE5B9B1BAED2788B57233BFC4104 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
22:16:06.0735 0x1b6c UASPStor - ok
22:16:06.0766 0x1b6c [ BEBB8B55C5F99B69EEE39A9D7BADB21E, 08A094EA38AB58CC70108A3BDFDD3251897DC4B13FDDAD54C1B063137836EF34 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
22:16:06.0782 0x1b6c UcmCx0101 - ok
22:16:06.0813 0x1b6c [ DE3EDAF609D00EA2E54986E6459796A6, 61A9AB51869F38300CC5CC5D302B962FB966F54CBB2E393954F36372B3A479FE ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
22:16:06.0844 0x1b6c UcmUcsi - ok
22:16:06.0875 0x1b6c [ FB1C1D8B96A482F3581338D6752E1D6C, 0FFAEE3E088614B3483C459513BB9D78EB76B574696FD877A3CDF6A11378F46C ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
22:16:06.0891 0x1b6c Ucx01000 - ok
22:16:06.0907 0x1b6c [ 4E1543ACE2F6E2846713E5123D9D4159, 1A6AFC525A80D1F19B14CDAD38790DF7293911C4D0E8301161D92201B934C3D4 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
22:16:06.0922 0x1b6c UdeCx - ok
22:16:06.0985 0x1b6c [ CDCA9CC1D8293E75218D8FF85F2337A4, 173086C08DDC7625E026E425F1E2B5D6C795771BEAE9BFF6093E3592FBEBD323 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
22:16:07.0016 0x1b6c udfs - ok
22:16:07.0032 0x1b6c [ BC683E19307C533C7161DB7A58051347, 5553BE3421986FDD9992EBFD883CDA151F7166C01BBFA3E9183A3C93E41D79B6 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
22:16:07.0047 0x1b6c UEFI - ok
22:16:07.0094 0x1b6c [ D14B42C26DE402F316D49667D15446F0, 61CC9FF03EF78631C800EFD8D587975CB94D53DB80E6F60BD13BA52EC5690D3D ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
22:16:07.0110 0x1b6c Ufx01000 - ok
22:16:07.0125 0x1b6c [ 192470BE4321791FBB25F379D0141D6F, AD120F8F98BD99014471CE60630B5FEE7555AB261C98B7D9819FE23C386655F7 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
22:16:07.0141 0x1b6c UfxChipidea - ok
22:16:07.0172 0x1b6c [ F7BD838E84E6B286DBCE068EFB8C0800, A55188C8F8BDC739A7ED7D29CDCB2A17468BBB158E13D804963B31ED73449520 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
22:16:07.0188 0x1b6c ufxsynopsys - ok
22:16:07.0219 0x1b6c [ C844E39B900FFA46CA8DD2BBA670A077, 0CB6232BCE47C59821DF25D6ED33E85C3E32DDAB101AA8A2C22B5401E73F5D5B ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
22:16:07.0250 0x1b6c UI0Detect - ok
22:16:07.0282 0x1b6c [ A25842AC180F0E8B02380ECB8ADA1AF5, AF22E7559C5EF8DC22A2B9E27FFFFF075B1D1B68A8307266BD9473E0FAF36BEF ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
22:16:07.0297 0x1b6c uliagpkx - ok
22:16:07.0313 0x1b6c [ 21088F43172525C7E02D335A3327F46C, B04AD471A7DFE83AB557DB4540616B7DF4A1904F8BDDCB920D449FCEE6F36FD5 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
22:16:07.0328 0x1b6c umbus - ok
22:16:07.0360 0x1b6c [ 294A291B5D48FE8F38DD94B7272442C5, 66C9139636760C92C1E04FCF440C432FF6C5A94E1577CAFE1D61FCF2D30472ED ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
22:16:07.0375 0x1b6c UmPass - ok
22:16:07.0407 0x1b6c [ 3427889AECC3B6912A0A01D095E32B98, 322AE14B74295ACFC124719BBEF8809201150A184E262EC55E26D2B45787BF9D ] UmRdpService C:\WINDOWS\System32\umrdp.dll
22:16:07.0438 0x1b6c UmRdpService - ok
22:16:07.0500 0x1b6c [ A4A5FF89F65D8D1AA3A769654AD8DBC0, 9C792595F7E90C6074BC0FF5A63C9A19449E2F2E2780087BBF12A72658437EE0 ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
22:16:07.0578 0x1b6c UnistoreSvc - ok
22:16:07.0735 0x1b6c [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:16:07.0797 0x1b6c UNS - ok
22:16:07.0860 0x1b6c [ BD693208673F40BA21AA70B69F1D439C, E324947C2DD34386A83B09E73668F1CCED127AC91194B8BF7EC4C8E36CF8203E ] upnphost C:\WINDOWS\System32\upnphost.dll
22:16:07.0891 0x1b6c upnphost - ok
22:16:07.0907 0x1b6c [ A7A52EDDC3FAF183D6AC4774690ADF13, 630A0331F2EFA2DC7EFDACD08D8DF5C85BFDA30FF1525050FF54E069AFA45F6C ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
22:16:07.0922 0x1b6c UrsChipidea - ok
22:16:07.0938 0x1b6c [ 2EEA0897DD9E30E958B508D557F0B5E4, BE051A3AA5DFF56310FAB67AD19AC0443A3580542886EF3554EBE18F1323596F ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
22:16:07.0953 0x1b6c UrsCx01000 - ok
22:16:07.0969 0x1b6c [ DC54D775A3A61E4CDE871B4E38A1459A, CC996A9D293201BBD285E7B629B12EE88574702B8AC7BB4149439D6A25A07F7E ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
22:16:07.0985 0x1b6c UrsSynopsys - ok
22:16:08.0000 0x1b6c [ 18B63A0980F4AA1E6D7879B253980E37, 05F96DBE0A3DE2A685DEEBA8B6838A47AEB7CE2EBE8EB6BAD67B36DCF7E73589 ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
22:16:08.0016 0x1b6c usbccgp - ok
22:16:08.0047 0x1b6c [ 1C60A1A3C8E1E819E16F12BAEB1C83F8, E255BD173DBF091C5EA07381862E23C1FD761489EC396E312974FBC124E1F33A ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
22:16:08.0078 0x1b6c usbcir - ok
22:16:08.0141 0x087c Object send P2P result: true
22:16:08.0204 0x1b6c [ 9A3E39F85DC6E3B9F792F1095ACFF788, 66B8E137A5232E9F717907CFD49FE624AE101F4DE14E2960849DABF7A877E87A ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
22:16:08.0219 0x1b6c usbehci - ok
22:16:08.0266 0x1b6c [ 15FE07A404C8A0CD306661433027FFE4, 250C5B4624EF062C88F49DCFEA00BFF1771EFE8B095EC4F0B51C99BB3F80EC66 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
22:16:08.0297 0x1b6c usbhub - ok
22:16:08.0344 0x1b6c [ 7E51F2AD1D729F5CDBB6BE21CB58FEB7, 4C9CBC7BE52EE80E3734ACF9AA6FC106FBAA9AE15FCDACB7E5100ED5CC041E80 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
22:16:08.0375 0x1b6c USBHUB3 - ok
22:16:08.0516 0x1b6c [ 72EA850B59F40C25A4FEDDA5FE84EFEB, FB4801AA1FB72FC1C41024916368823E88D53E338640E3BEA865B0F0E7B8EE91 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
22:16:08.0547 0x1b6c usbohci - ok
22:16:08.0563 0x1b6c [ 47B2B2DE152E25546944049CA1170BB1, DDA0A806D3108B2475AB13F584EA8CE6F0932C5E394C2C3FA691DFAB8A2BCAC0 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
22:16:08.0578 0x1b6c usbprint - ok
22:16:08.0610 0x1b6c [ 1F72E1A7E1858B7B3FF81522FCEBDE95, 4FAD243DA73C45CD5CA5E50F824F30EF0DC777D83957FD21FF43D8C89EC15AAC ] usbser C:\WINDOWS\System32\drivers\usbser.sys
22:16:08.0641 0x1b6c usbser - ok
22:16:08.0657 0x1b6c [ CD35467670DF1E6FBF36DA308F0C872B, E1F4F9B1EBD476394CBD0C934842AEE2502B030D97351B0A1E751FF23B011B57 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
22:16:08.0672 0x1b6c USBSTOR - ok
22:16:08.0766 0x1b6c [ DFA92EA105DD1073B43FB210EEB03DD4, D940432458F0A04F5013B48197CEA0412C8A909C50605AA21DD08271C90E2FE3 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
22:16:08.0782 0x1b6c usbuhci - ok
22:16:08.0829 0x1b6c [ B1484D4BBC6B7B424F1CD1554B0AFB84, C9432978603360182AAA983248FFA97576B3C59BE5DA45473DFA17E2940479C8 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
22:16:08.0860 0x1b6c usbvideo - ok
22:16:08.0891 0x1b6c [ 0728504F9863774E56A54AE66C3F1E6B, 5BA3CC6D98A573AF10B56AF1748B39C83C92FC13E9D5CBF5B344C404A67D52DC ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
22:16:08.0907 0x1b6c USBXHCI - ok
22:16:08.0985 0x1b6c [ FD38DDBCC1699BAB0446B93C1245FE17, 0AADBE137FE4372C3FFF2E98CAB4522CBC16CA1CE9564FB3C53A896A1B4E6EC2 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
22:16:09.0063 0x1b6c UserDataSvc - ok
22:16:09.0125 0x1b6c [ E9E2B5FFBEFC2CDF14A6E55DD94CC823, A10C011835A65601B8FE3A30F361C224C60084A78085842ADCDA248047530CD1 ] UserManager C:\WINDOWS\System32\usermgr.dll
22:16:09.0172 0x1b6c UserManager - ok
22:16:09.0219 0x1b6c [ 0CFEA30C0217EE74FF853B2B0CC0BE6D, 1F0856D2D94F46D7B24B7EE18ED868C9EFAE972039D35D1FAA9058A12CF40493 ] UsoSvc C:\WINDOWS\system32\usocore.dll
22:16:09.0250 0x1b6c UsoSvc - ok
22:16:09.0266 0x1b6c [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] VaultSvc C:\WINDOWS\system32\lsass.exe
22:16:09.0282 0x1b6c VaultSvc - ok
22:16:09.0297 0x1b6c [ 26223003DDFB347B5CF3EC0B56DB066B, 78848BE1334C05F28FA431B08225EAE8345B2C66E7D677F9936892FC941EA961 ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
22:16:09.0313 0x1b6c vdrvroot - ok
22:16:09.0375 0x1b6c [ 0C3F4E7684C1D72E85A98689E65A98A1, F7928D3EFC1A83125887ADA5F8E008022B58F0DBA8A711B4D60975D8CE82B595 ] vds C:\WINDOWS\System32\vds.exe
22:16:09.0422 0x1b6c vds - ok
22:16:09.0438 0x1b6c [ A417284BC6B5C2EEF63F2C5154473530, 55146660CDDD829630C216038E6500CFAC906E67C82881047B665BFEEB286D10 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
22:16:09.0454 0x1b6c VerifierExt - ok
22:16:09.0516 0x1b6c [ 4C39C05A72EB14C0567501C7E087E564, D3DC122B7E4A5BD345517FE3A9E9E58CD3C78887F9F327AB782BADCAD0F8F2EB ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
22:16:09.0547 0x1b6c vhdmp - ok
22:16:09.0563 0x1b6c [ C42206A15078596FDE8E89BB629DE342, B95F9EC2413ADE658A7CE4A9BB57A0E125C29205C24BBB120153DACAF4CF9482 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
22:16:09.0579 0x1b6c vhf - ok
22:16:09.0610 0x1b6c [ 248D9F911A5C94CF8477125DD0C3A291, 418C7285184BCC9DE4E56175960585867A5DB21FEF761C49FF6F1AF1C07D8088 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
22:16:09.0625 0x1b6c vmbus - ok
22:16:09.0641 0x1b6c [ 3E98DD4E0CBD6B4F9CBD0E9E0EDF541E, 2B5CF364F4D1D3359FBEA8BB2E72A1FCE1277E8D893977B751D9AC10A27DF018 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
22:16:09.0657 0x1b6c VMBusHID - ok
22:16:09.0704 0x1b6c [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
22:16:09.0735 0x1b6c vmicguestinterface - ok
22:16:09.0750 0x1b6c [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
22:16:09.0782 0x1b6c vmicheartbeat - ok
22:16:09.0797 0x1b6c [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
22:16:09.0829 0x1b6c vmickvpexchange - ok
22:16:09.0844 0x1b6c [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
22:16:09.0875 0x1b6c vmicrdv - ok
22:16:09.0891 0x1b6c [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
22:16:09.0922 0x1b6c vmicshutdown - ok
22:16:09.0938 0x1b6c [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
22:16:09.0969 0x1b6c vmictimesync - ok
22:16:09.0985 0x1b6c [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicvmsession C:\WINDOWS\System32\ICSvc.dll
22:16:10.0016 0x1b6c vmicvmsession - ok
22:16:10.0032 0x1b6c [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
22:16:10.0047 0x1b6c vmicvss - ok
22:16:10.0079 0x1b6c [ 91F165C5D71D9DCB18D4661CF10D1084, 1D55C1FF0F5D860E6DB60EEFE303C0797C98BB0B053ECC255F9B316872288818 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
22:16:10.0094 0x1b6c volmgr - ok
22:16:10.0141 0x1b6c [ 17042748AC05862A0283D32575220080, A85B480CB969CB7678545D2A9EE99CBD2ADFF210FA016A43E092D0711FBB633D ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
22:16:10.0157 0x1b6c volmgrx - ok
22:16:10.0172 0x1b6c [ 823A237D871CD652C6BFD47BECB6810A, 99310521451CB54C29A5DEA54C3A666F95E2A1FF0979D5F9792885A161E90C65 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
22:16:10.0204 0x1b6c volsnap - ok
22:16:10.0235 0x1b6c [ 78727FA284C2095EED660D71CD3C9AEF, 323F0BD5A624DF77973F28C7CF31EC6B3A525496EBF063666623A62B1DB0EA65 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
22:16:10.0250 0x1b6c vpci - ok
22:16:10.0282 0x1b6c [ 2415961D561E02F5E46B7C1C687A6788, 68A54B9595A0D15D410D5F1656B6EBE3B913A4BA5F71C658C9B99420E6ED327A ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
22:16:10.0297 0x1b6c vsmraid - ok
22:16:10.0391 0x1b6c [ 16419CBDB04DB9FF298169AA93413822, 743AD26F08AF5EFF5DD353E75C3D659B10C3FEC2FEDABB76387B87721B5B98F8 ] VSS C:\WINDOWS\system32\vssvc.exe
22:16:10.0469 0x1b6c VSS - ok
22:16:10.0500 0x1b6c [ 6AE9A843AE979F2DCCA5A25C07C7A5F8, 3CEC26DE2EEC97929A0FBBD87FF75F8DC387C0988B2047074C8F069ACBEF2587 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
22:16:10.0516 0x1b6c VSTXRAID - ok
22:16:10.0547 0x1b6c [ BD232C761C59FA8D8EF626CA630E2D2E, E494EFDCE8F6343F49F33F1F03DCD5DEC9CB6F349B1AD302B4D3333B5F6BD8E5 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
22:16:10.0579 0x1b6c vwifibus - ok
22:16:10.0594 0x1b6c [ 3039687AB65CEE26CF478C1F42FFCD7D, 40E140C6F94B6203767A1493DF8CAE6BA1FB67FBD0C13789444F72410D0E6FF1 ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
22:16:10.0625 0x1b6c vwififlt - ok
22:16:10.0625 0x1b6c [ 37C868DDE3103130B00AD1313DAB5ACB, BF9C30817A3502F5C0673FD462B18FE1BF37963B29DF09D84B66BDCBF8ECBA81 ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys
22:16:10.0657 0x1b6c vwifimp - ok
22:16:10.0704 0x1b6c [ EC9B6544C569E8D7FAB91772BD7D23F2, 06CC5F21E9A9DD35099CB3E44C3E2BF2F944CE5B71284E6A85E1B681F12BD31B ] W32Time C:\WINDOWS\system32\w32time.dll
22:16:10.0735 0x1b6c W32Time - ok
22:16:10.0797 0x1b6c [ 9776E4816D92B766F461957FBDA84360, 048F6ADC97767AFAB50582D0AE1E67A15B038A1C02F7982A6AD30B61AC5C7369 ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll
22:16:10.0813 0x1b6c w3logsvc - ok
22:16:10.0860 0x1b6c [ F61FA0EDBE913DFCA0CF012FDD9E99EE, DE8685230D49F940640F400D2EC4F10E677AF6D57B3FAB0342AA98BEA779D6AD ] W3SVC C:\WINDOWS\system32\inetsrv\iisw3adm.dll
22:16:10.0891 0x1b6c W3SVC - ok
22:16:10.0938 0x1b6c [ FC40A7527D39F06D032A6553D22E4BF6, F572FCB5EB3DE16FD6222A5B6A43C81E3A1F838890667D9F0453F82FFCA772FF ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
22:16:10.0954 0x1b6c WacomPen - ok
22:16:11.0000 0x1b6c [ 2CFE8CBE358CC4D5715E010E3B13559F, 54E9BFCE202FA123EB261C226094054950429AAFA304AA714F461B003E070BD9 ] WalletService C:\WINDOWS\system32\WalletService.dll
22:16:11.0047 0x1b6c WalletService - ok
22:16:11.0079 0x1b6c [ E9E22E116F810DAC98C5EC207F24C916, C518DC57CECA5174E7695F5632555FA08571D5F3A7D6B0C295BA4221AEA67C04 ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:16:11.0094 0x1b6c wanarp - ok
22:16:11.0094 0x1b6c [ E9E22E116F810DAC98C5EC207F24C916, C518DC57CECA5174E7695F5632555FA08571D5F3A7D6B0C295BA4221AEA67C04 ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:16:11.0110 0x1b6c wanarpv6 - ok
22:16:11.0157 0x1b6c [ F61FA0EDBE913DFCA0CF012FDD9E99EE, DE8685230D49F940640F400D2EC4F10E677AF6D57B3FAB0342AA98BEA779D6AD ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll
22:16:11.0188 0x1b6c WAS - ok
22:16:11.0266 0x1b6c [ CF9EF65FA66B0F4982FD1FACAB3009B6, 681C1CD5DCAF87EF436B907534E98B0AB4F66BD62E46B8977A7880B854766A27 ] wbengine C:\WINDOWS\system32\wbengine.exe
22:16:11.0360 0x1b6c wbengine - ok
22:16:11.0407 0x1b6c [ 8F2B0ED6FCA72B34BEEA37E32D0EE106, A86C641A13FDF056B7BA13641551582199DDB08E9490003C74D999518B097C00 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
22:16:11.0454 0x1b6c WbioSrvc - ok
22:16:11.0516 0x1b6c [ A598CECB1834C9B1798D0D2CD1910F30, 6124F421C8D0AAC60A1F47DC4A3638934665E51852BC00BBE582F0CB89D844A8 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
22:16:11.0563 0x1b6c Wcmsvc - ok
22:16:11.0641 0x1b6c [ 8E7FD07D2C82ACBCA52C4100C20F6542, FB2CD88557ABB5EBE6555CD4E41BF4BDC6FE6BCF26288338F2FB034B966FCBD3 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
22:16:11.0672 0x1b6c wcncsvc - ok
22:16:11.0688 0x1b6c [ 9C776ED423CD03F8ABD54C2557E34416, 282C1208977070EC0280D5ABA0E03A847AEAEE31F35CDAA3C7A02D8477614EB1 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
22:16:11.0719 0x1b6c WcsPlugInService - ok
22:16:11.0766 0x1b6c [ C8BA574B3BA6AE88741AC86B1FE3C1DC, B2422CDE3A6A27B52D270D24298FF69D91D389C68456EC1805BA30AA59BAB839 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
22:16:11.0782 0x1b6c WdBoot - ok
22:16:11.0813 0x1b6c [ 796D1C95894BC15B3FEF090C107CBA31, 97917C543CBC13288F2194CB09C3A2759012B74F0D72DDB0896EF42C87348C6D ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
22:16:11.0844 0x1b6c Wdf01000 - ok
22:16:11.0875 0x1b6c [ C5BB7C612B4C852836BEA39593BA5F46, 1E2B123F34500C2A8E983AAAF7F14E409B88DC396A655F19F3E7F15D0C51A762 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
22:16:11.0891 0x1b6c WdFilter - ok
22:16:11.0938 0x1b6c [ 9E0442D3880438D006D95C6F63C27274, DB1ED2BCF9986495EFA8A0B3B0156119F2E4F77AE9BDC6377ADF3A6B53C658F6 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
22:16:11.0954 0x1b6c WdiServiceHost - ok
22:16:11.0954 0x1b6c [ 9E0442D3880438D006D95C6F63C27274, DB1ED2BCF9986495EFA8A0B3B0156119F2E4F77AE9BDC6377ADF3A6B53C658F6 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
22:16:11.0985 0x1b6c WdiSystemHost - ok
22:16:12.0047 0x1b6c [ 9B2039C5673EEBF1D4E34ABC0AFB88C7, BBC85546BD86B9027426DAF148194CFE992B80FF89311B28BE0BD82C88630E8C ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
22:16:12.0094 0x1b6c wdiwifi - ok
22:16:12.0125 0x1b6c [ BD193A7BD34B2E829FAF56306FEE3B09, ADD746D198E21242CEFA01840952B792074EFC473113CD3E7F1ABBA6A4E26AF6 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
22:16:12.0141 0x1b6c WdNisDrv - ok
22:16:12.0172 0x1b6c WdNisSvc - ok
22:16:12.0219 0x1b6c [ 6A3B5013D5C7840E8CABD63DD021C112, 371CCEEAC7816CFE79ACA8A218CDA16469D9567CB63CC9D18C55FF047011EF25 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:16:12.0250 0x1b6c WebClient - ok
22:16:12.0266 0x1b6c [ EED4043BC3C2D00067411730EE118354, 5E268DA4DB78C06D8F181E9408B4769F8A12C38DA52C1E986EE0CEE1101E9485 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
22:16:12.0282 0x1b6c Wecsvc - ok
22:16:12.0297 0x1b6c [ 6ECD7A49AFC6533821BEEA1876CEB21D, 2E972245F56F589EF1AB9DABB9214B9DE6E290878735476323A3357D8CDFC71F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
22:16:12.0313 0x1b6c WEPHOSTSVC - ok
22:16:12.0329 0x1b6c [ 09B434867028AF4895A87959EA668686, 26A7DB82E42DCBF3A77092D58AC6392754FD7C538B9EAAEFA88E9AF81DFE8E96 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
22:16:12.0360 0x1b6c wercplsupport - ok
22:16:12.0376 0x1b6c [ DE4E417B867841EE55114E588098B8D5, 878708C93FC1D919E2B9E1C5F94A0EAFC5F28BDAA58D3F29DEEDC8EC3F72D9ED ] WerSvc C:\WINDOWS\System32\WerSvc.dll
22:16:12.0407 0x1b6c WerSvc - ok
22:16:12.0407 0x1b6c wfpcapture - ok
22:16:12.0438 0x1b6c [ DBF5255B759212E5217A2748567A0B5C, 5E81A9289EC39702179038B686A35FADF9974651E74222F3354B4CBE919887B0 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
22:16:12.0454 0x1b6c WFPLWFS - ok
22:16:12.0485 0x1b6c [ 4CD8826BB8320741842A9E53E48AF2BC, 97B22D9DCD0FD31D3A801946173369B0E70B1850576682C8A8180874A61CAD1A ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
22:16:12.0501 0x1b6c WiaRpc - ok
22:16:12.0532 0x1b6c [ 4375BCBA419D19695CF566082CEF27D3, 6F86FA14B41A03F2BA51B8702F3D59B85FD488405601FA177495E4B7C576850D ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
22:16:12.0547 0x1b6c WIMMount - ok
22:16:12.0547 0x1b6c WinDefend - ok
22:16:12.0579 0x1b6c [ 037BC6DE5F58D4A74A5BB0C12DCECDCA, 92921A2615A41C434BADEB33594DABC166FC9418FBD311A3B2022410B14BFDAC ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
22:16:12.0594 0x1b6c WindowsTrustedRT - ok
22:16:12.0641 0x1b6c [ 70BCD70BD53F2FE660ED94B025A043EB, B23B96DCAB30C62CB1651B3A2292155AEE8217CE3120574F5158D5E7DA09DE56 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
22:16:12.0657 0x1b6c WindowsTrustedRTProxy - ok
22:16:12.0719 0x1b6c [ 8921ECEC2C7D1B1333D77325C60D3AEA, 67C6B6A92B34D99165B5591D0730322C31E967E599BA44924249BF5AD505C132 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
22:16:12.0782 0x1b6c WinHttpAutoProxySvc - ok
22:16:12.0813 0x1b6c [ 7792AE5403BF8975B6460DFC3428D129, D88F77E973D58C2CA629CC9249877A34ABF31CA1DC2A570666921A8A0DC8DEC7 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
22:16:12.0829 0x1b6c WinMad - ok
22:16:12.0907 0x1b6c [ 73B5230F03DC7002A70F11EA1B0BAA37, DFE8BBE52B58589686E402ACED51021E298A491F907EBA5689DF9DAFC3002BA5 ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:16:12.0954 0x1b6c Winmgmt - ok
22:16:13.0094 0x1b6c [ 2FE85D6AFF90F56A78743CC93B9CA684, B515765C4EE64E7EC16BD6AF037C084CCA6E81180AEF59E18F260406ABE6DF58 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
22:16:13.0251 0x1b6c WinRM - ok
22:16:13.0266 0x1b6c [ 811F30EB6EE8318C4171CB95AE30B9BD, 765F6BEA3D35D523B5D7ED7356EC0C97A48066A5C4D77C1E6EDAC6F220153385 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS
22:16:13.0282 0x1b6c WINUSB - ok
22:16:13.0313 0x1b6c [ DF00381AB8665D48DE3FF794BC6760AB, 749AC7048601061A34BFF507B574AF028FC662C0A98692E7331E667D105EC09D ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
22:16:13.0329 0x1b6c WinVerbs - ok
22:16:13.0422 0x1b6c [ 11F106F92BCE6521878066C8D374BE4E, 4D72D686B3D8EECCDA13F318CA84D8747337B1A3612E17B0A2D5F422AE7C05AA ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
22:16:13.0532 0x1b6c WlanSvc - ok
22:16:13.0626 0x1b6c [ 043048A604EC6642B30676AE27E728FA, 82A095873CFB9DAFE985EFBEAD74C46090A2B6BE5B380EAA194A036AD8D292A8 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
22:16:13.0719 0x1b6c wlidsvc - ok
22:16:13.0751 0x1b6c [ 623ED8E10DFEEAB7AE2CD11A0451DB79, 7DDE15F22FD24556D4765F6CFD0F8E2F27370A89A962919646DE2613B33D43D6 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
22:16:13.0751 0x1b6c WmiAcpi - ok
22:16:13.0797 0x1b6c [ B2BB87531C4127ED4120E9BF5566827F, 1DDC0F00F215D77D3698F81B56D4488F384E9D017267840EDFA4846742B99B6A ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
22:16:13.0829 0x1b6c wmiApSrv - ok
22:16:13.0860 0x1b6c WMPNetworkSvc - ok
22:16:13.0876 0x1b6c [ 78CA1FF6FE37EEFAFF99DD1C956AF60A, 883C7890C83BAB3B846A0C969D7B67031BD2EF65FA58A0620DD0CD1655C5B2C5 ] Wof C:\WINDOWS\system32\drivers\Wof.sys
22:16:13.0907 0x1b6c Wof - ok
22:16:14.0001 0x1b6c [ B2D8EDBBC339D903BF4073FF7A8D251E, 989F3B94F084720A094C89FD5AF02B5D5BCE5FB127F323E1ADA2890B6AAB3535 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
22:16:14.0094 0x1b6c workfolderssvc - ok
22:16:14.0126 0x1b6c [ 388F2A3C771B8BEE76FD1AAF9614D08E, C064EC6136CC20C4EE19C86E91CA071974933BB52C9EF8521DF4AFD060FED4A2 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
22:16:14.0141 0x1b6c wpcfltr - ok
22:16:14.0188 0x1b6c [ A6FCFE1F691B4A4D266F5D487FADB9FE, 2135D0C13C1295A2F76885E380CD72CB71CEB8E0D9F1C183A35935B27737D423 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
22:16:14.0204 0x1b6c WPDBusEnum - ok
22:16:14.0235 0x1b6c [ 37DCE976B3935380F2F6E39ABB6BF40D, B14E875F6D6503DF0DB6D9D2363316073AEEF394D830EA2270A0DCDA56E1CEC4 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
22:16:14.0251 0x1b6c WpdUpFltr - ok
22:16:14.0266 0x1b6c [ 80F0154FD4293E562D54E97811E03499, EDE920F7F95EFBE542FE3CE066B6F7CDE3B9A37DDF3411DC86EACE9EEF294C1D ] WpnService C:\WINDOWS\system32\WpnService.dll
22:16:14.0298 0x1b6c WpnService - ok
22:16:14.0329 0x1b6c [ 3CD22DD5A790CF7C24D65455E565EA83, 49DB06DF6F38940E7F8691C16586A78BB20E702FD48A34E50987C06B08BDF4DB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:16:14.0344 0x1b6c ws2ifsl - ok
22:16:14.0407 0x1b6c [ EBA916109A176714E6A7BD152387F13C, 7B38B1708B83271ADA8D1CEC7F5F0A75C7F2572185C0961EFC749D5DF16A03F0 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
22:16:14.0422 0x1b6c wscsvc - ok
22:16:14.0438 0x1b6c [ E392DFAF6D0DEFC812ECC727A61F91C5, C28B6CC8AD034157CE92C7F098A9C12ADED2769E6AF954A9AAD10CC0E811DD2A ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
22:16:14.0454 0x1b6c WSDPrintDevice - ok
22:16:14.0454 0x1b6c [ 0902C63D8C836EA4D0876FCD8D627701, 0173F83CF8DA9C6D40C64CE88BF1A40EB634008D3D48F74E4E3BBBB11F1CA8D1 ] WSDScan C:\WINDOWS\system32\DRIVERS\WSDScan.sys
22:16:14.0469 0x1b6c WSDScan - ok
22:16:14.0485 0x1b6c WSearch - ok
22:16:14.0610 0x1b6c [ 9EB85802AB625970E05879D15DE56335, B7DCE5E1924A5CEE76CC07FF3B8CEDBBD0DDBB4C4ED0A3BFB8D1ABCAD7C0AA23 ] WSService C:\WINDOWS\System32\WSService.dll
22:16:14.0751 0x1b6c WSService - ok
22:16:14.0860 0x1b6c [ A2C3482A6535792F5DD22C144261B170, 6C47BFD03E81C7998CF14AFC8CB850C2951D60FAFD4DB244AFBAF938F6A3B7AA ] wuauserv C:\WINDOWS\system32\wuaueng.dll
22:16:14.0985 0x1b6c wuauserv - ok
22:16:15.0032 0x1b6c [ 835F60262E7E310080EA05F6752BF248, 3010B731DF3D52B56EA16FD29B66F5D3AB9412E49CA4C547BAAECA3225C5DC40 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
22:16:15.0047 0x1b6c WudfPf - ok
22:16:15.0079 0x1b6c [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
22:16:15.0110 0x1b6c WUDFRd - ok
22:16:15.0141 0x1b6c [ 44CF3130AEC8914705487C4AEF756A19, 30B09E32DEC02141F9B99ED012E441056C1663A72E4130EF4221ECC0ED87BF4B ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
22:16:15.0157 0x1b6c wudfsvc - ok
22:16:15.0173 0x1b6c [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:16:15.0188 0x1b6c WUDFWpdFs - ok
22:16:15.0204 0x1b6c [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
22:16:15.0219 0x1b6c WUDFWpdMtp - ok
22:16:15.0282 0x1b6c [ E818494D2C23282CCAA4EB4C0FCCF138, 6F975AF4DECB39D09DA8945473C69ECD451AB83039742FFC95D839EA29827B90 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
22:16:15.0360 0x1b6c WwanSvc - ok
22:16:15.0422 0x1b6c [ 9BDC2AFCEF4CF1C630D728DE1DBD495A, 5CE19974380CCEC46C181315B349E9A7CE757E19118EC5978A2293D63268BA66 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
22:16:15.0469 0x1b6c XblAuthManager - ok
22:16:15.0532 0x1b6c [ 3EDB6162310EA223890C2DF44C68358B, 12053291809CA9C38A30EA4B2DE7115F535531F0925220C63B0312979F9CC707 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
22:16:15.0594 0x1b6c XblGameSave - ok
22:16:15.0626 0x1b6c [ 30021D1E0407B71E8D5D4F8DAE4E656A, EE2E366A1CC033C068176C7E9F876FFA0EF86A15A482B6964E170DE863CFF542 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
22:16:15.0657 0x1b6c xboxgip - ok
22:16:15.0719 0x1b6c [ 729B70C81F207541BC6A4ABAE3A8D594, 31F9BC41169D28B397C0D988C367C32FA9A95289E68AB8F38061DA478752A765 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
22:16:15.0798 0x1b6c XboxNetApiSvc - ok
22:16:15.0813 0x1b6c [ 6851673B90D8CB332439E0339F81A6B6, 4E95F1A63E6DD58BB5BD6FC1D9784837D5E6F5BCF870C7ECC92DCA1AF20B6A4C ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
22:16:15.0829 0x1b6c xinputhid - ok
22:16:15.0844 0x1b6c ================ Scan global ===============================
22:16:15.0907 0x1b6c [ C6BC6E49A7F76AA2BBA58CD08196755F, D02B6B285899E966D19323566A4780D51303D00E66674D7FF4B61991430A69A6 ] C:\WINDOWS\system32\basesrv.dll
22:16:15.0938 0x1b6c [ 70EC9717DC3A1CDF79C703A145E0E5B7, D5ABF42063DFF799FD4099D8A347256CC79B89582B987B3DEE240AFA5BA421BE ] C:\WINDOWS\system32\winsrv.dll
22:16:15.0985 0x1b6c [ F435AFA375ACBAEE44324DD464EDCC11, 815DE470439AE5D96348BEBF971A14FBDCA1D36F31CA0D25F69E5F41817D43D5 ] C:\WINDOWS\system32\sxssrv.dll
22:16:16.0032 0x1b6c [ BB3D8E1C108F7244613FF3993291A922, 1642AF23F200D46F54239C3BA743F1D5ADDC6A32D5F6481264D0C1D7F3E9D533 ] C:\WINDOWS\system32\services.exe
22:16:16.0048 0x1b6c [ Global ] - ok
22:16:16.0048 0x1b6c ================ Scan MBR ==================================
22:16:16.0063 0x1b6c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:16:17.0188 0x1b6c \Device\Harddisk0\DR0 - ok
22:16:17.0188 0x1b6c ================ Scan VBR ==================================
22:16:17.0204 0x1b6c [ 9A2424AED3302D542AF3B05C84FA9671 ] \Device\Harddisk0\DR0\Partition1
22:16:17.0204 0x1b6c \Device\Harddisk0\DR0\Partition1 - ok
22:16:17.0235 0x1b6c [ 4D01B62C77765A025D09F0B1AF486A28 ] \Device\Harddisk0\DR0\Partition2
22:16:17.0235 0x1b6c \Device\Harddisk0\DR0\Partition2 - ok
22:16:17.0235 0x1b6c ================ Scan generic autorun ======================
22:16:17.0688 0x1b6c [ 65E8545F1297CD83534C354A7BED1848, 19B3F3C17A335837454DC1851C6436D0BB2D8B1595AEB4DC71265FB20868B48F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
22:16:18.0188 0x1b6c RtHDVCpl - ok
22:16:18.0204 0x1b6c SmartFaceVWatcher - ok
22:16:18.0204 0x1b6c SynTPEnh - ok
22:16:18.0563 0x1b6c [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
22:16:18.0860 0x1b6c OneDriveSetup - ok
22:16:19.0126 0x1b6c [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
22:16:19.0407 0x1b6c OneDriveSetup - ok
22:16:19.0595 0x1b6c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe
22:16:19.0610 0x1b6c Google Update - ok
22:16:20.0141 0x1b6c [ FC9AC796ACCF950D202DB32B19684F15, 0BBA73C4B24A90141EDADD8B32949E714229F3F6DFA7B8860FD15BC3E2D69B9D ] C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
22:16:20.0735 0x1b6c MusicManager - detected UnsignedFile.Multi.Generic ( 1 )
22:16:23.0063 0x1b6c Object required for P2P: [ FC9AC796ACCF950D202DB32B19684F15 ] C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
22:16:25.0485 0x1b6c Object send P2P result: true
22:16:25.0485 0x1b6c Detect skipped due to KSN trusted
22:16:25.0485 0x1b6c MusicManager - ok
22:16:25.0626 0x1b6c [ F9387D080BF8566354CDB0445AB8F87B, 4EE5D4A15E2D3DF578FA0370449C0894166B1B2998B63D9F02A994845350B86A ] C:\Users\Staples\AppData\Local\Microsoft\OneDrive\OneDrive.exe
22:16:25.0642 0x1b6c OneDrive - ok
22:16:25.0939 0x1b6c [ 47DBCC66CF9A3DCEF2D42051431160D3, 5E99CB8333471E80590AED8CA139EF859AD617D1C7BD9406913A86016DCA08F6 ] C:\Program Files\CCleaner\CCleaner64.exe
22:16:26.0251 0x1b6c CCleaner Monitoring - ok
22:16:26.0298 0x1b6c [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0329 0x1b6c Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 - ok
22:16:26.0345 0x1b6c [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0360 0x1b6c Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64 - ok
22:16:26.0376 0x1b6c [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0407 0x1b6c Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 - ok
22:16:26.0423 0x1b6c [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0439 0x1b6c Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 - ok
22:16:26.0454 0x1b6c [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0485 0x1b6c Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64 - ok
22:16:26.0485 0x1b6c [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0517 0x1b6c Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64 - ok
22:16:26.0532 0x1b6c [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0548 0x1b6c Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 - ok
22:16:26.0564 0x1b6c [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
22:16:26.0595 0x1b6c Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64 - ok
22:16:26.0860 0x1b6c [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
22:16:27.0142 0x1b6c OneDriveSetup - ok
22:16:27.0157 0x1b6c Waiting for KSN requests completion. In queue: 10
22:16:28.0173 0x1b6c Waiting for KSN requests completion. In queue: 10
22:16:29.0189 0x1b6c Waiting for KSN requests completion. In queue: 10
22:16:30.0220 0x1b6c Win FW state via NFP2: enabled ( trusted )
22:16:32.0658 0x1b6c ============================================================
22:16:32.0658 0x1b6c Scan finished
22:16:32.0658 0x1b6c ============================================================
22:16:32.0658 0x03ac Detected object count: 0
22:16:32.0658 0x03ac Actual detected object count: 0
|
|
24.04.2016, 15:02
| #6 |
| /// TB-Ausbilder | Windows reagiert oft nicht. Fund durch Avira Servus, Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
24.04.2016, 18:36
| #7 |
| | Windows reagiert oft nicht. Fund durch Avira in MbaM waren noch alte Dateien in Quarantäne, nur mal als Anmerkung. Ignorieren? [CODE]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.5 (04.20.2016) Operating System: Windows 10 Home x64 Ran by Staples (Administrator) on 24.04.2016 at 19:23:53,82 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 4 Successfully deleted: C:\Users\Staples\AppData\Local\{74DC73EB-C25C-429C-A417-4CE4F93BFF05} (Empty Folder) Successfully deleted: C:\WINDOWS\SysWOW64\REN23CC.tmp (File) Successfully deleted: C:\WINDOWS\SysWOW64\sho302F.tmp (File) Successfully deleted: C:\WINDOWS\SysWOW64\shoE1C4.tmp (File) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24.04.2016 at 19:27:58,82 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [/CODE Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 24.04.2016 Suchlaufzeit: 18:30 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.04.24.05 Rootkit-Datenbank: v2016.04.17.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Staples Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 452439 Abgelaufene Zeit: 48 Min., 52 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 2 PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{76B30A95-2680-42E6-BC07-2AF24B1A6DF5}, In Quarantäne, [3d68d7db9cfdef477e32129c30d4d828], PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B430142D-9787-4A1B-A30D-853E4F5EA53C}, In Quarantäne, [2481aa086d2ccf67cd459418887c5ba5], Registrierungswerte: 3 PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{76B30A95-2680-42E6-BC07-2AF24B1A6DF5}|Path, \HDvid Codec V1-enabler, In Quarantäne, [3d68d7db9cfdef477e32129c30d4d828] PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B430142D-9787-4A1B-A30D-853E4F5EA53C}|Path, \HDvid Codec V1-codedownloader, In Quarantäne, [2481aa086d2ccf67cd459418887c5ba5] PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|HDvid Codec V1-bg.exe, 8000, In Quarantäne, [e8bde0d2b5e445f126886a444fb5bc44] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.112 - Bericht erstellt am 24/04/2016 um 18:18:23
# Aktualisiert am 17/04/2016 von Xplode
# Datenbank : 2016-04-24.2 [Server]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Staples - STAPLES-TOSH
# Gestartet von : C:\Users\Staples\Desktop\AdwCleaner_5.112.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht : HKCU\Software\Mail.Ru
[-] Schlüssel gelöscht : HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Schlüssel gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [2448 Bytes] - [24/04/2016 18:18:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [2554 Bytes] - [24/04/2016 18:15:41]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2594 Bytes] ##########
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Staples (Administrator) auf STAPLES-TOSH (24-04-2016 19:29:19)
Gestartet von C:\Users\Staples\Desktop
Geladene Profile: Staples & (Verfügbare Profile: Staples & DefaultAppPool)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [Google Update] => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [MusicManager] => C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [583680 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MusicManager] => C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [583680 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk [2016-02-29]
ShortcutTarget: Warkeys Update.lnk -> C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
BootExecute: autocheck autochk /p \??\C:autocheck autochk /m /P \Device\HarddiskVolume2autocheck autochk /m /f \Device\HarddiskVolume2autocheck autochk *
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{214a7604-97a2-44e4-9116-57a232caae45}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e151f280-f994-498c-b104-4491eea55f73}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
SearchScopes: HKLM -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {4FEE286E-218C-4BF0-B386-BA499B29169B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {D1F998F5-B874-47D1-BDDD-B50E44A73288} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4FEE286E-218C-4BF0-B386-BA499B29169B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D1F998F5-B874-47D1-BDDD-B50E44A73288} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857
FF DefaultSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-31] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-31] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857\searchplugins\bildde.xml [2015-12-13]
FF Extension: Adblock Plus - C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-25]
Chrome:
=======
CHR Profile: C:\Users\Staples\AppData\Local\Google\Chrome\User Data\default
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-17] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-08-02] (Broadcom Corporation.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-17] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-08-02] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
S3 MWAC; \??\C:\WINDOWS\SysWOW64\drivers\ [0 ] () <==== ACHTUNG (Null Byte Datei/Ordner)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-08-20] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-08-02] (Toshiba Corporation)
U5 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [212072 2009-09-24] (TOSHIBA CORPORATION)
U5 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [50664 2009-06-19] (TOSHIBA Corporation)
U5 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [94336 2009-06-19] (TOSHIBA Corporation.)
U5 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [63856 2009-08-05] (TOSHIBA Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-24 19:29 - 2016-04-24 19:31 - 00025185 _____ C:\Users\Staples\Desktop\FRST.txt
2016-04-24 19:27 - 2016-04-24 19:28 - 00000846 _____ C:\Users\Staples\Desktop\JRT.txt
2016-04-24 19:21 - 2016-04-24 19:23 - 01610008 _____ (Malwarebytes) C:\Users\Staples\Desktop\JRT.exe
2016-04-24 19:21 - 2016-04-24 19:21 - 00002204 _____ C:\Users\Staples\Desktop\mbam.txt
2016-04-24 19:19 - 2016-04-24 19:19 - 00016148 _____ C:\WINDOWS\system32\STAPLES-TOSH_Staples_HistoryPrediction.bin
2016-04-24 18:29 - 2016-04-24 18:29 - 00001182 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-24 18:27 - 2016-04-24 18:27 - 22851472 _____ (Malwarebytes ) C:\Users\Staples\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-24 18:24 - 2016-04-24 18:24 - 00002712 _____ C:\Users\Staples\Desktop\AdwCleaner[C1].txt
2016-04-24 18:15 - 2016-04-24 18:18 - 00000000 ____D C:\AdwCleaner
2016-04-24 18:14 - 2016-04-24 18:15 - 03683904 _____ C:\Users\Staples\Desktop\AdwCleaner_5.112.exe
2016-04-24 18:05 - 2016-04-24 18:05 - 00001090 _____ C:\Users\Public\Desktop\Mumble.lnk
2016-04-24 18:05 - 2016-04-24 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2016-04-24 18:05 - 2016-04-24 18:05 - 00000000 ____D C:\Program Files (x86)\Mumble
2016-04-24 14:39 - 2016-04-24 14:41 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-23 22:15 - 2016-04-23 22:24 - 00270208 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_22.15.24_log.txt
2016-04-23 22:07 - 2016-04-23 22:13 - 00270208 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_22.07.52_log.txt
2016-04-23 22:06 - 2016-04-23 22:07 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Staples\Desktop\tdsskiller.exe
2016-04-23 22:03 - 2016-04-24 19:29 - 00000000 ____D C:\FRST
2016-04-23 22:02 - 2016-04-23 22:03 - 02375680 _____ (Farbar) C:\Users\Staples\Desktop\FRST64.exe
2016-04-19 00:09 - 2016-04-19 00:09 - 00000000 ____D C:\Users\Staples\Documents\Diablo II
2016-04-19 00:07 - 2016-04-19 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-04-18 23:25 - 2016-04-18 23:25 - 02771704 _____ (Blizzard Entertainment) C:\Users\Staples\Downloads\Downloader_Diablo2_deDE.exe
2016-04-18 23:12 - 2016-04-18 23:13 - 02689174 _____ (Blizzard Entertainment) C:\Users\Staples\Downloads\Downloader_Diablo2_Lord_of_Destruction_deDE.exe
2016-04-15 20:41 - 2016-04-15 20:41 - 00000017 _____ C:\WINDOWS\SysWOW64\shortcut_ex.dat
2016-04-12 21:11 - 2016-04-15 20:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-08 21:43 - 2016-04-08 21:43 - 00016622 _____ C:\Users\Staples\Documents\Sobri.odt
2016-04-03 07:37 - 2016-04-03 07:37 - 00275040 _____ C:\WINDOWS\Minidump\040316-38109-01.dmp
2016-03-28 20:14 - 2016-03-28 20:14 - 00000000 ____D C:\Users\Staples\AppData\Local\Steam
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-24 19:19 - 2010-10-31 01:15 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BE5EF183-990B-42DC-8793-FA5A454ADFA0}
2016-04-24 18:40 - 2014-08-15 21:33 - 00049536 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\agremove.exe
2016-04-24 18:39 - 2015-08-02 01:59 - 00017920 _____ C:\WINDOWS\system32\rpcnetp.exe
2016-04-24 18:39 - 2014-08-04 23:59 - 00001154 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA.job
2016-04-24 18:34 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-24 18:33 - 2016-01-10 22:13 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-24 18:30 - 2015-08-27 21:00 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-24 18:29 - 2015-08-27 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-04-24 18:29 - 2015-08-27 21:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-04-24 18:23 - 2016-01-10 22:13 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-24 18:21 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-24 18:19 - 2015-07-10 11:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-24 18:18 - 2015-08-02 02:11 - 00000000 ____D C:\Users\Staples
2016-04-24 18:15 - 2014-01-18 21:17 - 00000000 ____D C:\Users\Staples\AppData\Roaming\Mumble
2016-04-24 18:13 - 2014-01-18 21:26 - 00000000 ____D C:\Users\Staples\AppData\Local\Battle.net
2016-04-24 14:44 - 2015-12-12 21:58 - 00000000 ____D C:\WINDOWS\Panther
2016-04-24 10:38 - 2014-01-01 11:54 - 00000000 ___RD C:\Users\Staples\Desktop\Programme
2016-04-24 10:37 - 2014-01-01 11:54 - 00000000 ____D C:\Users\Staples\Desktop\Spiele
2016-04-24 10:33 - 2014-07-05 10:58 - 00000000 ____D C:\Users\Staples\Documents\JTP
2016-04-23 23:36 - 2014-01-18 21:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-23 20:39 - 2014-08-04 23:59 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core.job
2016-04-23 16:06 - 2014-01-18 21:34 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-04-23 15:52 - 2014-07-22 18:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-23 10:42 - 2014-12-08 22:53 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-04-22 21:51 - 2015-08-02 03:25 - 00002400 _____ C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-22 21:51 - 2015-08-02 03:25 - 00000000 ___RD C:\Users\Staples\OneDrive
2016-04-22 20:04 - 2015-08-02 02:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-22 15:46 - 2015-08-24 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-20 12:16 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-19 00:14 - 2011-09-22 17:56 - 00000618 _____ C:\BnetLog.txt
2016-04-19 00:09 - 2010-10-29 17:20 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-04-16 22:27 - 2010-11-01 16:50 - 00000000 ____D C:\Users\Staples\AppData\Roaming\TS3Client
2016-04-15 20:39 - 2013-12-27 17:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 23:02 - 2013-08-15 01:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 22:56 - 2010-10-31 19:28 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-11 17:51 - 2015-08-02 02:09 - 00007412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-11 17:51 - 2015-07-10 18:34 - 01165958 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-11 17:51 - 2015-07-10 18:34 - 00279796 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-06 20:32 - 2015-07-10 13:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-03 07:37 - 2015-08-02 17:39 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-31 22:57 - 2012-12-25 11:58 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-31 20:28 - 2012-12-25 11:58 - 00003876 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-30 20:47 - 2014-12-27 00:56 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-03-28 21:07 - 2014-07-22 19:35 - 00000000 ____D C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2010-10-31 19:55 - 2010-10-31 19:55 - 0000095 _____ () C:\Users\Staples\AppData\Local\fusioncache.dat
2014-08-01 23:59 - 2014-08-01 23:59 - 0016958 _____ () C:\Users\Staples\AppData\Local\gem.ico
2014-08-01 23:59 - 2014-08-01 23:59 - 0127112 _____ () C:\Users\Staples\AppData\Local\mybet.ico
2014-03-29 01:34 - 2014-11-18 20:59 - 0007607 _____ () C:\Users\Staples\AppData\Local\Resmon.ResmonCfg
2014-06-17 15:35 - 2014-06-17 15:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-11-02 12:45 - 2010-11-02 12:45 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-12-07 00:47 - 2015-12-07 00:47 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Einige Dateien in TEMP:
====================
C:\Users\Staples\AppData\Local\Temp\avgnt.exe
C:\Users\Staples\AppData\Local\Temp\libeay32.dll
C:\Users\Staples\AppData\Local\Temp\msvcr120.dll
C:\Users\Staples\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-18 23:41
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Staples (2016-04-24 19:32:07)
Gestartet von C:\Users\Staples\Desktop
Windows 10 Home (X64) (2015-08-02 01:20:32)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1502668225-1892257724-3303000117-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1502668225-1892257724-3303000117-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-1502668225-1892257724-3303000117-503 - Limited - Disabled)
Gast (S-1-5-21-1502668225-1892257724-3303000117-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1502668225-1892257724-3303000117-1002 - Limited - Enabled)
Staples (S-1-5-21-1502668225-1892257724-3303000117-1000 - Administrator - Enabled) => C:\Users\Staples
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0315.1050.17562 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM\...\Steam App 30) (Version: - Valve)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Haushaltsbuch 5.0 (HKLM-x32\...\{0E6C1531-9546-4153-9D88-689519385319}) (Version: 5.0 - Euchler Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{E7A3B455-76AD-423A-AE5E-F431C69BF2B0}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.3.0 (HKLM-x32\...\{9B95B20A-324C-4FEE-AF12-24F0CF0D2580}) (Version: 1.3.0 - The Mumble Developers)
Music Manager (HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\MusicManager) (Version: - Google, Inc.)
Music Manager (HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MusicManager) (Version: - Google, Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.7-279 - myphotobook GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - Ihr Firmenname)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}) (Version: 3.30 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Warkeys 1.21.0.0b (HKLM-x32\...\Warkeys) (Version: 1.21.0.0b - )
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2A7B3111-CA95-4031-AEBE-F8E78F591055} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {2D34A571-4CEC-421F-9378-CFB7FBCD5780} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {34AE0563-2C0C-441F-B688-908CC3065303} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {34BF107D-76F5-45AD-A9DD-3313F342FAE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {374703C8-047E-458E-A707-64ED95105CB7} - \HDvid Codec V1-updater -> Keine Datei <==== ACHTUNG
Task: {37522DE3-CD46-4659-A0FA-9ACA2B27868A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {388D3AC4-01BA-4663-9003-C0F3B7DDCF9A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {38F102F6-73BF-4552-A978-F529AEB166D0} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {3914F8FB-D065-44BA-ADFB-A266017A2A98} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {3D1F5DB5-186F-4BDE-87AD-C24E5576C1B2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3D46462C-CD47-4D47-B630-A827F78431E1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {452475D1-F5A5-4BD8-9CCE-824B69FBFA48} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {4A2F2C6C-B346-4172-8DD1-E64DE3FD24AA} - \ConfigFree Startup Programs -> Keine Datei <==== ACHTUNG
Task: {53BD5C85-07E8-4A3B-975B-CF63B0078021} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {54FC8C20-F3B3-405F-B5D3-2C297BCBBB95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {55A71768-B655-420A-B641-74DC7784B873} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {567F5A78-2F13-44C0-8F13-EFD9C5A76050} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {57CFA2A7-4180-456B-BF8A-A1CAC6D0FF5F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {5EC10D66-F719-4668-86C7-4CE76079A0C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {600A2786-3EDA-4639-B8CF-19A96B5D463D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-18] (Adobe Systems Incorporated)
Task: {6F9C441D-CCCA-4CE0-8F2C-E9C5111740C5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {71459263-08A6-43E0-B086-911E2AA8F233} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {7998CF8D-D393-41ED-8499-9424214EAD15} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {8350377D-88D4-4A82-8581-C3E3F5D702E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {8AF38B8A-F573-4FD1-97FA-34C76E69408F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {94D7DAC8-D08B-4E54-AA90-4E816D264D74} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {A0E8D8A4-582C-4A2F-90CC-FF163157F9ED} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A5B4F7AE-FD38-41D1-8867-3A682AAF3F4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {AA6B7129-EF76-4BCC-A791-2011AD059DF1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AC9AFF9F-874B-4DC6-9A2E-37AE14FDBEC6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B02C24DE-42E0-45C3-8DCB-74F600BF51FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {B28A4DF6-2185-42D2-B0A7-E0B90985A4F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B45B70A8-461A-4044-88D2-DAAE989E045A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {C1F73BFD-54A2-4477-9E0C-9757930AD47E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {C2F99E66-9961-453E-AE82-927BB96932A5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C9E936DA-9486-4A23-8FF0-225CEA97CB40} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {CA3E81D8-FC27-43E9-B52B-E784F76687EE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CF2FA2FF-1A46-4DE6-A460-C662304D48B7} - System32\Tasks\{428DD254-78FD-48CF-AFB3-2C3E7F513096} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="2M02-K09C-4652-C94K-5T44-HAM6-KX7M-078A-3X3C-L9TT-2W5U-821H-1C12-9810-A291-0000"
Task: {D98728C8-1886-465A-8839-A6CA5519CD38} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {DB99FD54-021F-4A44-BD01-3FEB47A1DD02} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DBBE0970-979F-4DAD-BEBD-1871B5B13953} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {E450177C-00C7-42B1-B73D-9D3E38CA19D2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {EBB5871C-28D0-44B3-81EE-11DC19349E85} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {ECBB05AA-0B80-470E-9367-AE7504FB3970} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-31] (Adobe Systems Incorporated)
Task: {F107F1CF-52E4-4871-959E-200C438020FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FD9D15E4-1BE1-4205-A2A6-8D415DA064B9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core.job => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA.job => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-08-02 02:52 - 2015-08-02 02:52 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-02 02:52 - 2015-08-02 02:52 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2010-04-06 14:53 - 2010-04-06 14:53 - 00578936 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2015-08-05 22:14 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-05 22:14 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-22 21:51 - 2016-04-22 21:51 - 00959176 _____ () C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-11 22:14 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-11 22:14 - 2015-08-03 03:08 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-11 22:14 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [125]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [1792]
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys [1792]
AlternateDataStreams: C:\Users\Staples\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\AppData\Local\Verlauf:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\Documents\desktop.ini:gs5sys [3074]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2015-07-29 09:43 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Staples\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Staples\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Mobile Partner. RunOuc => 2
MSCONFIG\Services: rpcnet => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
MSCONFIG\startupfolder: C:^Users^Staples^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Battle.net.lnk => C:\Windows\pss\Battle.net.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GameXN GO => "C:\ProgramData\GameXN\GameXNGO.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP ENVY 4500 series (NET) => "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3CA2Q7BT060F:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: MusicManager => "C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{DAB9098E-BCC6-43EA-914C-180FB28B1190}C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe
FirewallRules: [TCP Query User{251DD3FB-685E-4277-A791-97947ED3BBDC}C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe
FirewallRules: [{463D4E6D-28F7-4D94-A1EF-2AE3B45CC574}] => (Allow) C:\Program Files (x86)\Diablo 3\StarCraft II\StarCraft II.exe
FirewallRules: [{AE158F70-72C1-46F9-BA84-33C2EA6B3B3A}] => (Allow) C:\Program Files (x86)\Diablo 3\StarCraft II\StarCraft II.exe
FirewallRules: [{1DF298B3-BCA9-4322-BF0D-7E7A8D0411B3}] => (Allow) C:\Program Files (x86)\Diablo 3\Hearthstone\Hearthstone.exe
FirewallRules: [{6BE7CCFD-90A5-47A6-98C0-D94F8828BEFE}] => (Allow) C:\Program Files (x86)\Diablo 3\Hearthstone\Hearthstone.exe
FirewallRules: [UDP Query User{43046A62-F0A0-4B78-BC6D-73F1B01E7651}C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{87291E13-B742-4A4A-AED6-D08F55710435}C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [{BFE6636C-05E2-496D-83EB-354A37E72F72}] => (Allow) E:\FSetup.exe
FirewallRules: [{2F6F6651-43F1-45FE-8A9C-14AE9E829319}] => (Allow) E:\FSetup.exe
FirewallRules: [UDP Query User{E0D19048-7F9B-4F6A-91B7-1590A722B9B4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{78FCE144-CD62-460B-AA88-D6AC01C7055B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{5A874BB2-6927-4F44-AE2F-4E3EA3A92D8D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F3921869-22F6-48EA-8FA0-2065F05EEE26}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C309552C-6031-4C74-8CFE-268AFE41FC91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F516593-A61A-4EBB-8DC7-9D4BD3A6339A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7CAD7E71-0BD5-4A7C-9DBB-A1066D3C6A25}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{6DC5F174-9CCB-4632-AF90-D738CD1E5594}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{076E4404-43AE-4B3E-91B4-D17DA167A4E9}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{79128DD4-E18B-4A1D-A061-2F0ACB0A4CBE}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{A5C16E36-0195-4CE1-AB02-693C5900B83E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BAE76957-0503-40B0-B2F3-8B0C9CBCBD4E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{33236DBE-44A0-48ED-91AF-01B34211077E}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{D07EA77B-DED6-4010-99C5-BFA6E53C158F}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BCC5A689-B1ED-412A-B131-C003122C2F5C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D90623C6-113B-469F-B20E-6667CFCCBBE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5CF2A2CE-FC1A-4BA6-B8D6-CA8ED53E2855}] => (Allow) LPort=1900
FirewallRules: [{BDA74D07-EE95-44EB-BCA8-DAE09A7C4185}] => (Allow) LPort=7900
FirewallRules: [{3FF958D2-792D-4E41-945D-DFF5316E9344}] => (Allow) LPort=24234
FirewallRules: [{52C311B7-95FA-42CF-A667-B353CFF3CE01}] => (Allow) LPort=7679
FirewallRules: [{1564CB85-C992-4B74-B414-6CB4ED63B1FF}] => (Allow) LPort=7676
FirewallRules: [{05B80B2B-64CA-4120-AED3-FDC1C63268F8}] => (Allow) LPort=8643
FirewallRules: [{94C5872C-096D-45FE-A386-A704F37CCD41}] => (Allow) LPort=8743
FirewallRules: [{85D1FCA6-5AAE-40ED-BC8A-661A80BB825C}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0CDCC238-9293-4960-A01E-ADBC24DE2426}] => (Allow) LPort=5357
FirewallRules: [{E6C70617-CBAC-4EAE-8821-ED72246690C8}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{7A11A418-B75D-4C52-96DA-9CA4B8DD999A}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{E81E2219-DCB7-40E3-9C0B-65EE6AB363AF}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{4B2CDB83-6F00-4483-9EC4-5DDEA19FA0AB}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{820B410A-B60B-46BC-B15D-A930CEC2752A}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{1A50E5AF-C87D-4180-9BDD-1356CD48961F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{262DE6E1-3D09-4960-B0BD-452E77ED4E4B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{1886E3CF-BBAA-45BA-BDBF-DF68C5649FDA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{622BAA4C-8B46-4565-B206-E2786189BFCA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6389EC2A-ABC7-46A4-B4B6-79C2FEC0B024}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{16313845-2B0C-4CF9-A3A4-19C03180546F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{DD06D80F-7ACB-4661-8F85-699B83430D5A}] => (Allow) LPort=1900
FirewallRules: [{D6471186-80C3-43C1-84E3-742026E8539C}] => (Allow) LPort=2869
FirewallRules: [{70392273-5556-4955-B447-E97E32091F68}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{84DDAC82-808E-4E2D-9789-A52F53C0D4DC}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe
FirewallRules: [TCP Query User{50C46697-1E82-4C15-9E29-B1A32888100E}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe
FirewallRules: [UDP Query User{E5048485-2062-4C31-AC52-00DCEC838ACB}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe
FirewallRules: [TCP Query User{23A89A76-ED93-43B5-8B46-17A9B4C72C2F}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe
FirewallRules: [{974C9DC9-9006-4816-8119-CA81896AAA61}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{17EB269A-3379-47DF-B6B9-9499EA3D64DD}] => (Allow) svchost.exe
FirewallRules: [{AC3A1281-9F11-429D-ADFD-D6D233994896}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{485D1D0E-997B-4638-B1CF-57A62F63A6FD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{04E04B5C-DE15-460A-914A-A5B081BD09C2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9BE9D350-3FA7-420B-AAD5-56F5F27AB135}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DEF5B45F-AF3C-4AB4-891C-F2C91B263928}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{05C1E0E9-3DEA-440C-BD56-17C383E892B5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E52537E4-F94C-4C42-B831-1F656622A8CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7BF7CD7-6A47-4FC6-AFFF-7A8DB6844C2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5A860695-8579-416A-A287-40C07810B5BE}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe
FirewallRules: [UDP Query User{6B00BD4E-D83B-4199-BF07-A93E703B642B}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe
FirewallRules: [TCP Query User{6081101E-1662-45E3-97DC-A46F1856706C}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe
FirewallRules: [UDP Query User{92F466A6-9A25-459E-82D3-C6D2B2AC43C1}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe
FirewallRules: [TCP Query User{839A40D7-5698-45A5-AEC4-E880FC49092E}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{BB8B1D12-AAE0-4DE7-98E5-ED54A144FDB6}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{5A85E686-28AD-40A9-AD95-0AB1053FAB9C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{9056D4F4-F01C-40EA-B5C0-325981AD555C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{075F0F34-0735-46B8-8665-55A38DCBB6F4}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe
FirewallRules: [UDP Query User{C75B5420-C5D6-4C49-A150-E68C2BB76418}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe
FirewallRules: [TCP Query User{31F80D6F-AEF1-4457-819E-786C7090118D}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{C0F385F3-870D-4B35-AAB2-F5D43D48C33C}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{EE979479-45C4-459C-887E-C2E698DF3D85}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{E04E306A-36DD-459B-ABEC-3D2B65388F3A}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{D5BBB418-E1FF-4F0D-808F-03F8C93F1389}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4781C4DA-2B16-4012-875F-A5E91EA891F3}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{F4E51C64-B712-4C49-8607-2D1F80E314F6}C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe
FirewallRules: [UDP Query User{1E67D163-DC92-4131-9178-206AA862968B}C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe
FirewallRules: [TCP Query User{91008239-45AF-45C7-876E-C2CC8F1AECD9}C:\users\staples\downloads\downloader_diablo2_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_dede.exe
FirewallRules: [UDP Query User{08768379-FEF5-42D1-BB62-FDB41C2153A0}C:\users\staples\downloads\downloader_diablo2_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_dede.exe
==================== Wiederherstellungspunkte =========================
24-04-2016 19:23:54 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/24/2016 07:24:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (04/24/2016 07:00:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x770
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5
Error: (04/24/2016 06:32:05 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (04/24/2016 06:25:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "퀀뀀붵⼭뛖祱๔퀀궵ଯ쿞擩ᑊ䀴ⶥਫ裛". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (04/24/2016 06:05:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (04/24/2016 04:19:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0xcec
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5
Error: (04/24/2016 04:04:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x414
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5
Error: (04/24/2016 03:53:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x1214
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5
Error: (04/24/2016 02:52:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAPLES-TOSH)
Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/24/2016 02:38:44 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Product: Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) -- System must be eligible for MS DVD License
Systemfehler:
=============
Error: (04/24/2016 07:24:43 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: WINDOWS\Device\HarddiskVolumeShadowCopy33
Error: (04/24/2016 06:29:46 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung erkannt.
Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x100000004ba46. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".
Error: (04/24/2016 06:28:44 PM) (Source: volsnap) (EventID: 14) (User: )
Description: Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen.
Error: (04/24/2016 06:27:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/24/2016 06:21:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (04/24/2016 06:21:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/24/2016 06:20:10 PM) (Source: Application Popup) (EventID: 877) (User: )
Description: DATABASE OPEN FAILED
Error: (04/24/2016 06:19:45 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: C:\Device\HarddiskVolume23
Error: (04/24/2016 06:18:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/24/2016 06:18:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _Session1" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2016-03-17 00:34:13.874
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-14 08:44:09.391
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-11 22:12:58.712
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-06 16:59:53.713
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-01 23:08:44.158
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-28 21:20:12.104
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-26 16:56:32.380
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-23 20:21:56.876
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-23 09:00:54.734
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-23 09:00:54.718
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Prozentuale Nutzung des RAM: 43%
Installierter physikalischer RAM: 3954.67 MB
Verfügbarer physikalischer RAM: 2215.16 MB
Summe virtueller Speicher: 7922.67 MB
Verfügbarer virtueller Speicher: 6053.52 MB
==================== Laufwerke ================================
Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:43.16 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:145.24 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 40D49AEE)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
25.04.2016, 15:38
| #8 |
| /// TB-Ausbilder | Windows reagiert oft nicht. Fund durch Avira Servus, wir entfernen die letzten Reste und kontrollieren nochmal alles.  Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
Task: {2D34A571-4CEC-421F-9378-CFB7FBCD5780} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {374703C8-047E-458E-A707-64ED95105CB7} - \HDvid Codec V1-updater -> Keine Datei <==== ACHTUNG
Task: {452475D1-F5A5-4BD8-9CCE-824B69FBFA48} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {4A2F2C6C-B346-4172-8DD1-E64DE3FD24AA} - \ConfigFree Startup Programs -> Keine Datei <==== ACHTUNG
Task: {54FC8C20-F3B3-405F-B5D3-2C297BCBBB95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {567F5A78-2F13-44C0-8F13-EFD9C5A76050} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {71459263-08A6-43E0-B086-911E2AA8F233} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {8350377D-88D4-4A82-8581-C3E3F5D702E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A5B4F7AE-FD38-41D1-8867-3A682AAF3F4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {B02C24DE-42E0-45C3-8DCB-74F600BF51FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {B45B70A8-461A-4044-88D2-DAAE989E045A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {C1F73BFD-54A2-4477-9E0C-9757930AD47E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {C9E936DA-9486-4A23-8FF0-225CEA97CB40} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 4
Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
25.04.2016, 21:37
| #9 |
| | Windows reagiert oft nicht. Fund durch AviraCode:
ATTFilter
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Staples (2016-04-25 22:30:03)
Gestartet von C:\Users\Staples\Desktop
Windows 10 Home (X64) (2015-08-02 01:20:32)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1502668225-1892257724-3303000117-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1502668225-1892257724-3303000117-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-1502668225-1892257724-3303000117-503 - Limited - Disabled)
Gast (S-1-5-21-1502668225-1892257724-3303000117-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1502668225-1892257724-3303000117-1002 - Limited - Enabled)
Staples (S-1-5-21-1502668225-1892257724-3303000117-1000 - Administrator - Enabled) => C:\Users\Staples
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0315.1050.17562 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat (HKLM\...\Steam App 30) (Version: - Valve)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Haushaltsbuch 5.0 (HKLM-x32\...\{0E6C1531-9546-4153-9D88-689519385319}) (Version: 5.0 - Euchler Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{E7A3B455-76AD-423A-AE5E-F431C69BF2B0}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Jewel Quest II (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.5.0 - Kobo Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.3.0 (HKLM-x32\...\{9B95B20A-324C-4FEE-AF12-24F0CF0D2580}) (Version: 1.3.0 - The Mumble Developers)
Music Manager (HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\MusicManager) (Version: - Google, Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.7-279 - myphotobook GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.22C - Ihr Firmenname)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.09.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}) (Version: 3.30 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Warkeys 1.21.0.0b (HKLM-x32\...\Warkeys) (Version: 1.21.0.0b - )
WildTangent-Spiele (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WinAce Archiver (HKLM-x32\...\WinAce Archiver) (Version: 2.69 - e-merge GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2A7B3111-CA95-4031-AEBE-F8E78F591055} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {34AE0563-2C0C-441F-B688-908CC3065303} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {34BF107D-76F5-45AD-A9DD-3313F342FAE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {37522DE3-CD46-4659-A0FA-9ACA2B27868A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {388D3AC4-01BA-4663-9003-C0F3B7DDCF9A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {38F102F6-73BF-4552-A978-F529AEB166D0} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {3914F8FB-D065-44BA-ADFB-A266017A2A98} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {3D1F5DB5-186F-4BDE-87AD-C24E5576C1B2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3D46462C-CD47-4D47-B630-A827F78431E1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {53BD5C85-07E8-4A3B-975B-CF63B0078021} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {55A71768-B655-420A-B641-74DC7784B873} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {57CFA2A7-4180-456B-BF8A-A1CAC6D0FF5F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {5EC10D66-F719-4668-86C7-4CE76079A0C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {600A2786-3EDA-4639-B8CF-19A96B5D463D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-18] (Adobe Systems Incorporated)
Task: {6F9C441D-CCCA-4CE0-8F2C-E9C5111740C5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7998CF8D-D393-41ED-8499-9424214EAD15} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {8AF38B8A-F573-4FD1-97FA-34C76E69408F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.)
Task: {94D7DAC8-D08B-4E54-AA90-4E816D264D74} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {A0E8D8A4-582C-4A2F-90CC-FF163157F9ED} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {AA6B7129-EF76-4BCC-A791-2011AD059DF1} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AC9AFF9F-874B-4DC6-9A2E-37AE14FDBEC6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B28A4DF6-2185-42D2-B0A7-E0B90985A4F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C2F99E66-9961-453E-AE82-927BB96932A5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {CA3E81D8-FC27-43E9-B52B-E784F76687EE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CF2FA2FF-1A46-4DE6-A460-C662304D48B7} - System32\Tasks\{428DD254-78FD-48CF-AFB3-2C3E7F513096} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="2M02-K09C-4652-C94K-5T44-HAM6-KX7M-078A-3X3C-L9TT-2W5U-821H-1C12-9810-A291-0000"
Task: {D98728C8-1886-465A-8839-A6CA5519CD38} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {DB99FD54-021F-4A44-BD01-3FEB47A1DD02} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DBBE0970-979F-4DAD-BEBD-1871B5B13953} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {E450177C-00C7-42B1-B73D-9D3E38CA19D2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {EBB5871C-28D0-44B3-81EE-11DC19349E85} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {ECBB05AA-0B80-470E-9367-AE7504FB3970} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-31] (Adobe Systems Incorporated)
Task: {F107F1CF-52E4-4871-959E-200C438020FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FD9D15E4-1BE1-4205-A2A6-8D415DA064B9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core.job => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA.job => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-08-02 02:52 - 2015-08-02 02:52 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-02 02:52 - 2015-08-02 02:52 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2010-04-06 14:53 - 2010-04-06 14:53 - 00578936 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2015-08-05 22:14 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-05 22:14 - 2015-07-30 08:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-22 21:51 - 2016-04-22 21:51 - 00959176 _____ () C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-11 22:14 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-11 22:14 - 2015-08-03 03:08 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-11 22:14 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2016-04-22 21:51 - 2016-04-22 21:51 - 00679624 _____ () C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [125]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [1792]
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys [1792]
AlternateDataStreams: C:\Users\Staples\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\AppData\Local\Verlauf:gs5sys [3074]
AlternateDataStreams: C:\Users\Staples\Documents\desktop.ini:gs5sys [3074]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2015-07-29 09:43 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Staples\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: Mobile Partner. RunOuc => 2
MSCONFIG\Services: rpcnet => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
MSCONFIG\startupfolder: C:^Users^Staples^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Battle.net.lnk => C:\Windows\pss\Battle.net.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GameXN GO => "C:\ProgramData\GameXN\GameXNGO.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP ENVY 4500 series (NET) => "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3CA2Q7BT060F:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: MusicManager => "C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{DAB9098E-BCC6-43EA-914C-180FB28B1190}C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe
FirewallRules: [TCP Query User{251DD3FB-685E-4277-A791-97947ED3BBDC}C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii public test\diablo iii.exe
FirewallRules: [{463D4E6D-28F7-4D94-A1EF-2AE3B45CC574}] => (Allow) C:\Program Files (x86)\Diablo 3\StarCraft II\StarCraft II.exe
FirewallRules: [{AE158F70-72C1-46F9-BA84-33C2EA6B3B3A}] => (Allow) C:\Program Files (x86)\Diablo 3\StarCraft II\StarCraft II.exe
FirewallRules: [{1DF298B3-BCA9-4322-BF0D-7E7A8D0411B3}] => (Allow) C:\Program Files (x86)\Diablo 3\Hearthstone\Hearthstone.exe
FirewallRules: [{6BE7CCFD-90A5-47A6-98C0-D94F8828BEFE}] => (Allow) C:\Program Files (x86)\Diablo 3\Hearthstone\Hearthstone.exe
FirewallRules: [UDP Query User{43046A62-F0A0-4B78-BC6D-73F1B01E7651}C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{87291E13-B742-4A4A-AED6-D08F55710435}C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [{BFE6636C-05E2-496D-83EB-354A37E72F72}] => (Allow) E:\FSetup.exe
FirewallRules: [{2F6F6651-43F1-45FE-8A9C-14AE9E829319}] => (Allow) E:\FSetup.exe
FirewallRules: [UDP Query User{E0D19048-7F9B-4F6A-91B7-1590A722B9B4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{78FCE144-CD62-460B-AA88-D6AC01C7055B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{5A874BB2-6927-4F44-AE2F-4E3EA3A92D8D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F3921869-22F6-48EA-8FA0-2065F05EEE26}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C309552C-6031-4C74-8CFE-268AFE41FC91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F516593-A61A-4EBB-8DC7-9D4BD3A6339A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7CAD7E71-0BD5-4A7C-9DBB-A1066D3C6A25}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{6DC5F174-9CCB-4632-AF90-D738CD1E5594}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{076E4404-43AE-4B3E-91B4-D17DA167A4E9}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{79128DD4-E18B-4A1D-A061-2F0ACB0A4CBE}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base32283\SC2.exe
FirewallRules: [{A5C16E36-0195-4CE1-AB02-693C5900B83E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BAE76957-0503-40B0-B2F3-8B0C9CBCBD4E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{33236DBE-44A0-48ED-91AF-01B34211077E}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{D07EA77B-DED6-4010-99C5-BFA6E53C158F}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BCC5A689-B1ED-412A-B131-C003122C2F5C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D90623C6-113B-469F-B20E-6667CFCCBBE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5CF2A2CE-FC1A-4BA6-B8D6-CA8ED53E2855}] => (Allow) LPort=1900
FirewallRules: [{BDA74D07-EE95-44EB-BCA8-DAE09A7C4185}] => (Allow) LPort=7900
FirewallRules: [{3FF958D2-792D-4E41-945D-DFF5316E9344}] => (Allow) LPort=24234
FirewallRules: [{52C311B7-95FA-42CF-A667-B353CFF3CE01}] => (Allow) LPort=7679
FirewallRules: [{1564CB85-C992-4B74-B414-6CB4ED63B1FF}] => (Allow) LPort=7676
FirewallRules: [{05B80B2B-64CA-4120-AED3-FDC1C63268F8}] => (Allow) LPort=8643
FirewallRules: [{94C5872C-096D-45FE-A386-A704F37CCD41}] => (Allow) LPort=8743
FirewallRules: [{85D1FCA6-5AAE-40ED-BC8A-661A80BB825C}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0CDCC238-9293-4960-A01E-ADBC24DE2426}] => (Allow) LPort=5357
FirewallRules: [{E6C70617-CBAC-4EAE-8821-ED72246690C8}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{7A11A418-B75D-4C52-96DA-9CA4B8DD999A}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{E81E2219-DCB7-40E3-9C0B-65EE6AB363AF}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{4B2CDB83-6F00-4483-9EC4-5DDEA19FA0AB}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{820B410A-B60B-46BC-B15D-A930CEC2752A}] => (Allow) C:\Users\Staples\AppData\Local\Apps\2.0\NGY65OLG.Y4M\0P4R2A3R.O8D\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe
FirewallRules: [{1A50E5AF-C87D-4180-9BDD-1356CD48961F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{262DE6E1-3D09-4960-B0BD-452E77ED4E4B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{1886E3CF-BBAA-45BA-BDBF-DF68C5649FDA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{622BAA4C-8B46-4565-B206-E2786189BFCA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6389EC2A-ABC7-46A4-B4B6-79C2FEC0B024}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{16313845-2B0C-4CF9-A3A4-19C03180546F}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{DD06D80F-7ACB-4661-8F85-699B83430D5A}] => (Allow) LPort=1900
FirewallRules: [{D6471186-80C3-43C1-84E3-742026E8539C}] => (Allow) LPort=2869
FirewallRules: [{70392273-5556-4955-B447-E97E32091F68}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{84DDAC82-808E-4E2D-9789-A52F53C0D4DC}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe
FirewallRules: [TCP Query User{50C46697-1E82-4C15-9E29-B1A32888100E}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede.exe
FirewallRules: [UDP Query User{E5048485-2062-4C31-AC52-00DCEC838ACB}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe
FirewallRules: [TCP Query User{23A89A76-ED93-43B5-8B46-17A9B4C72C2F}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede.exe
FirewallRules: [{974C9DC9-9006-4816-8119-CA81896AAA61}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{17EB269A-3379-47DF-B6B9-9499EA3D64DD}] => (Allow) svchost.exe
FirewallRules: [{AC3A1281-9F11-429D-ADFD-D6D233994896}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{485D1D0E-997B-4638-B1CF-57A62F63A6FD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{04E04B5C-DE15-460A-914A-A5B081BD09C2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9BE9D350-3FA7-420B-AAD5-56F5F27AB135}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DEF5B45F-AF3C-4AB4-891C-F2C91B263928}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{05C1E0E9-3DEA-440C-BD56-17C383E892B5}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E52537E4-F94C-4C42-B831-1F656622A8CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7BF7CD7-6A47-4FC6-AFFF-7A8DB6844C2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5A860695-8579-416A-A287-40C07810B5BE}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe
FirewallRules: [UDP Query User{6B00BD4E-D83B-4199-BF07-A93E703B642B}C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_reign_of_chaos_dede(2).exe
FirewallRules: [TCP Query User{6081101E-1662-45E3-97DC-A46F1856706C}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe
FirewallRules: [UDP Query User{92F466A6-9A25-459E-82D3-C6D2B2AC43C1}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(1).exe
FirewallRules: [TCP Query User{839A40D7-5698-45A5-AEC4-E880FC49092E}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{BB8B1D12-AAE0-4DE7-98E5-ED54A144FDB6}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{5A85E686-28AD-40A9-AD95-0AB1053FAB9C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{9056D4F4-F01C-40EA-B5C0-325981AD555C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{075F0F34-0735-46B8-8665-55A38DCBB6F4}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe
FirewallRules: [UDP Query User{C75B5420-C5D6-4C49-A150-E68C2BB76418}C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe] => (Allow) C:\users\staples\downloads\downloader_warcraft3_the_frozen_throne_dede(2).exe
FirewallRules: [TCP Query User{31F80D6F-AEF1-4457-819E-786C7090118D}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{C0F385F3-870D-4B35-AAB2-F5D43D48C33C}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{EE979479-45C4-459C-887E-C2E698DF3D85}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{E04E306A-36DD-459B-ABEC-3D2B65388F3A}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{D5BBB418-E1FF-4F0D-808F-03F8C93F1389}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4781C4DA-2B16-4012-875F-A5E91EA891F3}] => (Allow) D:\SteamLibrary\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{F4E51C64-B712-4C49-8607-2D1F80E314F6}C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe
FirewallRules: [UDP Query User{1E67D163-DC92-4131-9178-206AA862968B}C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_lord_of_destruction_dede.exe
FirewallRules: [TCP Query User{91008239-45AF-45C7-876E-C2CC8F1AECD9}C:\users\staples\downloads\downloader_diablo2_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_dede.exe
FirewallRules: [UDP Query User{08768379-FEF5-42D1-BB62-FDB41C2153A0}C:\users\staples\downloads\downloader_diablo2_dede.exe] => (Allow) C:\users\staples\downloads\downloader_diablo2_dede.exe
==================== Wiederherstellungspunkte =========================
25-04-2016 19:53:40 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/25/2016 10:14:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAPLES-TOSH)
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/25/2016 10:14:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAPLES-TOSH)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/25/2016 09:58:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 10.0.10240.16405 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1900
Startzeit: 01d19f2c98be74b6
Beendigungszeit: 0
Anwendungspfad: C:\Windows\explorer.exe
Berichts-ID: f3f553e1-0b1f-11e6-9c87-e839dfc6bedd
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (04/25/2016 09:57:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (04/25/2016 09:57:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (04/25/2016 09:01:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x1594
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5
Error: (04/25/2016 08:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x1b68
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5
Error: (04/25/2016 08:30:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x13b4
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5
Error: (04/25/2016 08:14:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0xc0c
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5
Error: (04/25/2016 08:00:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10240.16384, Zeitstempel: 0x559f38c5
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.10240.16397, Zeitstempel: 0x55af1390
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006687f
ID des fehlerhaften Prozesses: 0x77c
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5
Systemfehler:
=============
Error: (04/25/2016 10:14:35 PM) (Source: DCOM) (EventID: 10010) (User: STAPLES-TOSH)
Description: App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca
Error: (04/25/2016 07:55:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Windows 10 für x64-Systeme (KB3106246)
Error: (04/25/2016 07:55:04 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: WINDOWS\Device\HarddiskVolumeShadowCopy23
Error: (04/25/2016 07:53:14 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1053VSSNicht verfügbar{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (04/25/2016 07:53:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/25/2016 07:53:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Volumeschattenkopie erreicht.
Error: (04/25/2016 07:52:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0xc0000005 fehlgeschlagen: Upgrade auf Windows 10 Home, Version 1511, 10586
Error: (04/25/2016 06:46:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (04/25/2016 06:46:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Staples\AppData\Local\Temp\ehdrv.sys
Error: (04/25/2016 06:46:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
CodeIntegrity:
===================================
Date: 2016-03-17 00:34:13.874
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-14 08:44:09.391
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-11 22:12:58.712
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-06 16:59:53.713
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-01 23:08:44.158
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-28 21:20:12.104
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-26 16:56:32.380
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-23 20:21:56.876
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-23 09:00:54.734
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-23 09:00:54.718
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Prozentuale Nutzung des RAM: 51%
Installierter physikalischer RAM: 3954.67 MB
Verfügbarer physikalischer RAM: 1904.64 MB
Summe virtueller Speicher: 7922.67 MB
Verfügbarer virtueller Speicher: 5600.22 MB
==================== Laufwerke ================================
Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:46.66 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:145.22 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 40D49AEE)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Staples (Administrator) auf STAPLES-TOSH (25-04-2016 22:29:00)
Gestartet von C:\Users\Staples\Desktop
Geladene Profile: Staples & DefaultAppPool (Verfügbare Profile: Staples & DefaultAppPool)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avrestart.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [Google Update] => C:\Users\Staples\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [MusicManager] => C:\Users\Staples\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\...\RunOnce: [Uninstall C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Staples\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [583680 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk [2016-02-29]
ShortcutTarget: Warkeys Update.lnk -> C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
BootExecute: autocheck autochk /p \??\C:autocheck autochk /m /P \Device\HarddiskVolume2autocheck autochk /m /f \Device\HarddiskVolume2autocheck autochk *
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{214a7604-97a2-44e4-9116-57a232caae45}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e151f280-f994-498c-b104-4491eea55f73}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
SearchScopes: HKLM -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> DefaultScope {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {41594B62-A7B7-4CB8-B68C-21908ECD161C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {4FEE286E-218C-4BF0-B386-BA499B29169B} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {9EAB2976-7ED9-4C33-808F-568A8E2D7DFA} URL = hxxp://www.bing.com/search?FORM=MATM&PC=MATM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1502668225-1892257724-3303000117-1000 -> {D1F998F5-B874-47D1-BDDD-B50E44A73288} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-23] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857
FF DefaultSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-31] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-31] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1502668225-1892257724-3303000117-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Staples\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857\searchplugins\bildde.xml [2015-12-13]
FF Extension: Adblock Plus - C:\Users\Staples\AppData\Roaming\Mozilla\Firefox\Profiles\t9tmdxfc.default-1414740622857\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-25]
Chrome:
=======
CHR Profile: C:\Users\Staples\AppData\Local\Google\Chrome\User Data\default
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-08-02] (Broadcom Corporation.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-17] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-08-02] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
S3 MWAC; \??\C:\WINDOWS\SysWOW64\drivers\ [0 ] () <==== ACHTUNG (Null Byte Datei/Ordner)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-08-20] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-08-02] (Toshiba Corporation)
U5 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [212072 2009-09-24] (TOSHIBA CORPORATION)
U5 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [50664 2009-06-19] (TOSHIBA Corporation)
U5 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [94336 2009-06-19] (TOSHIBA Corporation.)
U5 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [63856 2009-08-05] (TOSHIBA Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-25 22:29 - 2016-04-25 22:29 - 00020529 _____ C:\Users\Staples\Desktop\FRST.txt
2016-04-25 21:59 - 2016-04-25 22:27 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-25 21:59 - 2016-04-25 21:59 - 11441744 _____ (SurfRight B.V.) C:\Users\Staples\Downloads\HitmanPro_x64.exe
2016-04-25 21:52 - 2016-04-25 21:52 - 00016148 _____ C:\WINDOWS\system32\STAPLES-TOSH_Staples_HistoryPrediction.bin
2016-04-25 18:42 - 2016-04-25 18:42 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-25 18:41 - 2016-04-25 18:42 - 02870984 _____ (ESET) C:\Users\Staples\Desktop\esetsmartinstaller_deu.exe
2016-04-25 16:42 - 2016-04-25 18:09 - 00011089 _____ C:\Users\Staples\Desktop\Fixlog.txt
2016-04-25 13:35 - 2016-04-25 13:54 - 00009772 _____ C:\Users\Staples\Desktop\Haushalt.xlsx
2016-04-24 19:27 - 2016-04-24 19:28 - 00000846 _____ C:\Users\Staples\Desktop\JRT.txt
2016-04-24 19:21 - 2016-04-24 19:23 - 01610008 _____ (Malwarebytes) C:\Users\Staples\Desktop\JRT.exe
2016-04-24 18:29 - 2016-04-24 18:29 - 00001182 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-24 18:27 - 2016-04-24 18:27 - 22851472 _____ (Malwarebytes ) C:\Users\Staples\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-24 18:15 - 2016-04-24 18:18 - 00000000 ____D C:\AdwCleaner
2016-04-24 18:14 - 2016-04-24 18:15 - 03683904 _____ C:\Users\Staples\Desktop\AdwCleaner_5.112.exe
2016-04-24 18:05 - 2016-04-24 18:05 - 00001090 _____ C:\Users\Public\Desktop\Mumble.lnk
2016-04-24 18:05 - 2016-04-24 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2016-04-24 18:05 - 2016-04-24 18:05 - 00000000 ____D C:\Program Files (x86)\Mumble
2016-04-23 22:15 - 2016-04-23 22:24 - 00270208 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_22.15.24_log.txt
2016-04-23 22:07 - 2016-04-23 22:13 - 00270208 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_22.07.52_log.txt
2016-04-23 22:06 - 2016-04-23 22:07 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Staples\Desktop\tdsskiller.exe
2016-04-23 22:03 - 2016-04-25 22:29 - 00000000 ____D C:\FRST
2016-04-23 22:02 - 2016-04-23 22:03 - 02375680 _____ (Farbar) C:\Users\Staples\Desktop\FRST64.exe
2016-04-19 00:09 - 2016-04-19 00:09 - 00000000 ____D C:\Users\Staples\Documents\Diablo II
2016-04-19 00:07 - 2016-04-19 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-04-18 23:25 - 2016-04-18 23:25 - 02771704 _____ (Blizzard Entertainment) C:\Users\Staples\Downloads\Downloader_Diablo2_deDE.exe
2016-04-18 23:12 - 2016-04-18 23:13 - 02689174 _____ (Blizzard Entertainment) C:\Users\Staples\Downloads\Downloader_Diablo2_Lord_of_Destruction_deDE.exe
2016-04-15 20:41 - 2016-04-15 20:41 - 00000017 _____ C:\WINDOWS\SysWOW64\shortcut_ex.dat
2016-04-12 21:11 - 2016-04-15 20:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-08 21:43 - 2016-04-08 21:43 - 00016622 _____ C:\Users\Staples\Documents\Sobri.odt
2016-04-03 07:37 - 2016-04-03 07:37 - 00275040 _____ C:\WINDOWS\Minidump\040316-38109-01.dmp
2016-03-28 20:14 - 2016-03-28 20:14 - 00000000 ____D C:\Users\Staples\AppData\Local\Steam
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-25 21:44 - 2014-08-04 23:59 - 00001154 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000UA.job
2016-04-25 21:32 - 2016-01-10 22:13 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-25 20:39 - 2014-08-04 23:59 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1502668225-1892257724-3303000117-1000Core.job
2016-04-25 19:32 - 2016-01-10 22:13 - 00001140 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-25 18:40 - 2015-10-30 21:27 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-25 18:25 - 2015-12-12 21:58 - 00000000 ____D C:\WINDOWS\Panther
2016-04-25 18:24 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-25 18:13 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-25 18:11 - 2015-08-13 20:58 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-25 18:11 - 2015-07-10 11:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-25 16:42 - 2014-01-18 21:17 - 00000000 ____D C:\Users\Staples\AppData\Roaming\Mumble
2016-04-25 16:40 - 2014-01-18 21:26 - 00000000 ____D C:\Users\Staples\AppData\Local\Battle.net
2016-04-25 09:55 - 2014-01-18 21:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-25 08:17 - 2014-01-18 21:34 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-04-25 00:50 - 2010-10-31 01:15 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BE5EF183-990B-42DC-8793-FA5A454ADFA0}
2016-04-24 23:05 - 2014-07-22 18:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-24 20:47 - 2014-01-01 11:54 - 00000000 ____D C:\Users\Staples\Desktop\Spiele
2016-04-24 18:40 - 2014-08-15 21:33 - 00049536 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\agremove.exe
2016-04-24 18:39 - 2015-08-02 01:59 - 00017920 _____ C:\WINDOWS\system32\rpcnetp.exe
2016-04-24 18:30 - 2015-08-27 21:00 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-24 18:29 - 2015-08-27 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-04-24 18:29 - 2015-08-27 21:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-04-24 18:18 - 2015-08-02 02:11 - 00000000 ____D C:\Users\Staples
2016-04-24 10:38 - 2014-01-01 11:54 - 00000000 ___RD C:\Users\Staples\Desktop\Programme
2016-04-24 10:33 - 2014-07-05 10:58 - 00000000 ____D C:\Users\Staples\Documents\JTP
2016-04-23 10:42 - 2014-12-08 22:53 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-04-22 21:51 - 2015-08-02 03:25 - 00002400 _____ C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-22 21:51 - 2015-08-02 03:25 - 00000000 ___RD C:\Users\Staples\OneDrive
2016-04-22 20:04 - 2015-08-02 02:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-22 15:46 - 2015-08-24 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-20 12:16 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-19 00:14 - 2011-09-22 17:56 - 00000618 _____ C:\BnetLog.txt
2016-04-19 00:09 - 2010-10-29 17:20 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-04-16 22:27 - 2010-11-01 16:50 - 00000000 ____D C:\Users\Staples\AppData\Roaming\TS3Client
2016-04-15 20:39 - 2013-12-27 17:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 23:02 - 2013-08-15 01:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 22:56 - 2010-10-31 19:28 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-11 17:51 - 2015-08-02 02:09 - 00007412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-11 17:51 - 2015-07-10 18:34 - 01165958 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-11 17:51 - 2015-07-10 18:34 - 00279796 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-06 20:32 - 2015-07-10 13:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-03 07:37 - 2015-08-02 17:39 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-31 22:57 - 2012-12-25 11:58 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-31 20:28 - 2012-12-25 11:58 - 00003876 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-30 20:47 - 2014-12-27 00:56 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-03-28 21:07 - 2014-07-22 19:35 - 00000000 ____D C:\Users\Staples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2010-10-31 19:55 - 2010-10-31 19:55 - 0000095 _____ () C:\Users\Staples\AppData\Local\fusioncache.dat
2014-08-01 23:59 - 2014-08-01 23:59 - 0016958 _____ () C:\Users\Staples\AppData\Local\gem.ico
2014-08-01 23:59 - 2014-08-01 23:59 - 0127112 _____ () C:\Users\Staples\AppData\Local\mybet.ico
2014-03-29 01:34 - 2014-11-18 20:59 - 0007607 _____ () C:\Users\Staples\AppData\Local\Resmon.ResmonCfg
2014-06-17 15:35 - 2014-06-17 15:35 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-11-02 12:45 - 2010-11-02 12:45 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-12-07 00:47 - 2015-12-07 00:47 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-18 23:41
==================== Ende von FRST.txt ============================
hier die Log-Datein. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d3f035e020eaa14d8f4a60937334a7b5
# end=init
# utc_time=2016-04-25 04:42:29
# local_time=2016-04-25 06:42:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29232
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d3f035e020eaa14d8f4a60937334a7b5
# end=updated
# utc_time=2016-04-25 04:46:12
# local_time=2016-04-25 06:46:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d3f035e020eaa14d8f4a60937334a7b5
# engine=29232
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-04-25 07:34:34
# local_time=2016-04-25 09:34:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 100 37997 24670607 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3369603 25086886 0 0
# scanned=350616
# found=0
# cleaned=0
# scan_time=10102
Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Staples (2016-04-25 16:42:16) Run:1
Gestartet von C:\Users\Staples\Desktop
Geladene Profile: Staples & (Verfügbare Profile: Staples & DefaultAppPool)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
Task: {2D34A571-4CEC-421F-9378-CFB7FBCD5780} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {374703C8-047E-458E-A707-64ED95105CB7} - \HDvid Codec V1-updater -> Keine Datei <==== ACHTUNG
Task: {452475D1-F5A5-4BD8-9CCE-824B69FBFA48} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {4A2F2C6C-B346-4172-8DD1-E64DE3FD24AA} - \ConfigFree Startup Programs -> Keine Datei <==== ACHTUNG
Task: {54FC8C20-F3B3-405F-B5D3-2C297BCBBB95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {567F5A78-2F13-44C0-8F13-EFD9C5A76050} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {71459263-08A6-43E0-B086-911E2AA8F233} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {8350377D-88D4-4A82-8581-C3E3F5D702E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {A5B4F7AE-FD38-41D1-8867-3A682AAF3F4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {B02C24DE-42E0-45C3-8DCB-74F600BF51FC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {B45B70A8-461A-4044-88D2-DAAE989E045A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {C1F73BFD-54A2-4477-9E0C-9757930AD47E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {C9E936DA-9486-4A23-8FF0-225CEA97CB40} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D34A571-4CEC-421F-9378-CFB7FBCD5780}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D34A571-4CEC-421F-9378-CFB7FBCD5780}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{374703C8-047E-458E-A707-64ED95105CB7}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{374703C8-047E-458E-A707-64ED95105CB7}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid Codec V1-updater => Schlüssel nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{452475D1-F5A5-4BD8-9CCE-824B69FBFA48}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{452475D1-F5A5-4BD8-9CCE-824B69FBFA48}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A2F2C6C-B346-4172-8DD1-E64DE3FD24AA}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A2F2C6C-B346-4172-8DD1-E64DE3FD24AA}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConfigFree Startup Programs => Schlüssel nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{54FC8C20-F3B3-405F-B5D3-2C297BCBBB95}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54FC8C20-F3B3-405F-B5D3-2C297BCBBB95}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{567F5A78-2F13-44C0-8F13-EFD9C5A76050}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{567F5A78-2F13-44C0-8F13-EFD9C5A76050}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71459263-08A6-43E0-B086-911E2AA8F233}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71459263-08A6-43E0-B086-911E2AA8F233}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8350377D-88D4-4A82-8581-C3E3F5D702E5}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8350377D-88D4-4A82-8581-C3E3F5D702E5}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5B4F7AE-FD38-41D1-8867-3A682AAF3F4E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5B4F7AE-FD38-41D1-8867-3A682AAF3F4E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B02C24DE-42E0-45C3-8DCB-74F600BF51FC}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B02C24DE-42E0-45C3-8DCB-74F600BF51FC}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B45B70A8-461A-4044-88D2-DAAE989E045A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B45B70A8-461A-4044-88D2-DAAE989E045A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1F73BFD-54A2-4477-9E0C-9757930AD47E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1F73BFD-54A2-4477-9E0C-9757930AD47E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9E936DA-9486-4A23-8FF0-225CEA97CB40}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9E936DA-9486-4A23-8FF0-225CEA97CB40}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BFE" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BITS" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\msiserver" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vss" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BITS" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\msiserver" => Schlüssel erfolgreich entfernt
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vss" => Schlüssel erfolgreich entfernt
========= RemoveProxy: =========
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1502668225-1892257724-3303000117-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl�sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
========= Ende von CMD: =========
EmptyTemp: => 5.3 GB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 18:09:49 ====
|
|
26.04.2016, 15:04
| #10 |
| /// TB-Ausbilder | Windows reagiert oft nicht. Fund durch Avira Servus, Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
|
|
26.04.2016, 19:55
| #11 |
| | Windows reagiert oft nicht. Fund durch Avira hey, Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 20:53 on 26/04/2016 by Staples
Administrator - Elevation successful
========== regfind ==========
Searching for "Iminent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C]
"B05CCF18F0593604E8A49DC9AAF4BBF1"="C:\Program Files (x86)\Iminent\System.Data.SQLite.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader]
"Iminent"="software\Iminent\Assemblies"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Iminent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Iminent]
-= EOF =-
|
|
27.04.2016, 15:17
| #12 | ||||||||||
| /// TB-Ausbilder | Windows reagiert oft nicht. Fund durch Avira Servus, Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Iminent
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
27.04.2016, 20:17
| #13 |
| | Windows reagiert oft nicht. Fund durch Avira Der PC hat ca. 20 minuten zum Neustart nach Fabers gebraucht. Nochmal fünf für das Starten von Mozilla. Beim Neustart wurde mir für ca. 1 Sek ein Container?-Fehler eingeblendet. Ging aber zu schnell um es zu lesen. Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Staples (2016-04-27 20:22:17) Run:2
Gestartet von C:\Users\Staples\Desktop
Geladene Profile: Staples & DefaultAppPool (Verfügbare Profile: Staples & DefaultAppPool)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Iminent
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Loader => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Iminent => Schlüssel erfolgreich entfernt
EmptyTemp: => 49.6 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 20:54:29 ====
|
|
28.04.2016, 15:33
| #14 |
| /// TB-Ausbilder | Windows reagiert oft nicht. Fund durch Avira Wie sieht es mit dem Starten nach einem erneuten Neustart aus? Dauert es immer noch so lange? |
|
28.04.2016, 21:32
| #15 |
| | Windows reagiert oft nicht. Fund durch Avira Ja, es ist jetzt echt grausam geworden. Hier geht kaum noch was. Surfen, zocken usw. nicht/kaum möglich. Irgentwelche Lösungen? |
|
| Themen zu Windows reagiert oft nicht. Fund durch Avira |
| aktuell, avira, fund, funde, hoffe, laptop, laufe, laufen, nicht, nicht mehr, quara, quarantäne, reagiert, sauberes, surfe, surfen, system, windows, zocken |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
