Schadware finden und Netzwerk-Einstellungen optimieren.

xxlynusxx · 28.04.2016, 23:37

Hallo alle zusammen.

Ich habe in einem anderen Thema eine Frage gestellt die mir auch relativ plausibel beantwortet wurde. http://www.trojaner-board.de/178011-...warebytes.html

Jedoch möchte ich auf Nummer sicher gehen und euch bitten mit mir zusammen meinen PC auf Schadware zu überprüfen.

Danach habe ich noch ein Problem mit meinem Heim Netzwerk wobei ihr mir sicher helfen könnt.

Vielen Dank schon mal.

Ich freu mich über jede Hilfe.

Gruß xxlynusxx

M-K-D-B · 29.04.2016, 21:28

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

xxlynusxx · 29.04.2016, 22:41

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
durchgeführt von xxx (Administrator) auf XXX-NETZWERK (29-04-2016 23:33:55)
Gestartet von C:\Users\xxx\Desktop
Geladene Profile: xxx (Verfügbare Profile: xxx & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(O&O Software GmbH) D:\System Tools\OO Software\DiskImage\oodiag.exe
(O&O Software GmbH) D:\System Tools\OO Software\SSD Migration Kit\oosmkag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(YL Computing, Inc) D:\Programme\Perfect Hotkey\PerfectHotkey.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe
(Mozilla Corporation) D:\Internet\Mozilla Firefox\firefox.exe
() D:\Programme\Rainmeter\Rainmeter.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) D:\Internet\Mozilla Firefox\plugin-container.exe
(Intel Corporation) C:\Program Files (x86)\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-24] (Intel Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\Run: [Perfect Hotkey] => D:\Programme\Perfect Hotkey\PerfectHotkey.exe [1405720 2014-12-02] (YL Computing, Inc)
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe [8087880 2015-12-11] (AO Kaspersky Lab)
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\MountPoints2: {03669e46-0dfb-11e6-a804-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\MountPoints2: {1dee293a-e2d9-11e5-a71a-005056c00008} - H:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\MountPoints2: {70b8f029-f408-11e5-acf0-005056c00008} - G:\HiSuiteDownLoader.exe
IFEO\notepad.exe: [Debugger] C:\Program Files (x86)\NppLauncher\NppLauncher.exe
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-11-13] ()
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe.lnk [2016-01-09]
ShortcutTarget: firefox.exe.lnk -> D:\Internet\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-09-02]
ShortcutTarget: Rainmeter.lnk -> D:\Programme\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe.lnk [2016-01-09]
ShortcutTarget: thunderbird.exe.lnk -> D:\Internet\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 07 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 06 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 07 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 15 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog5-x64 07 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 06 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 07 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 15 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6109D9DC-33EE-4256-A19D-679A4FC9CE87}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A0F505A1-150E-47C2-B46B-070A99DD7628}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1283539077-2619551967-1579459365-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1283539077-2619551967-1579459365-1001 -> Kein Name - {13DE1696-51C9-40EB-9408-D05E7BD610BC} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default
FF NewTab: 
FF DefaultSearchEngine: FindWide
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Keyword.URL: hxxp://search.findwide.com/serp?guid={FEC33A5B-CF0C-4E46-8275-D25C9B129213}&action=default_search&serpv=22&k=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-12] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-1283539077-2619551967-1579459365-1001: kaspersky.com/KPMPlugin -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\npKPMPlugin.dll [2015-12-11] (Kaspersky Lab)
FF Plugin HKU\S-1-5-21-1283539077-2619551967-1579459365-1001: kpm_win_add_on@kaspersky -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm_win_add_on@kaspersky [2016-02-28] ()
FF Extension: Speed Dial - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2015-09-14]
FF Extension: Greasemonkey - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-04-29]
FF Extension: IPFlood - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\Extensions\ipfuck@p4ul.info.xpi [2016-04-27]
FF Extension: Disable WebRTC - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2016-04-02]
FF Extension: NoScript - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-06]
FF Extension: FT DeepDark - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-12-05]
FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-03-01]
FF HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\Firefox\Extensions: [kpm_win_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm_win_add_on@kaspersky
FF Extension: Kaspersky Password Manager - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm_win_add_on@kaspersky [2016-02-28]
StartMenuInternet: FIREFOX.EXE - D:\Internet\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

Opera: 
=======
StartMenuInternet: (HKLM) Operadeveloper - D:\Internet\Opera\Launcher.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2015-10-16] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe [1470592 2012-03-21] (ASUSTeK Computer Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-18] (Kaspersky Lab ZAO)
S4 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138544 2015-03-31] ()
S4 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2015-03-31] ()
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2014-04-24] (Intel Corporation)
R2 OO DiskImage; D:\System Tools\OO Software\DiskImage\oodiag.exe [7766264 2015-08-28] (O&O Software GmbH)
R2 OO SSD Migration Kit; D:\System Tools\OO Software\SSD Migration Kit\oosmkag.exe [6258472 2013-11-18] (O&O Software GmbH)
S3 OpenVPNService; D:\Internet\OpenVPN\bin\openvpnserv.exe [38200 2016-01-04] (The OpenVPN Project)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
S4 VMAuthdService; D:\Programme\VMware\VMware Player\vmware-authd.exe [89792 2015-11-25] (VMware, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S3 BioNTDrv; D:\System Tools\Paragon Software\Backup and Recovery 2016 Kompakt\program\BioNTDrv.SYS [19120 2016-03-30] (Paragon Software Group)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; D:\System Tools\Sicherheit\EEK\bin64\epp.sys [124080 2016-02-25] (Emsisoft Ltd)
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [31464 2015-08-06] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-02] (REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2015-03-09] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-10-22] (ASUSTeK Computer Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-03-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-12-18] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-12-18] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934808 2016-03-01] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-18] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-19] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255640 2014-12-10] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44696 2014-12-10] (O&O Software GmbH)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [169616 2016-03-14] (Ray Hinchliffe)
U5 UnlockerDriver5; D:\System Tools\Unlocker\x64\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-09-28] (wisecleaner.com)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-29 23:33 - 2016-04-29 23:34 - 00018390 _____ C:\Users\xxx\Desktop\FRST.txt
2016-04-29 23:33 - 2016-04-29 23:33 - 00000000 ____D C:\FRST
2016-04-29 23:30 - 2016-04-29 23:30 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\xxx\Desktop\tdsskiller.exe
2016-04-29 23:29 - 2016-04-29 23:30 - 02376704 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2016-04-27 01:12 - 2016-03-09 21:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-04-27 01:12 - 2016-03-09 21:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-04-27 01:12 - 2016-03-09 20:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-04-27 01:12 - 2016-03-09 20:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-04-27 01:11 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-04-27 01:11 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-04-26 22:52 - 2016-04-26 22:52 - 00000000 ____D C:\Users\Public\Documents\Meine Löschberichte
2016-04-26 22:29 - 2016-04-26 23:08 - 00000000 ____D C:\Users\xxx\AppData\Local\ApplicationHistory
2016-04-26 22:29 - 2016-04-26 22:29 - 00000091 _____ C:\Users\xxx\AppData\Local\fusioncache.dat
2016-04-26 22:13 - 2016-04-26 23:08 - 00000000 ____D C:\Program Files (x86)\NT Registry Optimizer
2016-04-26 21:47 - 2016-04-26 21:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2016-04-26 21:47 - 2016-04-26 21:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-04-26 21:47 - 2016-04-26 21:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2016-04-26 21:47 - 2015-07-31 13:06 - 00011205 _____ C:\Users\Administrator\Desktop\readme.txt
2016-04-26 21:47 - 2015-07-31 11:07 - 00005885 _____ C:\Users\Administrator\Desktop\history.txt
2016-04-26 21:42 - 2016-04-26 21:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2016-04-26 21:09 - 2016-04-26 21:09 - 00062392 _____ C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-22 11:54 - 2016-04-22 11:54 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-04-21 22:59 - 2016-04-21 22:59 - 00894440 _____ (Opera Software) C:\Users\xxx\Downloads\OperaSetupDeveloper.exe
2016-04-21 19:34 - 2016-04-29 23:28 - 00312248 _____ C:\Windows\ntbtlog.txt
2016-04-20 23:50 - 2016-04-20 23:57 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-20 09:38 - 2016-04-20 09:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2016-04-20 09:38 - 2016-04-20 09:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2016-04-20 09:37 - 2016-04-20 09:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Opera Software
2016-04-20 09:37 - 2016-04-20 09:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Opera Software
2016-04-20 09:36 - 2016-04-20 09:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2016-04-20 09:35 - 2016-04-26 21:41 - 00000046 _____ C:\Users\Administrator\AppData\Roaming\1119HOTK.dat
2016-04-20 09:35 - 2016-04-20 09:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Proxifier
2016-04-19 23:36 - 2016-04-19 23:36 - 00000000 ____D C:\Users\xxx\Pavark
2016-04-19 23:19 - 2016-04-22 12:13 - 00280616 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-19 20:39 - 2016-04-19 20:40 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Total Network Monitor 2
2016-04-19 20:39 - 2016-04-19 20:39 - 00000000 ____D C:\ProgramData\Total Network Monitor 2
2016-04-19 20:39 - 2016-04-19 20:39 - 00000000 ____D C:\ProgramData\TEMP
2016-04-13 17:54 - 2016-04-04 20:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 17:54 - 2016-04-04 20:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 17:54 - 2016-04-02 15:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 17:54 - 2016-03-31 21:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 17:54 - 2016-03-31 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 17:54 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 17:54 - 2016-03-31 02:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 17:54 - 2016-03-31 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 17:54 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 17:54 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 17:54 - 2016-03-31 02:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 17:54 - 2016-03-31 02:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 17:54 - 2016-03-31 02:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 17:54 - 2016-03-31 02:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 17:54 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 17:54 - 2016-03-31 02:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 17:54 - 2016-03-31 02:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 17:54 - 2016-03-31 02:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 17:54 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 17:54 - 2016-03-31 02:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 17:54 - 2016-03-31 02:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 17:54 - 2016-03-31 02:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 17:54 - 2016-03-31 02:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 17:54 - 2016-03-31 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 17:54 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 17:54 - 2016-03-31 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 17:54 - 2016-03-31 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 17:54 - 2016-03-31 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 17:54 - 2016-03-31 01:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 17:54 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 17:54 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 17:54 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 17:54 - 2016-03-31 01:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 17:54 - 2016-03-31 01:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 17:54 - 2016-03-31 01:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 17:54 - 2016-03-31 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 17:54 - 2016-03-31 01:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 17:54 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 17:54 - 2016-03-31 01:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 17:54 - 2016-03-31 01:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 17:54 - 2016-03-31 01:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 17:54 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 17:54 - 2016-03-31 01:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 17:54 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 17:54 - 2016-03-31 01:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 17:54 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 17:54 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 17:54 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 17:54 - 2016-03-31 01:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 17:54 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 17:54 - 2016-03-31 01:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 17:54 - 2016-03-31 01:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 17:54 - 2016-03-31 01:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 17:54 - 2016-03-31 01:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 17:54 - 2016-03-31 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 17:54 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 17:54 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 17:54 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 17:54 - 2016-03-31 01:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 17:54 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 17:54 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 17:54 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 17:54 - 2016-03-31 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 17:54 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 17:54 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 17:54 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 17:54 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 17:54 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 17:54 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-13 17:54 - 2016-03-29 19:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 17:54 - 2016-03-18 01:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 17:54 - 2016-03-18 01:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 17:54 - 2016-03-18 01:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 17:54 - 2016-03-18 01:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 17:54 - 2016-03-18 01:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 17:54 - 2016-03-18 01:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 17:54 - 2016-03-18 00:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 17:54 - 2016-03-18 00:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 17:54 - 2016-03-18 00:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 17:54 - 2016-03-18 00:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 17:54 - 2016-03-18 00:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 17:54 - 2016-03-18 00:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 17:54 - 2016-03-18 00:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 17:54 - 2016-03-18 00:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 17:54 - 2016-03-18 00:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 17:54 - 2016-03-18 00:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 17:54 - 2016-03-18 00:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 17:54 - 2016-03-18 00:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 17:54 - 2016-03-18 00:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 17:54 - 2016-03-18 00:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 17:54 - 2016-03-18 00:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 17:54 - 2016-03-18 00:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 17:54 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 17:54 - 2016-03-18 00:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 17:54 - 2016-03-18 00:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 17:54 - 2016-03-18 00:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 17:54 - 2016-03-18 00:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 17:54 - 2016-03-18 00:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 17:54 - 2016-03-18 00:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 17:54 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 17:54 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 17:54 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 17:54 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 17:54 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 17:54 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 17:54 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 17:54 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 17:54 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 17:54 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 17:54 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 17:54 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 17:54 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 17:54 - 2016-03-17 23:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 17:54 - 2016-03-17 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 17:54 - 2016-03-17 23:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 17:54 - 2016-03-17 23:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 17:54 - 2016-03-17 23:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 17:54 - 2016-03-17 23:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 17:54 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 17:54 - 2016-03-17 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 17:54 - 2016-03-17 23:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 17:54 - 2016-03-17 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 17:54 - 2016-03-17 23:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 17:54 - 2016-03-17 23:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 17:54 - 2016-03-17 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 17:54 - 2016-03-17 23:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 17:54 - 2016-03-17 23:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 17:54 - 2016-03-17 23:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 17:54 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 17:54 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 17:54 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 17:54 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 17:54 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 17:54 - 2016-03-16 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 17:54 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-13 17:54 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-13 17:54 - 2016-03-16 02:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 17:54 - 2016-03-16 02:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 17:54 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 17:54 - 2016-03-11 20:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 17:54 - 2016-03-11 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 17:54 - 2016-03-06 20:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 17:54 - 2016-03-06 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 17:54 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 17:54 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-12 10:48 - 2016-04-19 23:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-12 10:48 - 2016-04-19 23:10 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-12 02:41 - 2016-04-19 20:44 - 00000000 ____D C:\Users\xxx\Downloads\PROGRAMME
2016-04-12 02:41 - 2016-04-12 02:41 - 00000000 ____D C:\Users\xxx\Downloads\BILDER
2016-04-05 00:55 - 2016-04-05 00:55 - 00000000 ____D C:\Foxit Software
2016-04-03 02:26 - 2016-04-03 02:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxy Finder
2016-04-03 00:42 - 2016-04-28 23:31 - 00003854 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1459636964
2016-04-03 00:42 - 2016-04-21 23:05 - 00000838 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera developer.lnk
2016-04-03 00:42 - 2016-04-21 23:02 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Opera Software
2016-04-03 00:42 - 2016-04-21 23:02 - 00000000 ____D C:\Users\xxx\AppData\Local\Opera Software
2016-04-02 04:45 - 2016-03-23 16:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-02 04:45 - 2016-03-17 20:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-02 04:45 - 2016-03-17 20:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-02 04:45 - 2016-03-17 20:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-02 04:45 - 2016-03-17 20:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-02 01:58 - 2016-04-03 01:20 - 00000000 ____D C:\Users\xxx\Documents\ProxySearcher
2016-04-01 03:50 - 2016-04-01 03:55 - 00000000 ____D C:\ProgramData\advlauncher
2016-04-01 03:49 - 2016-04-01 03:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2016 Kompakt

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2099-01-09 00:01 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2099-01-09 00:01 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU(1705).TXT
2016-04-29 23:33 - 2009-07-14 06:45 - 00033616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-29 23:33 - 2009-07-14 06:45 - 00033616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-29 23:30 - 2009-07-14 19:58 - 00752614 _____ C:\Windows\system32\perfh007.dat
2016-04-29 23:30 - 2009-07-14 19:58 - 00170474 _____ C:\Windows\system32\perfc007.dat
2016-04-29 23:30 - 2009-07-14 07:13 - 01060672 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-29 23:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-29 23:26 - 2015-09-02 15:13 - 00000259 _____ C:\Users\xxx\AppData\Roaming\1119HOTK.dat
2016-04-29 23:26 - 2015-08-29 04:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-29 23:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-29 12:57 - 2015-09-23 22:13 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-27 01:19 - 2015-08-29 03:13 - 00000000 ____D C:\Users\xxx\AppData\Roaming\TeamViewer
2016-04-26 23:09 - 2015-08-29 22:14 - 00000000 ____D C:\Users\Administrator
2016-04-26 23:09 - 2015-08-29 02:40 - 00000000 ____D C:\Users\xxx
2016-04-26 23:08 - 2016-03-10 02:52 - 00000000 ____D C:\Users\MSSQL$ADK
2016-04-26 23:08 - 2016-02-26 20:51 - 00000000 ____D C:\Users\Public\Foxit Software
2016-04-26 23:08 - 2015-10-27 21:38 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Notepad++
2016-04-26 23:08 - 2015-08-29 03:13 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Rainmeter
2016-04-26 23:08 - 2015-08-29 03:12 - 00000000 ____D C:\Users\xxx\AppData\Local\Mozilla
2016-04-26 23:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Msdtc
2016-04-26 23:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-04-26 22:16 - 2015-08-29 02:40 - 03145728 ___SH C:\Users\xxx\ntuser.bak
2016-04-26 22:16 - 2009-07-14 04:34 - 85721088 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-04-26 22:16 - 2009-07-14 04:34 - 22020096 _____ C:\Windows\system32\config\SYSTEM.bak
2016-04-26 22:16 - 2009-07-14 04:34 - 01835008 _____ C:\Windows\system32\config\DEFAULT.bak
2016-04-26 22:16 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-04-26 22:16 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-04-26 21:42 - 2015-08-29 22:17 - 00062392 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-26 14:41 - 2015-09-19 19:33 - 00000000 ____D C:\Users\xxx\AppData\Local\CrashDumps
2016-04-23 01:44 - 2015-09-19 20:30 - 00000000 ____D C:\Users\xxx\AppData\Local\Battle.net
2016-04-22 12:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-21 21:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-04-21 00:49 - 2016-03-02 21:53 - 00002282 ____H C:\Users\xxx\Documents\Default.rdp
2016-04-20 09:47 - 2016-02-28 03:28 - 00000000 ____D C:\Program Files (x86)\Hex-Editor MX
2016-04-19 23:24 - 2015-09-02 02:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-19 23:19 - 2015-09-03 04:59 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-04-19 20:39 - 2015-12-08 21:53 - 00000000 ____D C:\ProgramData\Licenses
2016-04-19 20:33 - 2015-09-04 15:08 - 00000000 ____D C:\ProgramData\VMware
2016-04-13 23:20 - 2015-08-29 12:28 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 23:05 - 2015-08-29 03:59 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 23:02 - 2015-08-29 03:59 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-13 18:04 - 2015-11-15 12:31 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-13 18:04 - 2015-11-15 12:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-10 21:43 - 2015-08-29 03:13 - 00000000 ____D C:\Users\xxx\AppData\Roaming\vlc
2016-04-04 01:29 - 2015-10-15 10:52 - 00000827 _____ C:\Users\xxx\Desktop\wichtig.txt
2016-04-03 00:32 - 2016-03-25 01:45 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-02 01:57 - 2016-03-27 13:02 - 00000000 ____D C:\Users\xxx\AppData\Local\Downloaded Installations

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-09-02 15:13 - 2016-04-29 23:26 - 0000259 _____ () C:\Users\xxx\AppData\Roaming\1119HOTK.dat
2016-04-26 22:29 - 2016-04-26 22:29 - 0000091 _____ () C:\Users\xxx\AppData\Local\fusioncache.dat
2015-08-29 03:13 - 2016-03-14 15:13 - 0000600 _____ () C:\Users\xxx\AppData\Local\PUTTY.RND
2015-08-29 03:13 - 2016-03-03 03:48 - 0007644 _____ () C:\Users\xxx\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-21 19:52

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-04-2016
durchgeführt von xxx (2016-04-29 23:34:19)
Gestartet von C:\Users\xxx\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-29 00:40:16)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1283539077-2619551967-1579459365-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-1283539077-2619551967-1579459365-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1283539077-2619551967-1579459365-1017 - Limited - Enabled)
xxx (S-1-5-21-1283539077-2619551967-1579459365-1001 - Administrator - Enabled) => C:\Users\xxx

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 5.5.3 - Atomi Systems, Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.06.16 - )
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.5.0 - Sereby Corporation)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bierzerkers (HKLM-x32\...\Steam App 348460) (Version:  - Shield Break Studios)
Break Into Zatwor (HKLM-x32\...\Steam App 395980) (Version:  - Zonitron Productions)
Broadsword : Age of Chivalry (HKLM\...\Steam App 312710) (Version:  - Hoplite Research LLC)
Curse Client (HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Deadbreed® (HKLM\...\Steam App 277950) (Version:  - Deadbreed AB)
EVGA PrecisionX 16 (HKLM-x32\...\Steam App 268850) (Version:  - EVGA)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
Gorky 17 (HKLM-x32\...\Steam App 253920) (Version:  - )
Herr des Wetters - Die verborgene Welt (HKLM-x32\...\{C5DD4A8C-5F57-45E4-A559-199413803FEF}) (Version: 1.00.0000 - PurpleHills)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 41.003.50.00.06 - Huawei Technologies Co.,Ltd)
Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973) (HKLM-x32\...\{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}.KB2635973) (Version: 1 - Microsoft Corporation)
Intel Extreme Tuning Utility (HKLM-x32\...\{e3931098-f44a-4c70-bf9c-f48d24bdd066}) (Version: 6.0.2.8 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.0.2.8 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.4.1000 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{F46A1003-7E9A-418C-8149-C6AF1EAF6B89}) (Version: 8.0.4.394 - Kaspersky Lab)
Kaspersky Password Manager (x32 Version: 8.0.4.394 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 4.2.3.296 - KC Softwares)
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241) (HKLM\...\{46556DC7-EFC0-361E-832E-E0A9B0D2EFAB}) (Version: 4.6.01067 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{D958C1AC-7891-42B6-AFBE-FA9070FACE13}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 de)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Mozilla Thunderbird 45.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.0 (x86 de)) (Version: 45.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NppLauncher (HKLM-x32\...\NppLauncher) (Version: 0.9.9 - )
NVIDIA 3D Vision Treiber 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
O&O DiskImage Professional (HKLM\...\{10C83530-840D-4AA3-994A-A9B9559B56C5}) (Version: 9.10.102 - O&O Software GmbH)
O&O SafeErase Professional (HKLM\...\{12DA3057-6836-4C8B-A44D-A447474E302B}) (Version: 6.0.538 - O&O Software GmbH)
O&O SSD Migration Kit (HKLM\...\{E8640F01-FE2F-44D3-9F5B-5C3D2C3E8291}) (Version: 7.1.36 - O&O Software GmbH)
OCCT 4.4.1 (HKLM-x32\...\OCCT) (Version: 4.4.1 - Ocbase.com)
OpenVPN 2.3.10-I001  (HKLM\...\OpenVPN) (Version: 2.3.10-I001 - )
Opera developer 38.0.2213.0 (HKLM-x32\...\Opera 38.0.2213.0) (Version: 38.0.2213.0 - Opera Software)
Overcast - Walden and the Werewolf (HKLM-x32\...\Steam App 293180) (Version:  - Microblast Games)
Paragon Backup and Recovery™ 2016 Kompakt (HKLM\...\{21FC91F0-ED08-11E5-B5CC-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Perfect Hotkey Version 1.32 (HKLM-x32\...\{4D9D70B0-31B9-4D04-A7E8-F6BA16FE51EC}_is1) (Version: 1.32 - YL Computing)
Planetary Annihilation (HKLM\...\Steam App 233250) (Version:  - Uber Entertainment)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Pressure (HKLM\...\Steam App 224220) (Version:  - Chasing Carrots)
Proxifier version 3.29 (HKLM-x32\...\Proxifier_is1) (Version: 3.29 - Initex)
Proxy Searcher (HKLM-x32\...\{7EA74723-FE48-410D-A24E-949870747174}) (Version: 5.10.0000 - Proxy Searcher)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RenderManNC-Installer (HKLM\...\{DAB7A2E1-D380-11E4-BBF3-001CC4171F87}) (Version: 1.0.0 - Pixar)
RenderManStudio-20.2-maya2014 (HKLM\...\{63FD4B00-4B71-11E5-9FE9-2C27D7EF5B5C}) (Version: 20.2.0 - Pixar)
RenderManStudio-20.2-maya2015 (HKLM\...\{1181004F-4B72-11E5-81D8-2C27D7EF5B5C}) (Version: 20.2.0 - Pixar)
RenderManStudio-20.2-maya2016 (HKLM\...\{0F938830-4B72-11E5-BD16-2C27D7EF5B5C}) (Version: 20.2.0 - Pixar)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
SanDisk SSD Dashboard (HKLM-x32\...\SanDisk SSD Dashboard) (Version: 1.4.1 - SanDisk Corporation)
SanDisk SSD Dashboard Service (HKLM-x32\...\{EE9255E4-283A-4318-ABB6-A75BEE59ACA3}) (Version: 1.0.0 - SanDisk Corporation)
Septerra Core (HKLM-x32\...\Steam App 253940) (Version:  - )
Service Pack 2 for SQL Server 2012 (KB2958429) (HKLM-x32\...\KB2958429) (Version: 11.2.5058.0 - Microsoft Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Total Network Monitor 2.1.0 build 4040 (HKLM-x32\...\Total Network Monitor 2_is1) (Version: 2.1.0.4040 - Softinventive Lab Inc.)
Trinium Wars (HKLM\...\Steam App 410560) (Version:  - Hanmaru Soft)
TS3 Admin (HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\7a0e88a04267d7dd) (Version: 1.0.3.106 - noa-x)
Two Worlds II (HKLM-x32\...\Steam App 7520) (Version:  - Reality Pump Studios)
Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version:  - Reality Pump Studios)
Ubinota (HKLM-x32\...\Steam App 323630) (Version:  - Rotateam)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Virtual Audio Streaming 4.0 (HKLM-x32\...\{B9FDEDF1-DD77-42BD-B2BD-ABCB30655C73}_is1) (Version: 4.0 - ShiningMorning Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.)
Why So Evil (HKLM-x32\...\Steam App 331710) (Version:  - Zonitron Productions)
Why So Evil 2: Dystopia (HKLM-x32\...\Steam App 354850) (Version:  - Zonitron Productions)
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WISE-FTP 7 (HKLM-x32\...\{3EAF3023-F780-46E5-8220-72F8DB87A7EB}_is1) (Version:  - AceBIT GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1292F2EE-382F-4528-9A07-5F4ADE30DB7E} - System32\Tasks\OO DiskImage {4c7ccc84-c698-4f52-a2a7-f8d22fb85d07} => D:\System Tools\OO Software\DiskImage\oodiag.exe [2015-08-28] (O&O Software GmbH)
Task: {60DAB3DB-A8FB-47F4-B4DE-DCA536BC7C72} - System32\Tasks\Logon Screen SkipUAC => D:\Programme\Logon Screen\Logon Screen.exe [2015-02-15] (Daniel Rebelo)
Task: {80CAD6AF-2989-455C-9852-9BC27C71C8AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-13] (Adobe Systems Incorporated)
Task: {8E6A2259-6C1B-41A2-97E2-C16D95CCFC08} - System32\Tasks\{128ECD8A-7CF5-4FCD-B8B0-62F3F6303903} => pcalua.exe -a C:\Users\xxx\Desktop\GPUTweak_2_5_2\setup.exe -d C:\Users\xxx\Desktop\GPUTweak_2_5_2
Task: {9BF06BAF-1149-497D-98BA-D96FA394DAB8} - System32\Tasks\{63E3E043-43F8-4ED5-BECE-4246CAC0E787} => pcalua.exe -a C:\Users\xxx\Desktop\GPUTweak_2_5_2\setup.exe -d C:\Users\xxx\Desktop\GPUTweak_2_5_2
Task: {9DD77CF7-26CB-4B1B-BAFE-DCA7365A1D1D} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-05-05] (Intel Corporation)
Task: {A7C113FD-3323-4F1E-B81B-44703CF20049} - System32\Tasks\EVGAPrecisionX => E:\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe [2016-04-20] (EVGA Corp.)
Task: {B02E4064-7656-43BF-B8F8-691A9EB7D998} - System32\Tasks\Opera scheduled Autoupdate 1459636964 => D:\Internet\Opera\launcher.exe [2016-04-28] (Opera Software)
Task: {B7603031-1DA0-4B2B-851B-21DFA0893597} - System32\Tasks\{0EDA6852-15A1-49EE-B2C0-5C4A587DF6E3} => pcalua.exe -a C:\Users\xxx\AppData\Local\Temp\GPUTweak_2_5_2\setup.exe -d C:\Users\xxx\AppData\Local\Temp\GPUTweak_2_5_2
Task: {DEA360BB-3B07-4CDA-B1E7-2D877BDF1D90} - System32\Tasks\OO DiskImage {4e6ed83a-2dc9-40f4-942f-4bbeea59d354} => D:\System Tools\OO Software\DiskImage\oodiag.exe [2015-08-28] (O&O Software GmbH)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\OO DiskImage {4c7ccc84-c698-4f52-a2a7-f8d22fb85d07}.job => 
Task: C:\Windows\Tasks\OO DiskImage {4e6ed83a-2dc9-40f4-942f-4bbeea59d354}.job => D:\System Tools\OO Software\DiskImage\oodiag.exe,/run {4e6ed83a-2dc9-40f4-942f-4bbeea59d354}SYSTEMBC:\ProgramData\OO Software\DiskImage\Aufgaben\Aufgabe20151203.xml

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-02-26 22:51 - 2015-03-28 16:55 - 00096840 _____ () C:\Windows\system32\PrxerNsp.dll
2016-03-25 01:45 - 2016-01-29 12:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-04-21 12:34 - 2015-08-28 01:01 - 00326904 _____ () D:\System Tools\OO Software\DiskImage\oodiagrs.dll
2016-04-21 12:34 - 2013-11-18 05:58 - 00318760 _____ () D:\System Tools\OO Software\SSD Migration Kit\oosmkagrs.dll
2016-04-21 12:34 - 2015-08-06 20:52 - 00036544 _____ () D:\Programme\Rainmeter\Rainmeter.exe
2016-04-21 12:34 - 2015-08-06 20:52 - 00816320 _____ () D:\Programme\Rainmeter\Rainmeter.dll
2016-04-21 12:34 - 2015-08-06 20:51 - 00058368 _____ () D:\Programme\Rainmeter\Plugins\WebParser.DLL
2015-12-02 21:31 - 2012-10-25 11:26 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-12-02 21:31 - 2012-10-25 11:26 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-07-09 00:18 - 2015-07-09 00:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2015-12-11 19:18 - 2015-12-11 19:18 - 00437216 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\ipm_service.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60777651.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NVFLASH => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nvflash.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60777651.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NVFLASH => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nvflash.sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{F12FEF70-8E12-4F7D-AB29-DC6E82D65B39}] => (Allow) D:\Internet\Mozilla Firefox\firefox.exe
FirewallRules: [{F6BC446D-E30C-42AA-BED2-ABB73A0BF504}] => (Allow) D:\Internet\Mozilla Firefox\firefox.exe
FirewallRules: [{BD7825B2-003C-409B-8C60-EC2B5C865B65}] => (Allow) D:\Internet\Mozilla Firefox\firefox.exe
FirewallRules: [{2F726E8F-1786-467A-A8F4-9938BFFA122E}] => (Allow) D:\Internet\Mozilla Firefox\firefox.exe
FirewallRules: [{092F9EF1-438F-412D-AD04-61622201F5AE}] => (Allow) C:\Users\xxx\AppData\Local\Apps\2.0\J6A9JLJN.VC0\03TXEEKQ.H8V\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{FDB5CA6C-0585-4A41-A209-2B9C2E6D009E}] => (Allow) C:\Users\xxx\AppData\Local\Apps\2.0\J6A9JLJN.VC0\03TXEEKQ.H8V\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{FE97F1CF-5AA6-4872-B7FD-31537D0DF816}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{83969BFD-EFA9-4B9D-8A5B-94AC2024D534}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{CD16E77B-789A-433C-8126-69014D7929E0}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{2EE8D6EF-723F-4C97-8605-8DAD7FD9C228}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{2E1C1283-47AF-4634-80DF-9050EF16FA96}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{AD3175D1-9E3D-408E-BC35-87DEF82A1415}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{81FBE924-AA32-4703-B1FE-9812E3FCD7FC}] => (Allow) E:\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{F9D4E0AA-12B7-4289-9ACE-7D9045BD83EE}] => (Allow) E:\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{D8705FBC-AC89-473B-B213-D2AAE202BC22}] => (Allow) E:\Steam\steamapps\common\Nexuiz Beta\Bin32\Nexuiz.exe
FirewallRules: [{FEB7E9D0-AA42-4363-8184-88A747A863F3}] => (Allow) E:\Steam\steamapps\common\Nexuiz Beta\Bin32\Nexuiz.exe
FirewallRules: [{2E39A8ED-4486-4758-9BBC-931F5F2EBC8A}] => (Allow) E:\Steam\steamapps\common\Nexuiz Beta\Bin32\DedicatedServer.exe
FirewallRules: [{E6EC18ED-5908-4A8F-A497-9B7F89D4AAD9}] => (Allow) E:\Steam\steamapps\common\Nexuiz Beta\Bin32\DedicatedServer.exe
FirewallRules: [{D7ED3BBB-1CD1-4240-91E1-76DCB8C21907}] => (Allow) E:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{C7FD92FC-65A8-4FD1-A711-98859F5B4BFE}] => (Allow) E:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{59CB0D72-0D44-4651-B470-4EEED43083F8}] => (Allow) E:\Steam\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{49D8819C-7A54-4031-80C2-9FA04E26E61E}] => (Allow) E:\Steam\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{76F495EC-D564-4DC8-A9C4-8CB475296372}] => (Allow) E:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{B81ABAF2-3B02-4AF0-8C3F-5B948C28F428}] => (Allow) E:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{48AB1B2D-9455-4176-9A54-6BB329A60DBE}] => (Allow) E:\Steam\steamapps\common\Ubinota\Ubinota.exe
FirewallRules: [{F8FA2FF8-7D82-4664-B392-8ED597C76D4C}] => (Allow) E:\Steam\steamapps\common\Ubinota\Ubinota.exe
FirewallRules: [{57CF6E66-44E6-4512-A8BB-4D66E3C8BDB9}] => (Allow) E:\Steam\steamapps\common\Blood of Old\BloodofOld.exe
FirewallRules: [{2B387C32-C6EF-456C-B07F-10AA958C6C05}] => (Allow) E:\Steam\steamapps\common\Blood of Old\BloodofOld.exe
FirewallRules: [{626499B7-23FD-4D7E-93B7-85308939362D}] => (Allow) E:\Steam\steamapps\common\Blood of Old\BloodofOld32.exe
FirewallRules: [{2299367A-90C0-4C72-A14B-B98B43D1C3AB}] => (Allow) E:\Steam\steamapps\common\Blood of Old\BloodofOld32.exe
FirewallRules: [{CA27C0BB-8165-4108-9E4D-E72F2A16FBC8}] => (Allow) E:\Steam\steamapps\common\Burgers\Burgers.exe
FirewallRules: [{A1B75666-D7A3-4451-8D80-C99FC225807E}] => (Allow) E:\Steam\steamapps\common\Burgers\Burgers.exe
FirewallRules: [{6911D82C-0FEF-4534-A8BB-B206DAEB4860}] => (Allow) D:\Multimedia\ActivePresenter\ActivePresenter.exe
FirewallRules: [{5FA8FA1D-481B-41AB-BBE6-54554D06A5B3}] => (Allow) D:\Multimedia\ActivePresenter\ActivePresenter.exe
FirewallRules: [{FE34807A-2572-41C7-8028-F1CB7A7D341B}] => (Allow) D:\Multimedia\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{178C55C4-D863-47E0-8BF4-5F113710047E}] => (Allow) D:\Multimedia\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{3CCB1A3B-B8E8-49CB-8671-F3A15386DF9A}] => (Allow) D:\Multimedia\ActivePresenter\rlactivator.exe
FirewallRules: [{3EA5A3D8-E53D-4902-82EA-206296E836CC}] => (Allow) D:\Multimedia\ActivePresenter\rlactivator.exe
FirewallRules: [{20F20070-059A-4530-B527-F3A0B645D88C}] => (Allow) D:\Multimedia\ActivePresenter\rlupdater.exe
FirewallRules: [{46CDA9FE-0C3A-4F4A-8665-AEE15BE6CF13}] => (Allow) D:\Multimedia\ActivePresenter\rlupdater.exe
FirewallRules: [{6828C83C-8D45-4460-B0E5-242E4B6610EA}] => (Allow) D:\Multimedia\ActivePresenter\ActivePresenter.exe
FirewallRules: [{F35B4176-497A-4499-A161-1A037EDF1C7F}] => (Allow) D:\Multimedia\ActivePresenter\ActivePresenter.exe
FirewallRules: [{2C42600E-DC73-46F1-B140-E4C1A9EC56ED}] => (Allow) D:\Multimedia\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{1478745B-EF91-471A-8B81-CC0709A913D0}] => (Allow) D:\Multimedia\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{D1C4C941-D334-4635-876E-B9DF2C83EF57}] => (Allow) D:\Multimedia\ActivePresenter\rlactivator.exe
FirewallRules: [{33CA773C-F2F6-442D-812E-3AC7B630C0D9}] => (Allow) D:\Multimedia\ActivePresenter\rlactivator.exe
FirewallRules: [{888059D0-28AD-4B2D-A9A5-6C2247DB9A1C}] => (Allow) D:\Multimedia\ActivePresenter\rlupdater.exe
FirewallRules: [{F4A60236-D10F-4414-87ED-A8F7C6AA4FC3}] => (Allow) D:\Multimedia\ActivePresenter\rlupdater.exe
FirewallRules: [{263191B4-E204-4531-86B9-E9A4C8788AEE}] => (Allow) E:\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{B755B4D4-02F3-42FA-877F-59859738BE32}] => (Allow) E:\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{934D3B3A-C090-4605-9A6E-B3B29AD0877E}] => (Allow) E:\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe
FirewallRules: [{3412C5AA-92E3-459F-A76B-A8DC4B702338}] => (Allow) E:\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe
FirewallRules: [{48D0624E-175B-42C3-9FE5-1924F7DC2922}] => (Allow) E:\Steam\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe
FirewallRules: [{138F497D-3015-48EF-AE6A-4EE97A3878F8}] => (Allow) E:\Steam\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe
FirewallRules: [{32AF96E2-EB74-4E5B-B31E-C3C16FA91646}] => (Allow) E:\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{7F714371-48C2-4B7B-B106-AEED352C42AC}] => (Allow) E:\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{ED372989-DA65-4CFC-A0F7-39C6EBA6C3B8}] => (Allow) E:\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{B4926C37-EE24-42E6-9259-214C936F0A02}] => (Allow) E:\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{6DCCB7C8-4F30-4FF6-9BBE-8EDFD3EAFE4D}] => (Allow) E:\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{4ECA5DA6-0C4C-4991-BAD9-D1E6C0A3FFDA}] => (Allow) E:\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{0F833C2D-8AFE-4986-ABCB-0BB6B24EDB75}] => (Allow) D:\Programme\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{80998A9B-7445-40F4-B49F-404C8F8A5DEE}] => (Allow) D:\Programme\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{9F271F34-560E-49B7-B17E-93160DCD426B}] => (Allow) E:\Steam\steamapps\common\nosgoth\NosgothLauncher.exe
FirewallRules: [{11212522-A727-4AF5-9260-D2DEC7D9A2B5}] => (Allow) E:\Steam\steamapps\common\nosgoth\NosgothLauncher.exe
FirewallRules: [{1CD3B6B3-9D8B-490E-937E-8C5E0F9C84D4}] => (Allow) E:\Steam\steamapps\common\Nexuiz\Bin32\Nexuiz.exe
FirewallRules: [{B4268A3E-384B-4B56-ACE4-7008601CC878}] => (Allow) E:\Steam\steamapps\common\Nexuiz\Bin32\Nexuiz.exe
FirewallRules: [{059A8152-BC6D-496A-A190-13D0133F88AF}] => (Allow) E:\Steam\steamapps\common\Nexuiz\Bin32\Editor.exe
FirewallRules: [{AC811C4D-FD39-4EEA-9D7A-24E290245C7B}] => (Allow) E:\Steam\steamapps\common\Nexuiz\Bin32\Editor.exe
FirewallRules: [{226E7DF2-E259-4917-98F9-BAFAD594D8E0}] => (Allow) E:\Steam\steamapps\common\Overcast - Walden and the Werewolf\Overcast - Walden and the Werewolf.exe
FirewallRules: [{C3B49CB6-582A-41AE-8AB8-426E85422460}] => (Allow) E:\Steam\steamapps\common\Overcast - Walden and the Werewolf\Overcast - Walden and the Werewolf.exe
FirewallRules: [{D9AA143C-3456-4CF9-8040-D05EBECA0DBA}] => (Allow) E:\Steam\steamapps\common\Why So Evil\Why So Evil_50f.exe
FirewallRules: [{D9621EB1-37DF-4DD2-A877-3F8B618C6F98}] => (Allow) E:\Steam\steamapps\common\Why So Evil\Why So Evil_50f.exe
FirewallRules: [{7803A0DF-5988-417C-984D-9AD36693992D}] => (Allow) E:\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe
FirewallRules: [{E94B062B-47EC-48FB-9D7D-783A24F0D8B3}] => (Allow) E:\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe
FirewallRules: [{398866A3-D6A0-4844-A71B-283DE47B227D}] => (Allow) E:\Steam\steamapps\common\Why So Evil 2 Dystopia\Why So Evil 2 Dystopia.exe
FirewallRules: [{6A3D1345-F2D6-410B-8498-6E484F18B8A8}] => (Allow) E:\Steam\steamapps\common\Why So Evil 2 Dystopia\Why So Evil 2 Dystopia.exe
FirewallRules: [{8FC381CF-2F8E-4D07-8B74-509DC101F540}] => (Allow) E:\Steam\steamapps\common\Gorky 17\gorky17.exe
FirewallRules: [{FA0D7AEB-99AE-495D-93E0-1AA00E156D48}] => (Allow) E:\Steam\steamapps\common\Gorky 17\gorky17.exe
FirewallRules: [{F9DD7984-6B3B-41A1-B56A-9CE6F1E7F879}] => (Allow) E:\Steam\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{13523CDF-0B56-4F66-869F-57679061FA97}] => (Allow) E:\Steam\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{401C18FC-C034-4A88-BCF8-9A2BC57CDBFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{71C89887-BCB5-42B2-91F8-B7703E2F8799}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C790FBB3-3210-46DD-9BE2-8540A8BFDB49}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{87A83931-1715-49A6-9087-2EFE115FA672}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{271AC25D-AEAC-467E-AFB3-116CDAE0BC23}] => (Allow) E:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{D67DADC8-807D-49F4-A8BF-8BD0B9C3B2EC}] => (Allow) E:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{12CFA9FC-733D-4F14-B760-26614B9316AE}] => (Allow) LPort=26675
FirewallRules: [{D68F7085-F9EF-4867-AA27-FFBD874B6719}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{FDF79033-139F-4119-ACD4-CF40C53A1B4A}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{A53F242B-EE52-4892-8EBD-7A52AF6CFBDF}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer 3\CNC3Launcher.exe
FirewallRules: [{169B87FB-0F9B-4BA4-8915-3EF1931E5A3A}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer 3\CNC3Launcher.exe
FirewallRules: [{34A141AE-7C2E-4890-B513-80FF273C204B}] => (Allow) S:\Program Files (x86)\Origin Games\Command Conquer 4 Tiberian Twilight\CNC4.exe
FirewallRules: [{05A4651E-A6F5-412B-AAEE-A75B2D656BC8}] => (Allow) S:\Program Files (x86)\Origin Games\Command Conquer 4 Tiberian Twilight\CNC4.exe
FirewallRules: [{8706C8EE-279B-4AF5-9791-AB9E3DC3A5E1}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{06933CE2-F28D-4469-A264-EAA6206E03D4}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{B8A1F955-EB71-499F-AA17-E9559E26F16C}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Red Alert 3\RA3Launcher.exe
FirewallRules: [{FFB2035F-7422-4775-AE69-0DEECF3F17AF}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Red Alert 3\RA3Launcher.exe
FirewallRules: [{CCA3E802-F827-4100-B60B-C400345744F1}] => (Allow) S:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{254B980C-3C52-455C-BE86-4DE4644421A0}] => (Allow) S:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{715FCF01-F638-4E11-9D58-3D8A045AA216}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe
FirewallRules: [{5F66D156-037B-41D5-9F4D-931266F97310}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe
FirewallRules: [{E6D94E90-09C6-44E7-A4F3-17A297C685C5}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Red Alert\RA95Launcher.exe
FirewallRules: [{534519A9-DE52-4C09-A756-EAEA6DD38C01}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Red Alert\RA95Launcher.exe
FirewallRules: [{4981C77F-8358-4ACC-8343-9FA330935341}] => (Allow) S:\Program Files (x86)\Origin Games\Renegade\RenegadeLauncher.exe
FirewallRules: [{BAB8C47C-029D-410C-9099-90489247267C}] => (Allow) S:\Program Files (x86)\Origin Games\Renegade\RenegadeLauncher.exe
FirewallRules: [{DC65C855-4A5C-4C0A-8CFA-AADF927C2F73}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Tiberian Sun\TSLauncher.exe
FirewallRules: [{FDB13755-AF49-4E3F-9F03-C02F5D8EC679}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Tiberian Sun\TSLauncher.exe
FirewallRules: [{C6530177-3426-47C6-99B8-D37F2F8E86E8}] => (Allow) E:\Steam\steamapps\common\Bierzerkers\Local\VikingGame\Binaries\Win64\VikingGame.exe
FirewallRules: [{A47A96F2-0D0A-4CB7-927D-B94C43458ABF}] => (Allow) E:\Steam\steamapps\common\Bierzerkers\Local\VikingGame\Binaries\Win64\VikingGame.exe
FirewallRules: [{121BDB0D-341A-4F5C-A070-B8E5A2AE8E0C}] => (Allow) E:\Steam\steamapps\common\Septerra Core\septerra.exe
FirewallRules: [{822455C7-DD7F-4EBE-9A1A-33937F1123FB}] => (Allow) E:\Steam\steamapps\common\Septerra Core\septerra.exe
FirewallRules: [{411ED630-95EB-4D4E-A88A-CE861E6F1F69}] => (Allow) C:\Users\xxx\AppData\Local\Apps\2.0\J6A9JLJN.VC0\03TXEEKQ.H8V\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{B7B3B2B5-9563-4848-AD42-A95268FF5F17}] => (Allow) C:\Users\xxx\AppData\Local\Apps\2.0\J6A9JLJN.VC0\03TXEEKQ.H8V\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D184CC5E-0F0C-454F-94E7-B81E44716AC9}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x86\PA.exe
FirewallRules: [{FEACFD58-8C73-466B-98D5-854C985019E0}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x86\PA.exe
FirewallRules: [{AD554D2B-D449-48A8-A92F-A8736D95B478}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe
FirewallRules: [{09FFAC58-A192-406A-92A7-6B209A8C772F}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe
FirewallRules: [{52728CB8-D5C3-401C-A4E2-3F1913F06468}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{E518A89D-AC3D-4A2C-A96A-CC9FB8868E24}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{EE4AA29B-56BC-4DEA-9EAA-11DB48D3B331}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{575C260A-B2FC-4F15-84FF-737B1C81B98F}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{C4BDD933-E7F0-43B4-84AE-3D0B86CCCC8E}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe
FirewallRules: [{9690F709-25A6-45C0-9BC3-DDB27CE49718}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe
FirewallRules: [{4ADA3312-FC6C-40A7-BDA9-5FDE81253F69}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{CAD347AA-811A-455C-BFD3-0847DAA4B6B5}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{CA50F64D-8311-4614-99D4-B5DBE8ABEF1B}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\server.exe
FirewallRules: [{068239E1-A400-44C6-8B36-7BA09B1F53A2}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\server.exe
FirewallRules: [{1D1AE719-880C-4126-9EFD-F8759EAB71A2}] => (Allow) E:\Steam\steamapps\common\Deadbreed\Deadbreed.exe
FirewallRules: [{179A893B-79D8-4092-B506-48923CF9D0BA}] => (Allow) E:\Steam\steamapps\common\Deadbreed\Deadbreed.exe
FirewallRules: [{C8603C84-906A-4F04-953E-CFC30CF14A8B}] => (Allow) E:\Steam\steamapps\common\pressure\bin\pressure.exe
FirewallRules: [{27F3957A-3659-401F-91B4-6593159CFAF9}] => (Allow) E:\Steam\steamapps\common\pressure\bin\pressure.exe
FirewallRules: [{5B1791B5-CE2D-40AE-9C1A-C3FDD0FE5F98}] => (Allow) E:\Steam\steamapps\common\TriniumWars\TriniumWars.exe
FirewallRules: [{95F2C644-4B63-45FE-AC1E-721C5068D0C6}] => (Allow) E:\Steam\steamapps\common\TriniumWars\TriniumWars.exe
FirewallRules: [{E7AA58C4-2F7C-44D8-A7D9-9C6804D601B5}] => (Allow) E:\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds.exe
FirewallRules: [{8A9112C3-285F-4700-953D-DCD46B99B0A0}] => (Allow) E:\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds.exe
FirewallRules: [{9524A504-3703-4302-BA3C-CC233CA9786D}] => (Allow) E:\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds_RADEON.exe
FirewallRules: [{5BF4BD43-860C-42AA-B602-5F16B435C177}] => (Allow) E:\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds_RADEON.exe
FirewallRules: [{117B4F2A-E607-459B-A1BB-85BA113C7306}] => (Allow) E:\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{1BE00EA3-EDB4-40FD-8B98-EA0ACFBEE50E}] => (Allow) E:\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{6FC16F03-7AFE-4828-9929-B95EE996362F}] => (Allow) E:\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{8B454E78-773E-4927-AC19-C02A68E82C18}] => (Allow) E:\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{8C8CC4CB-261E-4E95-99F1-0C440B531088}] => (Allow) E:\Steam\steamapps\common\Broadsword Age of Chivalry\Broadsword24-08-2015.exe
FirewallRules: [{A5B4F38E-35F3-4AF4-AB04-A0C4550EF0BA}] => (Allow) E:\Steam\steamapps\common\Broadsword Age of Chivalry\Broadsword24-08-2015.exe
FirewallRules: [{22F01F77-3D42-4288-8DEC-F5D4EA74FD07}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9225AADA-33C3-4CF2-A72E-7CA2F38FF961}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EB062544-AFB9-4AA2-B310-0A8D2C7D602A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CC5DB641-D74A-432F-888D-1B9AFD5247FD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Wiederherstellungspunkte =========================

26-04-2016 14:38:18 Windows Update
26-04-2016 14:39:51 Windows Update
26-04-2016 21:13:58 Windows Update
26-04-2016 21:18:00 Windows Update
26-04-2016 21:29:57 Windows Update
26-04-2016 21:34:25 Windows Update
26-04-2016 21:43:01 Windows Update
26-04-2016 21:45:32 Windows Update
26-04-2016 21:55:50 Windows Update
26-04-2016 22:03:04 Windows Update
26-04-2016 22:06:10 Installed Easy fix 50202
26-04-2016 22:28:02 Installed Microsoft .NET Framework 1.1
26-04-2016 22:37:41 Microsoft .NET Framework 4.5 wird installiert
26-04-2016 22:42:02 Microsoft .NET Framework 4.5 wird installiert
26-04-2016 22:42:21 Microsoft .NET Framework 4.5.2 wird installiert
26-04-2016 22:44:57 Windows Update
26-04-2016 23:00:10 Windows Update
26-04-2016 23:05:25 Installiert Paragon Backup and Recovery™ 14 Free.
26-04-2016 23:07:35 Wiederherstellungsvorgang
26-04-2016 23:12:56 Windows Update
27-04-2016 01:12:02 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/29/2016 12:28:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/26/2016 11:10:12 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0xc0000022.

Error: (04/26/2016 11:05:30 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework64\v4.0.30319 doesn't have a matching runtime directory

Error: (04/26/2016 11:04:55 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory

Error: (04/26/2016 11:04:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/26/2016 11:01:54 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241) - Update "KB3136000" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB3136000_20160426_230134417-Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241)-MSP0.txt enthalten.

Error: (04/26/2016 11:01:35 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework64\v4.0.30319 doesn't have a matching runtime directory

Error: (04/26/2016 11:01:32 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.5.2 -- A later version of Microsoft .NET Framework 4.5.2 is already installed.

Error: (04/26/2016 11:01:32 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework64\v4.0.30319 doesn't have a matching runtime directory

Error: (04/26/2016 11:01:08 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241) - Update "KB3127233" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB3127233_20160426_230048990-Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241)-MSP0.txt enthalten.


Systemfehler:
=============
Error: (04/29/2016 12:58:05 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:05 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:05 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:05 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:05 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:05 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:04 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:04 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:04 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:04 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.


CodeIntegrity:
===================================
  Date: 2016-04-28 23:29:45.100
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-28 23:29:45.069
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-28 23:29:45.038
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-27 03:15:19.702
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-27 03:15:19.666
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-27 03:15:19.631
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-26 11:54:08.228
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-26 11:54:08.193
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-26 11:54:08.157
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-25 00:39:56.452
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz
Prozentuale Nutzung des RAM: 19%
Installierter physikalischer RAM: 12279.05 MB
Verfügbarer physikalischer RAM: 9835.79 MB
Summe virtueller Speicher: 24556.29 MB
Verfügbarer virtueller Speicher: 21721.6 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:111.73 GB) (Free:43 GB) NTFS
Drive d: (Programme) (Fixed) (Total:111.74 GB) (Free:71.78 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:465.76 GB) (Free:135.42 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: DF140A0D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3F95D275)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

xxlynusxx · 29.04.2016, 22:43

Code:

ATTFilter

23:35:08.0649 0x1664  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
23:35:10.0487 0x1664  ============================================================
23:35:10.0487 0x1664  Current date / time: 2016/04/29 23:35:10.0487
23:35:10.0487 0x1664  SystemInfo:
23:35:10.0487 0x1664  
23:35:10.0488 0x1664  OS Version: 6.1.7601 ServicePack: 1.0
23:35:10.0488 0x1664  Product type: Workstation
23:35:10.0488 0x1664  ComputerName: XXX-NETZWERK
23:35:10.0488 0x1664  UserName: xxx
23:35:10.0488 0x1664  Windows directory: C:\Windows
23:35:10.0488 0x1664  System windows directory: C:\Windows
23:35:10.0488 0x1664  Running under WOW64
23:35:10.0488 0x1664  Processor architecture: Intel x64
23:35:10.0488 0x1664  Number of processors: 8
23:35:10.0488 0x1664  Page size: 0x1000
23:35:10.0488 0x1664  Boot type: Normal boot
23:35:10.0488 0x1664  ============================================================
23:35:10.0793 0x1664  KLMD registered as C:\Windows\system32\drivers\62356045.sys
23:35:10.0921 0x1664  System UUID: {2257DDD8-6F28-79F1-716C-F164007C32D6}
23:35:11.0307 0x1664  Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 ( 223.57 Gb ), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:35:11.0308 0x1664  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:35:11.0313 0x1664  ============================================================
23:35:11.0313 0x1664  \Device\Harddisk0\DR0:
23:35:11.0313 0x1664  MBR partitions:
23:35:11.0313 0x1664  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:35:11.0313 0x1664  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF77800
23:35:11.0313 0x1664  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xDFAA000, BlocksNum 0xDF79000
23:35:11.0313 0x1664  \Device\Harddisk1\DR1:
23:35:11.0313 0x1664  MBR partitions:
23:35:11.0313 0x1664  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
23:35:11.0313 0x1664  ============================================================
23:35:11.0319 0x1664  C: <-> \Device\Harddisk0\DR0\Partition2
23:35:11.0321 0x1664  D: <-> \Device\Harddisk0\DR0\Partition3
23:35:11.0350 0x1664  E: <-> \Device\Harddisk1\DR1\Partition1
23:35:11.0350 0x1664  ============================================================
23:35:11.0350 0x1664  Initialize success
23:35:11.0350 0x1664  ============================================================
23:35:20.0869 0x03e8  ============================================================
23:35:20.0869 0x03e8  Scan started
23:35:20.0869 0x03e8  Mode: Manual; SigCheck; TDLFS; 
23:35:20.0869 0x03e8  ============================================================
23:35:20.0869 0x03e8  KSN ping started
23:35:23.0238 0x03e8  KSN ping finished: true
23:35:23.0434 0x03e8  ================ Scan system memory ========================
23:35:23.0434 0x03e8  System memory - ok
23:35:23.0435 0x03e8  ================ Scan services =============================
23:35:23.0500 0x03e8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:35:23.0548 0x03e8  1394ohci - ok
23:35:23.0565 0x03e8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:35:23.0581 0x03e8  ACPI - ok
23:35:23.0585 0x03e8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:35:23.0602 0x03e8  AcpiPmi - ok
23:35:23.0652 0x03e8  [ 28FFB14117CCEDD7D2F124596AA9B785, 8FC482C6444C904B5536979B3354597FD714634EC7372B464118C42AA9DCB58A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:35:23.0666 0x03e8  AdobeFlashPlayerUpdateSvc - ok
23:35:23.0686 0x03e8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:35:23.0705 0x03e8  adp94xx - ok
23:35:23.0719 0x03e8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:35:23.0735 0x03e8  adpahci - ok
23:35:23.0744 0x03e8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:35:23.0756 0x03e8  adpu320 - ok
23:35:23.0763 0x03e8  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:35:23.0775 0x03e8  AeLookupSvc - ok
23:35:23.0794 0x03e8  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
23:35:23.0813 0x03e8  AFD - ok
23:35:23.0818 0x03e8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:35:23.0828 0x03e8  agp440 - ok
23:35:23.0833 0x03e8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:35:23.0845 0x03e8  ALG - ok
23:35:23.0848 0x03e8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:35:23.0857 0x03e8  aliide - ok
23:35:23.0860 0x03e8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:35:23.0869 0x03e8  amdide - ok
23:35:23.0876 0x03e8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:35:23.0888 0x03e8  AmdK8 - ok
23:35:23.0893 0x03e8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:35:23.0904 0x03e8  AmdPPM - ok
23:35:23.0911 0x03e8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:35:23.0922 0x03e8  amdsata - ok
23:35:23.0929 0x03e8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:35:23.0941 0x03e8  amdsbs - ok
23:35:23.0945 0x03e8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:35:23.0955 0x03e8  amdxata - ok
23:35:23.0961 0x03e8  [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
23:35:23.0974 0x03e8  AppHostSvc - ok
23:35:23.0982 0x03e8  [ A9FB80B0BBA6F765F4E691B7AD4963A7, 06BC740AF47ACECEE3707C433357F872EA0D9F2CA1B9FC2489FA3B421A262EF0 ] AppID           C:\Windows\system32\drivers\appid.sys
23:35:23.0995 0x03e8  AppID - ok
23:35:23.0998 0x03e8  [ C47B6624AF9AEE4146743DCB133A159D, 10D1E6C9F972C3A8CC304F38B0A52818A78D70B4AF71F6E22CE1773397FC2AB4 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:35:24.0009 0x03e8  AppIDSvc - ok
23:35:24.0013 0x03e8  [ 046E837786271237A76C50F7CE1F5BC6, 10EFAEC9BCEF241B3046DFECA7659E137DF42C975E50B35D841024D44A58BB98 ] Appinfo         C:\Windows\System32\appinfo.dll
23:35:24.0025 0x03e8  Appinfo - ok
23:35:24.0035 0x03e8  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
23:35:24.0050 0x03e8  AppMgmt - ok
23:35:24.0055 0x03e8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:35:24.0065 0x03e8  arc - ok
23:35:24.0070 0x03e8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:35:24.0081 0x03e8  arcsas - ok
23:35:24.0113 0x03e8  [ 0466B91EE5767A769E9F8EDB8EF94DDB, 04A529E57D6F617688B072B3BD281538B6B02BB985EE0AE2E355E685E52BE0C8 ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
23:35:24.0141 0x03e8  asHmComSvc - ok
23:35:24.0146 0x03e8  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE, DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
23:35:24.0153 0x03e8  AsIO - ok
23:35:24.0171 0x03e8  [ 5E2980A77F944AC0667A5767AE0585D8, 92521D2F6CD5EC7333F8702DBBA37ED544720262938B72814BBC5628733508F0 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:35:24.0183 0x03e8  aspnet_state - ok
23:35:24.0197 0x03e8  [ 954FFBFF05B0B60EB63B52AF561436C4, 40228A2B688E827815B5A567584FCF99BF661696DB8CC8BB455393B3CEE35094 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
23:35:24.0205 0x03e8  AsSysCtrlService - ok
23:35:24.0248 0x03e8  [ 06B7FA7C0232507F4AC2FAC56AA2BF73, E53E2DD26E79665B67A4D4BA19F1586D2B2998E875C228894817D1E109D2FA57 ] AsusFanControlService C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe
23:35:24.0281 0x03e8  AsusFanControlService - ok
23:35:24.0286 0x03e8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:35:24.0311 0x03e8  AsyncMac - ok
23:35:24.0315 0x03e8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:35:24.0324 0x03e8  atapi - ok
23:35:24.0427 0x03e8  [ 3EFD964D52221360AF0673CD61C2F4F5, 76D636CAF2E4FEDAAC6B0D958865A901340CF836EE4FCE59F1D5291E3BEC9F1E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:35:24.0526 0x03e8  atikmdag - ok
23:35:24.0555 0x03e8  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:35:24.0579 0x03e8  AudioEndpointBuilder - ok
23:35:24.0602 0x03e8  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:35:24.0625 0x03e8  AudioSrv - ok
23:35:24.0641 0x03e8  [ 50C3C62FFE6337E6E4F2F01CB07DF63C, CC9C7D2827E872F22A2A79D42195530F61DF6EA6A1C8F520E25DB35537574FAB ] AVP16.0.0       C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
23:35:24.0653 0x03e8  AVP16.0.0 - ok
23:35:24.0664 0x03e8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:35:24.0680 0x03e8  AxInstSV - ok
23:35:24.0692 0x03e8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:35:24.0711 0x03e8  b06bdrv - ok
23:35:24.0720 0x03e8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:35:24.0734 0x03e8  b57nd60a - ok
23:35:24.0742 0x03e8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:35:24.0755 0x03e8  BDESVC - ok
23:35:24.0759 0x03e8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:35:24.0784 0x03e8  Beep - ok
23:35:24.0803 0x03e8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:35:24.0826 0x03e8  BFE - ok
23:35:24.0834 0x03e8  [ CC95AB4C49F77BA8C1BE703E7EE4ABC6, 42C406A6005FE9903B1780FFFFECBCD556987ECA508FCCB9223AC751205C343B ] BioNTDrv        D:\System Tools\Paragon Software\Backup and Recovery 2016 Kompakt\program\BioNTDrv.SYS
23:35:24.0843 0x03e8  BioNTDrv - ok
23:35:24.0864 0x03e8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
23:35:24.0912 0x03e8  BITS - ok
23:35:24.0916 0x03e8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:35:24.0927 0x03e8  blbdrive - ok
23:35:24.0933 0x03e8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:35:24.0945 0x03e8  bowser - ok
23:35:24.0949 0x03e8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:35:24.0961 0x03e8  BrFiltLo - ok
23:35:24.0964 0x03e8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:35:24.0976 0x03e8  BrFiltUp - ok
23:35:24.0987 0x03e8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
23:35:25.0000 0x03e8  Browser - ok
23:35:25.0009 0x03e8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:35:25.0026 0x03e8  Brserid - ok
23:35:25.0030 0x03e8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:35:25.0043 0x03e8  BrSerWdm - ok
23:35:25.0046 0x03e8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:35:25.0058 0x03e8  BrUsbMdm - ok
23:35:25.0062 0x03e8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:35:25.0072 0x03e8  BrUsbSer - ok
23:35:25.0078 0x03e8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:35:25.0092 0x03e8  BTHMODEM - ok
23:35:25.0099 0x03e8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:35:25.0126 0x03e8  bthserv - ok
23:35:25.0131 0x03e8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:35:25.0158 0x03e8  cdfs - ok
23:35:25.0176 0x03e8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:35:25.0188 0x03e8  cdrom - ok
23:35:25.0196 0x03e8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:35:25.0220 0x03e8  CertPropSvc - ok
23:35:25.0225 0x03e8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:35:25.0237 0x03e8  circlass - ok
23:35:25.0252 0x03e8  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
23:35:25.0267 0x03e8  CLFS - ok
23:35:25.0284 0x03e8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:35:25.0296 0x03e8  clr_optimization_v2.0.50727_32 - ok
23:35:25.0309 0x03e8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:35:25.0320 0x03e8  clr_optimization_v2.0.50727_64 - ok
23:35:25.0338 0x03e8  [ 1AB58E610D8D45713EF347DFFB8A7AB6, C32A7F1327BE8EE62A145ACAB834A5BBB485D780C43C8EC2E48B9C714458385C ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:35:25.0351 0x03e8  clr_optimization_v4.0.30319_32 - ok
23:35:25.0358 0x03e8  [ 3F06A10419A7A7553802E43AA2098DE4, 765E04F094A9A98985DC0AD32E7BC0A5D166706D8BC051EE987C941F1E5D4438 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:35:25.0370 0x03e8  clr_optimization_v4.0.30319_64 - ok
23:35:25.0375 0x03e8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:35:25.0386 0x03e8  CmBatt - ok
23:35:25.0389 0x03e8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:35:25.0399 0x03e8  cmdide - ok
23:35:25.0415 0x03e8  [ B2A6D2A30E93B6F215F74AC7E1733C9C, 960299F7BF2501B46296EDEA050BF30313C17A9B785574B56B79C070BD1B6E1A ] cm_km           C:\Windows\system32\DRIVERS\cm_km.sys
23:35:25.0431 0x03e8  cm_km - ok
23:35:25.0451 0x03e8  [ CA3FB5A6B626D8A00A89E049CF95954E, CD5E3E40972513195108BA46CEC1D0AEA6B09A67EEBDD17EB759BD1729B07C06 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:35:25.0473 0x03e8  CNG - ok
23:35:25.0477 0x03e8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:35:25.0486 0x03e8  Compbatt - ok
23:35:25.0490 0x03e8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:35:25.0504 0x03e8  CompositeBus - ok
23:35:25.0506 0x03e8  COMSysApp - ok
23:35:25.0511 0x03e8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:35:25.0520 0x03e8  crcdisk - ok
23:35:25.0528 0x03e8  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:35:25.0542 0x03e8  CryptSvc - ok
23:35:25.0555 0x03e8  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
23:35:25.0574 0x03e8  CSC - ok
23:35:25.0593 0x03e8  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
23:35:25.0616 0x03e8  CscService - ok
23:35:25.0631 0x03e8  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:35:25.0650 0x03e8  DcomLaunch - ok
23:35:25.0665 0x03e8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:35:25.0694 0x03e8  defragsvc - ok
23:35:25.0699 0x03e8  [ CF1F6326AC44C42F4615D4BD53188AC5, 28DC32F1957918C3D5DE72415CC32A51C6885CAA38119FE475D2631269D3B9B3 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:35:25.0712 0x03e8  DfsC - ok
23:35:25.0721 0x03e8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:35:25.0737 0x03e8  Dhcp - ok
23:35:25.0768 0x03e8  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
23:35:25.0802 0x03e8  DiagTrack - ok
23:35:25.0807 0x03e8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:35:25.0832 0x03e8  discache - ok
23:35:25.0836 0x03e8  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
23:35:25.0847 0x03e8  Disk - ok
23:35:25.0854 0x03e8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:35:25.0868 0x03e8  Dnscache - ok
23:35:25.0877 0x03e8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:35:25.0905 0x03e8  dot3svc - ok
23:35:25.0918 0x03e8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:35:25.0945 0x03e8  DPS - ok
23:35:25.0949 0x03e8  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:35:25.0958 0x03e8  drmkaud - ok
23:35:25.0981 0x03e8  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:35:26.0008 0x03e8  DXGKrnl - ok
23:35:26.0015 0x03e8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:35:26.0042 0x03e8  EapHost - ok
23:35:26.0113 0x03e8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:35:26.0181 0x03e8  ebdrv - ok
23:35:26.0188 0x03e8  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] EFS             C:\Windows\System32\lsass.exe
23:35:26.0199 0x03e8  EFS - ok
23:35:26.0212 0x03e8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:35:26.0230 0x03e8  elxstor - ok
23:35:26.0237 0x03e8  [ B6A7D3B49CA93FC0AECAC7C911E81F1E, 75245217F86F6BFC94C929EF7295D1C2D3A42B3A5161E8D85599812AD7CC723D ] epp             D:\System Tools\Sicherheit\EEK\bin64\epp.sys
23:35:26.0250 0x03e8  epp - ok
23:35:26.0253 0x03e8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:35:26.0263 0x03e8  ErrDev - ok
23:35:26.0269 0x03e8  [ A1CCC4CD26EDB4F4969760067A756570, 896BCA312103CB5CEE6B4F77975796D1F6A26F874CB9122F1E43F570B8B98C90 ] ETDSMBus        C:\Windows\system32\DRIVERS\ETDSMBus.sys
23:35:26.0279 0x03e8  ETDSMBus - ok
23:35:26.0296 0x03e8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:35:26.0327 0x03e8  EventSystem - ok
23:35:26.0334 0x03e8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:35:26.0361 0x03e8  exfat - ok
23:35:26.0368 0x03e8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:35:26.0396 0x03e8  fastfat - ok
23:35:26.0400 0x03e8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:35:26.0412 0x03e8  fdc - ok
23:35:26.0417 0x03e8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:35:26.0442 0x03e8  fdPHost - ok
23:35:26.0446 0x03e8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:35:26.0472 0x03e8  FDResPub - ok
23:35:26.0476 0x03e8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:35:26.0486 0x03e8  FileInfo - ok
23:35:26.0489 0x03e8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:35:26.0514 0x03e8  Filetrace - ok
23:35:26.0518 0x03e8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:35:26.0528 0x03e8  flpydisk - ok
23:35:26.0542 0x03e8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:35:26.0556 0x03e8  FltMgr - ok
23:35:26.0583 0x03e8  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
23:35:26.0614 0x03e8  FontCache - ok
23:35:26.0622 0x03e8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:35:26.0631 0x03e8  FontCache3.0.0.0 - ok
23:35:26.0634 0x03e8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:35:26.0645 0x03e8  FsDepends - ok
23:35:26.0648 0x03e8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:35:26.0658 0x03e8  Fs_Rec - ok
23:35:26.0665 0x03e8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:35:26.0680 0x03e8  fvevol - ok
23:35:26.0684 0x03e8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:35:26.0694 0x03e8  gagp30kx - ok
23:35:26.0713 0x03e8  [ FE91DC3D9A696CCDDB9F51C25ACBC53A, 4E1A7BB3AC57530A1DF8AB7E981087275E89E6AC629F881C98E40F13150ED532 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:35:26.0737 0x03e8  gpsvc - ok
23:35:26.0742 0x03e8  [ 279527CC9B260CDB1FD883D43902A2EA, 6504EE8CA013D4C7FFA83E1FA07CCE8B022DF437D094BED16B8EDB7B9F64D4D1 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
23:35:26.0750 0x03e8  hcmon - ok
23:35:26.0754 0x03e8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:35:26.0763 0x03e8  hcw85cir - ok
23:35:26.0777 0x03e8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:35:26.0794 0x03e8  HdAudAddService - ok
23:35:26.0802 0x03e8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:35:26.0816 0x03e8  HDAudBus - ok
23:35:26.0820 0x03e8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:35:26.0830 0x03e8  HidBatt - ok
23:35:26.0835 0x03e8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:35:26.0849 0x03e8  HidBth - ok
23:35:26.0853 0x03e8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:35:26.0865 0x03e8  HidIr - ok
23:35:26.0870 0x03e8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:35:26.0896 0x03e8  hidserv - ok
23:35:26.0900 0x03e8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:35:26.0911 0x03e8  HidUsb - ok
23:35:26.0918 0x03e8  [ 5B3A29CDC535A40B440B9A0BB44AB731, BEAF53AC93C77DA70A2CD0152AB008C572B6F6E6C5F4A4F4915B557BF03A5E78 ] HiSuiteOuc64.exe C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
23:35:26.0932 0x03e8  HiSuiteOuc64.exe - ok
23:35:26.0937 0x03e8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:35:26.0963 0x03e8  hkmsvc - ok
23:35:26.0974 0x03e8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:35:26.0989 0x03e8  HomeGroupListener - ok
23:35:26.0996 0x03e8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:35:27.0011 0x03e8  HomeGroupProvider - ok
23:35:27.0016 0x03e8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:35:27.0026 0x03e8  HpSAMD - ok
23:35:27.0054 0x03e8  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:35:27.0077 0x03e8  HTTP - ok
23:35:27.0085 0x03e8  [ 3E6BD2FC52B963B48E67D76F458066E5, 9ABA9F3E9F2231383985E54519AEC4F18B810A4BA9C2BD3D7777F21F1154B57D ] HuaweiHiSuiteService64.exe C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
23:35:27.0098 0x03e8  HuaweiHiSuiteService64.exe - ok
23:35:27.0140 0x03e8  [ E5805896A55D4166C20F216249F40FA3, F426BF60D5B916E7A778EF24C49FE1FFE1B2977C2ABD2977FD5C38C6E6CB139F ] HWiNFO32        C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
23:35:27.0149 0x03e8  HWiNFO32 - ok
23:35:27.0153 0x03e8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:35:27.0162 0x03e8  hwpolicy - ok
23:35:27.0170 0x03e8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:35:27.0183 0x03e8  i8042prt - ok
23:35:27.0207 0x03e8  [ 446B0F411F742CC253918AE88703EA85, 7A7E64F2E1A96777C069582079A1B479609529E2C39A08A9FA056B92AF360FFE ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
23:35:27.0227 0x03e8  iaStorA - ok
23:35:27.0233 0x03e8  [ A9BFBCE85FBB31564201FA957FF76E22, D2B70A178B955F6E65052797FD44BF621BE4994C922F0DC1C6BBDADF646439AF ] IAStorDataMgrSvc C:\Program Files (x86)\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:35:27.0242 0x03e8  IAStorDataMgrSvc - ok
23:35:27.0246 0x03e8  [ 80A542D70433BABC5E196432478CBB00, 27997CF47DD3B6C8D1357ECF89653831F3D408A317079591204CD71A4F826A5A ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
23:35:27.0253 0x03e8  iaStorF - ok
23:35:27.0271 0x03e8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:35:27.0286 0x03e8  iaStorV - ok
23:35:27.0308 0x03e8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:35:27.0331 0x03e8  idsvc - ok
23:35:27.0334 0x03e8  IEEtwCollectorService - ok
23:35:27.0339 0x03e8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:35:27.0348 0x03e8  iirsp - ok
23:35:27.0368 0x03e8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
23:35:27.0394 0x03e8  IKEEXT - ok
23:35:27.0401 0x03e8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:35:27.0411 0x03e8  intelide - ok
23:35:27.0415 0x03e8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:35:27.0428 0x03e8  intelppm - ok
23:35:27.0432 0x03e8  [ D9B56324C4A13F51A5B22238136C85D0, 52FCE05BF7427E95B3C9AFE0F2EB3A2A6F0BF910ECDC5F6B349DC5EACCDAAD39 ] iocbios2        C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys
23:35:27.0444 0x03e8  iocbios2 - ok
23:35:27.0448 0x03e8  [ 7C0766B89BACA46A5CEE48FD4F5DF2AD, 8843F02A3F2F395698D618C376283314A0D729B2C3C2AE8BFA13F0CB64F61097 ] IOMap           C:\Windows\system32\drivers\IOMap64.sys
23:35:27.0457 0x03e8  IOMap - ok
23:35:27.0462 0x03e8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:35:27.0490 0x03e8  IPBusEnum - ok
23:35:27.0497 0x03e8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:35:27.0523 0x03e8  IpFilterDriver - ok
23:35:27.0538 0x03e8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:35:27.0558 0x03e8  iphlpsvc - ok
23:35:27.0563 0x03e8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:35:27.0575 0x03e8  IPMIDRV - ok
23:35:27.0580 0x03e8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:35:27.0606 0x03e8  IPNAT - ok
23:35:27.0609 0x03e8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:35:27.0623 0x03e8  IRENUM - ok
23:35:27.0626 0x03e8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:35:27.0635 0x03e8  isapnp - ok
23:35:27.0640 0x03e4  Object required for P2P: [ CC95AB4C49F77BA8C1BE703E7EE4ABC6 ] BioNTDrv
23:35:27.0643 0x03e8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:35:27.0658 0x03e8  iScsiPrt - ok
23:35:27.0665 0x03e8  [ 73A968D4A85BB2552DDCF72CB15F06D2, 9614AA873F761206D725327499C63A6D83FF4FF1740D046C483A2676E35A2280 ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
23:35:27.0675 0x03e8  JRAID - ok
23:35:27.0679 0x03e8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:35:27.0689 0x03e8  kbdclass - ok
23:35:27.0693 0x03e8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:35:27.0704 0x03e8  kbdhid - ok
23:35:27.0709 0x03e8  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] KeyIso          C:\Windows\system32\lsass.exe
23:35:27.0720 0x03e8  KeyIso - ok
23:35:27.0732 0x03e8  [ BEE1682DA217A4AD46C36896769AA580, 4D853D78E459F7BFE4F4217FCAD47CDACFAC19C2F6CF8261FBAA46BDB387FFDC ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
23:35:27.0750 0x03e8  kl1 - ok
23:35:27.0754 0x03e8  [ 86F40D79CE80ACBE6BEBAC8CE89D75A0, 8B800425160D1AF3C32EF7B5CA794658EE09CD3EE782473D8D38E1C7706076B3 ] klbackupdisk    C:\Windows\system32\DRIVERS\klbackupdisk.sys
23:35:27.0765 0x03e8  klbackupdisk - ok
23:35:27.0769 0x03e8  [ C80861511ADA03A65DC12FAA207592F8, 2B50E009DB0D050099E558B7510104B930966EE8BB94CC0F62D1BFD765D5C7AD ] klbackupflt     C:\Windows\system32\DRIVERS\klbackupflt.sys
23:35:27.0780 0x03e8  klbackupflt - ok
23:35:27.0785 0x03e8  [ 80D7529E1CF09261FADF55E69EFDA90B, 2FE5EC38866E12D78AE3F4AD8CF647BDED616E8A36D9D737F9B6564DDA4685E7 ] kldisk          C:\Windows\system32\DRIVERS\kldisk.sys
23:35:27.0797 0x03e8  kldisk - ok
23:35:27.0806 0x03e8  [ DE7D2DEDE9C9D5219AA439172BA8D21C, B4573553DF8605A6C9417683B6AA12A596E8777175C39567B91BF03CE895D625 ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
23:35:27.0820 0x03e8  klflt - ok
23:35:27.0828 0x03e8  [ C62B714428FD30DD7B3115566C3F470B, 991CA0FCA02D744BAB29FF3F0029BC99EF85C7D8B8024EF5EF51589639191B05 ] klhk            C:\Windows\system32\DRIVERS\klhk.sys
23:35:27.0840 0x03e8  klhk - ok
23:35:27.0861 0x03e8  [ 16E6DEF683D0EFAC8EED0D0FF4FE00DD, 5DB855A5352C312EE5E1B86DB5038541A3321E225CF5818F536A930E0FEB77CE ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
23:35:27.0887 0x03e8  KLIF - ok
23:35:27.0892 0x03e8  [ 3553584440A11136C899B67ACC8CBE9D, B3D6D2E78B0FF0AF5A98E708D977978EA81E99D78F2E9CA2145B466AB4B11342 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
23:35:27.0903 0x03e8  KLIM6 - ok
23:35:27.0907 0x03e8  [ 22C4E9381C60DA78161FA042FDBA6873, B6CC05C1401E788BCCC8CF668216D9B78A8B51409D3CFBF419047933195062E0 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
23:35:27.0917 0x03e8  klkbdflt - ok
23:35:27.0921 0x03e8  [ D792857D47B8DF5BFEC02534C1933BE2, BDD483FA8E2DC50DB4E54D475867455F0D7E115494E2A31CD27A065C7EC26951 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
23:35:27.0932 0x03e8  klmouflt - ok
23:35:27.0936 0x03e8  [ F610F5F17BC87D61EF8954CCD793BAE4, A77FE26B4A474FE799C3D569BDD7858319C57FC14C1BB43ECFAB1FDB19AF5DC6 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
23:35:27.0948 0x03e8  klpd - ok
23:35:27.0955 0x03e8  [ B36DEE2A91F9388C4D3ED744592DE81D, 78D64539A375C80250FB9FA5E1DDA208B331A85916E19ED1353623DDF750EC58 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
23:35:27.0965 0x03e8  kltdi - ok
23:35:27.0970 0x03e8  [ 2AA3537309C2B9A7F120FB9E6A38250A, 6FD904542E0A21C4D6E46FB3EE11789938B90151D24531EB5319E62759D225DF ] Klwtp           C:\Windows\system32\DRIVERS\klwtp.sys
23:35:27.0982 0x03e8  Klwtp - ok
23:35:27.0988 0x03e8  [ 1686DE8288052316EFDD49EEA8929065, AD43D6ACCD8693BD76F218E1A4EE088BA061C1309A3E7DAA7EC94D875985D895 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
23:35:28.0002 0x03e8  kneps - ok
23:35:28.0007 0x03e8  [ B6C2FA7F5E5BC1A488A57C6344D29D64, 857245D664CF9ED8121E2087D73F85DA3FED721484DDC6B51AF6A344EC29A27F ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:35:28.0018 0x03e8  KSecDD - ok
23:35:28.0026 0x03e8  [ FB4397DDCC732DB6A7B33B747C7EB708, AD8B9500AAE12C1507B982B74B86731BE75AFAC7F64538332A380AC43EDEC271 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:35:28.0038 0x03e8  KSecPkg - ok
23:35:28.0042 0x03e8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:35:28.0066 0x03e8  ksthunk - ok
23:35:28.0076 0x03e8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:35:28.0107 0x03e8  KtmRm - ok
23:35:28.0115 0x03e8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:35:28.0143 0x03e8  LanmanServer - ok
23:35:28.0148 0x03e8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:35:28.0177 0x03e8  LanmanWorkstation - ok
23:35:28.0182 0x03e8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:35:28.0206 0x03e8  lltdio - ok
23:35:28.0215 0x03e8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:35:28.0244 0x03e8  lltdsvc - ok
23:35:28.0248 0x03e8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:35:28.0272 0x03e8  lmhosts - ok
23:35:28.0279 0x03e8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:35:28.0290 0x03e8  LSI_FC - ok
23:35:28.0295 0x03e8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:35:28.0306 0x03e8  LSI_SAS - ok
23:35:28.0310 0x03e8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:35:28.0320 0x03e8  LSI_SAS2 - ok
23:35:28.0326 0x03e8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:35:28.0337 0x03e8  LSI_SCSI - ok
23:35:28.0342 0x03e8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:35:28.0369 0x03e8  luafv - ok
23:35:28.0373 0x03e8  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
23:35:28.0381 0x03e8  MBAMProtector - ok
23:35:28.0389 0x03e8  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:35:28.0400 0x03e8  MBAMSwissArmy - ok
23:35:28.0404 0x03e8  [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
23:35:28.0413 0x03e8  MBAMWebAccessControl - ok
23:35:28.0416 0x03e8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:35:28.0426 0x03e8  megasas - ok
23:35:28.0435 0x03e8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:35:28.0449 0x03e8  MegaSR - ok
23:35:28.0454 0x03e8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:35:28.0479 0x03e8  MMCSS - ok
23:35:28.0483 0x03e8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:35:28.0508 0x03e8  Modem - ok
23:35:28.0512 0x03e8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:35:28.0525 0x03e8  monitor - ok
23:35:28.0529 0x03e8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:35:28.0539 0x03e8  mouclass - ok
23:35:28.0543 0x03e8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:35:28.0554 0x03e8  mouhid - ok
23:35:28.0559 0x03e8  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:35:28.0570 0x03e8  mountmgr - ok
23:35:28.0579 0x03e8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:35:28.0591 0x03e8  mpio - ok
23:35:28.0595 0x03e8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:35:28.0621 0x03e8  mpsdrv - ok
23:35:28.0641 0x03e8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:35:28.0679 0x03e8  MpsSvc - ok
23:35:28.0689 0x03e8  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:35:28.0702 0x03e8  MRxDAV - ok
23:35:28.0709 0x03e8  [ ACEC16415275E1AD6F7983EF472810E3, E5017E157954F6C21AA66233FF2C1A6B1FF3E4685F26648A8A21F2B9718DD97C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:35:28.0722 0x03e8  mrxsmb - ok
23:35:28.0731 0x03e8  [ 0F276F2F2018296FABC7BD2BCCAAB40B, 378A36F7282EE9FFEC8A1D5783ECD0A428E0215B1774AAA166C5AA09B3C636F7 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:35:28.0745 0x03e8  mrxsmb10 - ok
23:35:28.0751 0x03e8  [ 1D4B7972375052F5B7877A6FD9BE33A0, B3FD235F6FE975F1869436ED1215913F0E8EB1123BB252FD221C35AB1121C3F5 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:35:28.0764 0x03e8  mrxsmb20 - ok
23:35:28.0768 0x03e8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:35:28.0778 0x03e8  msahci - ok
23:35:28.0784 0x03e8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:35:28.0795 0x03e8  msdsm - ok
23:35:28.0801 0x03e8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:35:28.0815 0x03e8  MSDTC - ok
23:35:28.0821 0x03e8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:35:28.0846 0x03e8  Msfs - ok
23:35:28.0849 0x03e8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:35:28.0873 0x03e8  mshidkmdf - ok
23:35:28.0876 0x03e8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:35:28.0885 0x03e8  msisadrv - ok
23:35:28.0891 0x03e8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:35:28.0919 0x03e8  MSiSCSI - ok
23:35:28.0922 0x03e8  msiserver - ok
23:35:28.0925 0x03e8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:35:28.0950 0x03e8  MSKSSRV - ok
23:35:28.0953 0x03e8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:35:28.0977 0x03e8  MSPCLOCK - ok
23:35:28.0980 0x03e8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:35:29.0005 0x03e8  MSPQM - ok
23:35:29.0015 0x03e8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:35:29.0033 0x03e8  MsRPC - ok
23:35:29.0039 0x03e8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:35:29.0048 0x03e8  mssmbios - ok
23:35:29.0051 0x03e8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:35:29.0076 0x03e8  MSTEE - ok
23:35:29.0079 0x03e8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:35:29.0089 0x03e8  MTConfig - ok
23:35:29.0092 0x03e8  [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
23:35:29.0099 0x03e8  MTsensor - ok
23:35:29.0104 0x03e8  [ AA0C2BA3782E92BD85E2264BE418E67C, 8B0953926E83274DF16670F1EF6F4E302F7EE17418F486975C353A406850298C ] Mup             C:\Windows\system32\Drivers\mup.sys
23:35:29.0115 0x03e8  Mup - ok
23:35:29.0127 0x03e8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:35:29.0159 0x03e8  napagent - ok
23:35:29.0168 0x03e8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:35:29.0186 0x03e8  NativeWifiP - ok
23:35:29.0208 0x03e8  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:35:29.0233 0x03e8  NDIS - ok
23:35:29.0237 0x03e8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:35:29.0263 0x03e8  NdisCap - ok
23:35:29.0266 0x03e8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:35:29.0290 0x03e8  NdisTapi - ok
23:35:29.0294 0x03e8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:35:29.0318 0x03e8  Ndisuio - ok
23:35:29.0323 0x03e8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:35:29.0348 0x03e8  NdisWan - ok
23:35:29.0353 0x03e8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:35:29.0377 0x03e8  NDProxy - ok
23:35:29.0380 0x03e8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:35:29.0405 0x03e8  NetBIOS - ok
23:35:29.0412 0x03e8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:35:29.0439 0x03e8  NetBT - ok
23:35:29.0443 0x03e8  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] Netlogon        C:\Windows\system32\lsass.exe
23:35:29.0453 0x03e8  Netlogon - ok
23:35:29.0466 0x03e8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:35:29.0496 0x03e8  Netman - ok
23:35:29.0511 0x03e8  [ 3075CC053AB9A56DDF662DF38017B256, CE9C83F8FC2E352B863E7D1391AAAA53E2D3540753E4DAA97AA363565FF3A908 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:35:29.0523 0x03e8  NetMsmqActivator - ok
23:35:29.0528 0x03e8  [ 3075CC053AB9A56DDF662DF38017B256, CE9C83F8FC2E352B863E7D1391AAAA53E2D3540753E4DAA97AA363565FF3A908 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:35:29.0540 0x03e8  NetPipeActivator - ok
23:35:29.0558 0x03e8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:35:29.0591 0x03e8  netprofm - ok
23:35:29.0597 0x03e8  [ 3075CC053AB9A56DDF662DF38017B256, CE9C83F8FC2E352B863E7D1391AAAA53E2D3540753E4DAA97AA363565FF3A908 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:35:29.0608 0x03e8  NetTcpActivator - ok
23:35:29.0613 0x03e8  [ 3075CC053AB9A56DDF662DF38017B256, CE9C83F8FC2E352B863E7D1391AAAA53E2D3540753E4DAA97AA363565FF3A908 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:35:29.0624 0x03e8  NetTcpPortSharing - ok
23:35:29.0628 0x03e8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:35:29.0638 0x03e8  nfrd960 - ok
23:35:29.0650 0x03e8  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:35:29.0666 0x03e8  NlaSvc - ok
23:35:29.0670 0x03e8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:35:29.0696 0x03e8  Npfs - ok
23:35:29.0699 0x03e8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:35:29.0726 0x03e8  nsi - ok
23:35:29.0729 0x03e8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:35:29.0754 0x03e8  nsiproxy - ok
23:35:29.0792 0x03e8  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:35:29.0838 0x03e8  Ntfs - ok
23:35:29.0841 0x03e8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:35:29.0865 0x03e8  Null - ok
23:35:30.0124 0x03e8  [ 144E1FEE0A69BA8D9AC323E772708BC5, 5AF8505301C831036A092EAE67DD9998E756B78026346E860C663DC24B4042F4 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:35:30.0360 0x03e8  nvlddmkm - ok
23:35:30.0379 0x03e8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:35:30.0390 0x03e8  nvraid - ok
23:35:30.0398 0x03e8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:35:30.0410 0x03e8  nvstor - ok
23:35:30.0439 0x03e8  [ E2ABF40D5E04ACE17064EC1D3B1F7834, 191285D4E476DA5DDE39EC772253B99FD3C5F472B26C673D814F4BE0549C21BF ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:35:30.0464 0x03e8  nvsvc - ok
23:35:30.0470 0x03e8  nvvad_WaveExtensible - ok
23:35:30.0474 0x03e8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:35:30.0485 0x03e8  nv_agp - ok
23:35:30.0489 0x03e8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:35:30.0499 0x03e8  ohci1394 - ok
23:35:30.0660 0x03e8  [ 15DBED67D72057BDCD24097654DA5406, CE3C9D4D6177331341A039772688E7263E4A7CCEE85BB0AEF00779EBB23958B1 ] OO DiskImage    D:\System Tools\OO Software\DiskImage\oodiag.exe
23:35:30.0805 0x03e8  OO DiskImage - ok
23:35:30.0940 0x03e8  [ 5278DB61C90FAF30660BBF0EE32DC6D0, 1D0D4E5E064D74442A80DB50CCF8FE4ABA7B38ECB472A6279C5E4F229E0AFD2B ] OO SSD Migration Kit D:\System Tools\OO Software\SSD Migration Kit\oosmkag.exe
23:35:31.0062 0x03e8  OO SSD Migration Kit - ok
23:35:31.0077 0x03e8  [ E02B3E97F4ADADDB65A180EFC7017756, B9C6E8C4A3B2FFC05849F0484512057D6B159147F9FB90EC1E3CE25D90E3B0C0 ] oodivd          C:\Windows\system32\DRIVERS\oodivd.sys
23:35:31.0089 0x03e8  oodivd - ok
23:35:31.0094 0x03e8  [ FF25E17C5DCDB980437E393519BBC92D, 1C383C4710123C0C0AE17D2E4AEB2D37BBC88B97DE89EF26AE8FCDEC0039D2F2 ] oodivdh         C:\Windows\system32\DRIVERS\oodivdh.sys
23:35:31.0102 0x03e8  oodivdh - ok
23:35:31.0108 0x03e8  [ 3F397A541F9075C7143EC4C4AAE7073E, 6B026D116FD49E16B83FC4BA3E8F07C5865AAC02CD858F2417E211CAF597C04F ] OpenVPNService  D:\Internet\OpenVPN\bin\openvpnserv.exe
23:35:31.0118 0x03e8  OpenVPNService - ok
23:35:31.0128 0x03e8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:35:31.0144 0x03e8  p2pimsvc - ok
23:35:31.0156 0x03e8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:35:31.0175 0x03e8  p2psvc - ok
23:35:31.0180 0x03e8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:35:31.0192 0x03e8  Parport - ok
23:35:31.0196 0x03e8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:35:31.0206 0x03e8  partmgr - ok
23:35:31.0215 0x03e8  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:35:31.0228 0x03e8  PcaSvc - ok
23:35:31.0236 0x03e8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:35:31.0248 0x03e8  pci - ok
23:35:31.0251 0x03e8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:35:31.0260 0x03e8  pciide - ok
23:35:31.0266 0x03e8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:35:31.0279 0x03e8  pcmcia - ok
23:35:31.0283 0x03e8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:35:31.0292 0x03e8  pcw - ok
23:35:31.0315 0x03e8  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:35:31.0337 0x03e8  PEAUTH - ok
23:35:31.0368 0x03e8  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
23:35:31.0401 0x03e8  PeerDistSvc - ok
23:35:31.0438 0x03e8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:35:31.0449 0x03e8  PerfHost - ok
23:35:31.0483 0x03e8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:35:31.0533 0x03e8  pla - ok
23:35:31.0546 0x03e8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:35:31.0564 0x03e8  PlugPlay - ok
23:35:31.0568 0x03e8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:35:31.0572 0x03e4  Object send P2P result: true
23:35:31.0579 0x03e8  PNRPAutoReg - ok
23:35:31.0588 0x03e8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:35:31.0603 0x03e8  PNRPsvc - ok
23:35:31.0621 0x03e8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:35:31.0653 0x03e8  PolicyAgent - ok
23:35:31.0663 0x03e8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:35:31.0691 0x03e8  Power - ok
23:35:31.0697 0x03e8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:35:31.0723 0x03e8  PptpMiniport - ok
23:35:31.0726 0x03e8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:35:31.0737 0x03e8  Processor - ok
23:35:31.0744 0x03e8  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:35:31.0759 0x03e8  ProfSvc - ok
23:35:31.0763 0x03e8  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:35:31.0773 0x03e8  ProtectedStorage - ok
23:35:31.0779 0x03e8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:35:31.0804 0x03e8  Psched - ok
23:35:31.0840 0x03e8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:35:31.0876 0x03e8  ql2300 - ok
23:35:31.0881 0x03e8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:35:31.0893 0x03e8  ql40xx - ok
23:35:31.0900 0x03e8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:35:31.0919 0x03e8  QWAVE - ok
23:35:31.0922 0x03e8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:35:31.0936 0x03e8  QWAVEdrv - ok
23:35:31.0951 0x03e8  [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
23:35:31.0964 0x03e8  RapiMgr - ok
23:35:31.0967 0x03e8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:35:31.0992 0x03e8  RasAcd - ok
23:35:31.0998 0x03e8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:35:32.0023 0x03e8  RasAgileVpn - ok
23:35:32.0028 0x03e8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:35:32.0055 0x03e8  RasAuto - ok
23:35:32.0061 0x03e8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:35:32.0087 0x03e8  Rasl2tp - ok
23:35:32.0096 0x03e8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:35:32.0128 0x03e8  RasMan - ok
23:35:32.0133 0x03e8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:35:32.0159 0x03e8  RasPppoe - ok
23:35:32.0164 0x03e8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:35:32.0189 0x03e8  RasSstp - ok
23:35:32.0198 0x03e8  [ 71B6F78D6444CCE6F77BC42917A4E8F7, 34927A2C1CA349D251A327ED1F30018B065A8E6B886D9B5080A8AE2F6A8C0914 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:35:32.0214 0x03e8  rdbss - ok
23:35:32.0216 0x03e8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:35:32.0228 0x03e8  rdpbus - ok
23:35:32.0232 0x03e8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:35:32.0256 0x03e8  RDPCDD - ok
23:35:32.0263 0x03e8  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:35:32.0276 0x03e8  RDPDR - ok
23:35:32.0281 0x03e8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:35:32.0306 0x03e8  RDPENCDD - ok
23:35:32.0310 0x03e8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:35:32.0334 0x03e8  RDPREFMP - ok
23:35:32.0338 0x03e8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:35:32.0348 0x03e8  RdpVideoMiniport - ok
23:35:32.0355 0x03e8  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:35:32.0369 0x03e8  RDPWD - ok
23:35:32.0377 0x03e8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:35:32.0390 0x03e8  rdyboost - ok
23:35:32.0395 0x03e8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:35:32.0421 0x03e8  RemoteAccess - ok
23:35:32.0428 0x03e8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:35:32.0456 0x03e8  RemoteRegistry - ok
23:35:32.0460 0x03e8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:35:32.0487 0x03e8  RpcEptMapper - ok
23:35:32.0490 0x03e8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:35:32.0501 0x03e8  RpcLocator - ok
23:35:32.0514 0x03e8  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
23:35:32.0534 0x03e8  RpcSs - ok
23:35:32.0538 0x03e8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:35:32.0563 0x03e8  rspndr - ok
23:35:32.0595 0x03e8  [ E943AADF4D9F7CB5314B7E82E67CA95F, EBB9B655200998BD0BD4F7CC59E645C73F4D17C4D586F72C9954E2C8E3EE4938 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
23:35:32.0621 0x03e8  RTL8167 - ok
23:35:32.0625 0x03e8  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] SamSs           C:\Windows\system32\lsass.exe
23:35:32.0636 0x03e8  SamSs - ok
23:35:32.0647 0x03e8  [ D2FA15AED5CEB66259F24B656A76B663, 009D273CFA4B2D7BBBFB69C7F722DC5F7AB3AA2562A66695ECAE6D30D5B997CD ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
23:35:32.0658 0x03e8  SbieDrv - ok
23:35:32.0669 0x03e8  [ B93AC7F63D395F19B3C77680FD84833D, BBCC7BA27A305E4E07F82AF11FF8A0E258DDB67E36BE5E74389A27A7D2DD5A05 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
23:35:32.0679 0x03e8  SbieSvc - ok
23:35:32.0686 0x03e8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:35:32.0696 0x03e8  sbp2port - ok
23:35:32.0703 0x03e8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:35:32.0731 0x03e8  SCardSvr - ok
23:35:32.0735 0x03e8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:35:32.0759 0x03e8  scfilter - ok
23:35:32.0783 0x03e8  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
23:35:32.0814 0x03e8  Schedule - ok
23:35:32.0819 0x03e8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:35:32.0843 0x03e8  SCPolicySvc - ok
23:35:32.0849 0x03e8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:35:32.0863 0x03e8  SDRSVC - ok
23:35:32.0866 0x03e8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:35:32.0876 0x03e8  secdrv - ok
23:35:32.0880 0x03e8  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
23:35:32.0891 0x03e8  seclogon - ok
23:35:32.0895 0x03e8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:35:32.0922 0x03e8  SENS - ok
23:35:32.0926 0x03e8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:35:32.0937 0x03e8  SensrSvc - ok
23:35:32.0940 0x03e8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:35:32.0950 0x03e8  Serenum - ok
23:35:32.0955 0x03e8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:35:32.0967 0x03e8  Serial - ok
23:35:32.0971 0x03e8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:35:32.0981 0x03e8  sermouse - ok
23:35:32.0989 0x03e8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:35:33.0015 0x03e8  SessionEnv - ok
23:35:33.0018 0x03e8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:35:33.0030 0x03e8  sffdisk - ok
23:35:33.0033 0x03e8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:35:33.0044 0x03e8  sffp_mmc - ok
23:35:33.0047 0x03e8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:35:33.0058 0x03e8  sffp_sd - ok
23:35:33.0061 0x03e8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:35:33.0070 0x03e8  sfloppy - ok
23:35:33.0080 0x03e8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:35:33.0110 0x03e8  SharedAccess - ok
23:35:33.0120 0x03e8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:35:33.0151 0x03e8  ShellHWDetection - ok
23:35:33.0154 0x03e8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:35:33.0164 0x03e8  SiSRaid2 - ok
23:35:33.0167 0x03e8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:35:33.0177 0x03e8  SiSRaid4 - ok
23:35:33.0184 0x03e8  [ 27F3E28A821352C249214F1E28D4AB6A, B8AC542683B371125750AA4F07C572E8B32885AF31F414938C700BBA3470EB7E ] SIVDriver       C:\Windows\system32\Drivers\SIVX64.sys
23:35:33.0197 0x03e8  SIVDriver - ok
23:35:33.0202 0x03e8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:35:33.0227 0x03e8  Smb - ok
23:35:33.0232 0x03e8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:35:33.0244 0x03e8  SNMPTRAP - ok
23:35:33.0247 0x03e8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:35:33.0257 0x03e8  spldr - ok
23:35:33.0278 0x03e8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
23:35:33.0298 0x03e8  Spooler - ok
23:35:33.0381 0x03e8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:35:33.0467 0x03e8  sppsvc - ok
23:35:33.0475 0x03e8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:35:33.0500 0x03e8  sppuinotify - ok
23:35:33.0512 0x03e8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:35:33.0531 0x03e8  srv - ok
23:35:33.0543 0x03e8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:35:33.0561 0x03e8  srv2 - ok
23:35:33.0567 0x03e8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:35:33.0581 0x03e8  srvnet - ok
23:35:33.0590 0x03e8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:35:33.0620 0x03e8  SSDPSRV - ok
23:35:33.0827 0x03e8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:35:33.0854 0x03e8  SstpSvc - ok
23:35:33.0878 0x03e8  [ 0A3544D7E9AF7D8C991C904339157EDC, 1E1DE4D808AE1174B0CB37E93EBADFC98FEBCD70D612CFE393DDA513581CD123 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
23:35:33.0900 0x03e8  Steam Client Service - ok
23:35:33.0919 0x03e8  [ 167E7CE4DBBA691E563AC36ECDB00318, 894C37C1DD794FC6F90408697D354E2AE89F2A7873AD66AF45F36D0C9142AE9C ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:35:33.0935 0x03e8  Stereo Service - ok
23:35:33.0939 0x03e8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:35:33.0948 0x03e8  stexstor - ok
23:35:33.0964 0x03e8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:35:33.0989 0x03e8  stisvc - ok
23:35:33.0994 0x03e8  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
23:35:34.0006 0x03e8  StorSvc - ok
23:35:34.0009 0x03e8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:35:34.0019 0x03e8  swenum - ok
23:35:34.0038 0x03e8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:35:34.0074 0x03e8  swprv - ok
23:35:34.0114 0x03e8  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
23:35:34.0157 0x03e8  SysMain - ok
23:35:34.0163 0x03e8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:35:34.0179 0x03e8  TabletInputService - ok
23:35:34.0185 0x03e8  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
23:35:34.0195 0x03e8  tap0901 - ok
23:35:34.0205 0x03e8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:35:34.0235 0x03e8  TapiSrv - ok
23:35:34.0279 0x03e8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:35:34.0323 0x03e8  Tcpip - ok
23:35:34.0366 0x03e8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:35:34.0407 0x03e8  TCPIP6 - ok
23:35:34.0414 0x03e8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:35:34.0425 0x03e8  tcpipreg - ok
23:35:34.0430 0x03e8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:35:34.0440 0x03e8  TDPIPE - ok
23:35:34.0444 0x03e8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:35:34.0453 0x03e8  TDTCP - ok
23:35:34.0459 0x03e8  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:35:34.0472 0x03e8  tdx - ok
23:35:34.0616 0x03e8  [ E9D702580349582413503A28F8329B32, 405CEA2DB2B9EE9EF87E454375BEA6A3F6FB30B95BBD9F397129C73D4CCCC282 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
23:35:34.0744 0x03e8  TeamViewer - ok
23:35:34.0753 0x03e8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:35:34.0763 0x03e8  TermDD - ok
23:35:34.0781 0x03e8  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
23:35:34.0804 0x03e8  TermService - ok
23:35:34.0809 0x03e8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:35:34.0824 0x03e8  Themes - ok
23:35:34.0829 0x03e8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:35:34.0856 0x03e8  THREADORDER - ok
23:35:34.0864 0x03e8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:35:34.0891 0x03e8  TrkWks - ok
23:35:34.0901 0x03e8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:35:34.0927 0x03e8  TrustedInstaller - ok
23:35:34.0932 0x03e8  [ 19BEDA57F3E0A06B8D5EB6D619BD5624, 952D5FAFD662C93628C12A6F7EB8E240A44216C0A15CBD2F5016BC357CBFE821 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:35:34.0943 0x03e8  tssecsrv - ok
23:35:34.0947 0x03e8  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:35:34.0958 0x03e8  TsUsbFlt - ok
23:35:34.0965 0x03e8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:35:34.0991 0x03e8  tunnel - ok
23:35:34.0996 0x03e8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:35:35.0006 0x03e8  uagp35 - ok
23:35:35.0019 0x03e8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:35:35.0049 0x03e8  udfs - ok
23:35:35.0056 0x03e8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:35:35.0068 0x03e8  UI0Detect - ok
23:35:35.0073 0x03e8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:35:35.0083 0x03e8  uliagpkx - ok
23:35:35.0087 0x03e8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:35:35.0099 0x03e8  umbus - ok
23:35:35.0104 0x03e8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:35:35.0115 0x03e8  UmPass - ok
23:35:35.0122 0x03e8  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
23:35:35.0138 0x03e8  UmRdpService - ok
23:35:35.0142 0x03e8  [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 D:\System Tools\Unlocker\x64\UnlockerDriver5.sys
23:35:35.0149 0x03e8  UnlockerDriver5 - ok
23:35:35.0163 0x03e8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:35:35.0195 0x03e8  upnphost - ok
23:35:35.0200 0x03e8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:35:35.0212 0x03e8  usbccgp - ok
23:35:35.0217 0x03e8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:35:35.0229 0x03e8  usbcir - ok
23:35:35.0233 0x03e8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:35:35.0245 0x03e8  usbehci - ok
23:35:35.0255 0x03e8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:35:35.0271 0x03e8  usbhub - ok
23:35:35.0275 0x03e8  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:35:35.0286 0x03e8  usbohci - ok
23:35:35.0289 0x03e8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:35:35.0301 0x03e8  usbprint - ok
23:35:35.0307 0x03e8  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:35:35.0319 0x03e8  USBSTOR - ok
23:35:35.0322 0x03e8  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:35:35.0332 0x03e8  usbuhci - ok
23:35:35.0336 0x03e8  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
23:35:35.0346 0x03e8  usb_rndisx - ok
23:35:35.0350 0x03e8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:35:35.0377 0x03e8  UxSms - ok
23:35:35.0418 0x03e8  [ 34812F7FAAFE329D15F55C4EB6DB44DA, 3D442FE9E2842404C586C207A85A91AE23E37108B7CBDEFB37B5EDF64A71190A ] VASDeviceDrm    C:\Windows\system32\drivers\vasdDev.sys
23:35:35.0453 0x03e8  VASDeviceDrm - ok
23:35:35.0457 0x03e8  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] VaultSvc        C:\Windows\system32\lsass.exe
23:35:35.0469 0x03e8  VaultSvc - ok
23:35:35.0473 0x03e8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:35:35.0483 0x03e8  vdrvroot - ok
23:35:35.0503 0x03e8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:35:35.0536 0x03e8  vds - ok
23:35:35.0541 0x03e8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:35:35.0552 0x03e8  vga - ok
23:35:35.0555 0x03e8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:35:35.0578 0x03e8  VgaSave - ok
23:35:35.0588 0x03e8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:35:35.0600 0x03e8  vhdmp - ok
23:35:35.0660 0x03e8  [ 0AE6B10B700689681A9892E67EE7B00B, 234E51156C645DD4B187BBB4B59D8A194863A4A6B4DF89AB4C0851BFEA24DBCB ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
23:35:35.0705 0x03e8  VIAHdAudAddService - ok
23:35:35.0710 0x03e8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:35:35.0719 0x03e8  viaide - ok
23:35:35.0723 0x03e8  [ 265ABC06AD6BD64AFBFB61B3E57839A1, 08B7C8692FA7E21D3E3141F95DA9C66245924947EBE6FC84EF899B5307E72FDC ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
23:35:35.0731 0x03e8  VIAKaraokeService - ok
23:35:35.0738 0x03e8  [ 5F9CBD6D40E32CAEB55DB4A0799EBA72, 2F67D76F8DFC63C4886CDF1F83E012F1FFAE57914DC18338993B2292E1FED008 ] VMAuthdService  D:\Programme\VMware\VMware Player\vmware-authd.exe
23:35:35.0748 0x03e8  VMAuthdService - ok
23:35:35.0760 0x03e8  [ 23B3E571717D59C8B0A6963B79061B57, B41BF84972DE78FDD9FA1D69D0514FEABB238321A29608A5304D97EB6CC02B3F ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
23:35:35.0769 0x03e8  vmci - ok
23:35:35.0773 0x03e8  [ A3412EC3FF7A5AC2CA3A3951476BFA9C, 8A3D241168205B6B5348F44DF89875067CDD5B29BE8CF14ADA8403225AE2A379 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
23:35:35.0780 0x03e8  VMnetAdapter - ok
23:35:35.0785 0x03e8  [ F76AD463DBE8D30CB715A09DF9FF2BE9, 5B2184582496ED0EE8582C6AD3BCF49674690C585439B6F57B43ADC12DF941F6 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
23:35:35.0793 0x03e8  VMnetBridge - ok
23:35:35.0803 0x03e8  [ C84A6FA836262BD7CBE611F08B554E8B, 01DBC1DF1B03EA41FE2B61E29C79A3460A491E00A3E3329E80CE722071DC1740 ] VMnetDHCP       C:\Windows\SysWOW64\vmnetdhcp.exe
23:35:35.0817 0x03e8  VMnetDHCP - ok
23:35:35.0822 0x03e8  [ 75ABEBF8F9FD94D6E17AB8CCAF1EEABD, 3793482B17772A1E3962D07AE35C86A0331D93B2E7F965355321F3EB9CD3E3B9 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
23:35:35.0829 0x03e8  VMnetuserif - ok
23:35:35.0859 0x03e8  [ B30B940E999CC59A701B564A7E359D09, 390BAD5C691EEAC17FC74659169ED1A3937CA2EB8B15842070C25D536CC4AC59 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
23:35:35.0883 0x03e8  VMUSBArbService - ok
23:35:35.0895 0x03e8  [ DF89A1667D769377CA5441A6F62F9031, F25A85B2E16AF3EDAFE2BF3534F664563E0CDB3B8B9FB90447781FD0BD8BAB41 ] VMware NAT Service C:\Windows\SysWOW64\vmnat.exe
23:35:35.0910 0x03e8  VMware NAT Service - ok
23:35:35.0915 0x03e8  [ E46D38C01BA7E4C914CC9191B15B6DB2, 4A194F06848835318E1A8C80D308AE3B923084BFFD23098022E8B5D508F34F62 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
23:35:35.0923 0x03e8  vmx86 - ok
23:35:35.0928 0x03e8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:35:35.0938 0x03e8  volmgr - ok
23:35:35.0953 0x03e8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:35:35.0967 0x03e8  volmgrx - ok
23:35:35.0979 0x03e8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:35:35.0993 0x03e8  volsnap - ok
23:35:35.0999 0x03e8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:35:36.0010 0x03e8  vsmraid - ok
23:35:36.0018 0x03e8  [ 7639A7B4A8E5204BB37B479C2D1C8934, 2A35B3A7B20EE3F5888A089D1E46A7FD7B2D86AB36D3401A224F7CD39ABE7F27 ] vsock           C:\Windows\system32\drivers\vsock.sys
23:35:36.0026 0x03e8  vsock - ok
23:35:36.0061 0x03e8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:35:36.0114 0x03e8  VSS - ok
23:35:36.0133 0x03e8  [ 79F4D90FAA0ACC1866F2F3E03E39CA89, EE08BCBF29A7E4AFFF520B8DF067281425F433EC275F8C86CE8F20F000E92E3D ] vssbrigde64     C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe
23:35:36.0143 0x03e8  vssbrigde64 - ok
23:35:36.0146 0x03e8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:35:36.0158 0x03e8  vwifibus - ok
23:35:36.0174 0x03e8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:35:36.0205 0x03e8  W32Time - ok
23:35:36.0209 0x03e8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:35:36.0220 0x03e8  WacomPen - ok
23:35:36.0226 0x03e8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:35:36.0250 0x03e8  WANARP - ok
23:35:36.0255 0x03e8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:35:36.0281 0x03e8  Wanarpv6 - ok
23:35:36.0294 0x03e8  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
23:35:36.0313 0x03e8  WAS - ok
23:35:36.0342 0x03e8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:35:36.0372 0x03e8  WatAdminSvc - ok
23:35:36.0415 0x03e8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:35:36.0452 0x03e8  wbengine - ok
23:35:36.0460 0x03e8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:35:36.0479 0x03e8  WbioSrvc - ok
23:35:36.0494 0x03e8  [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
23:35:36.0510 0x03e8  WcesComm - ok
23:35:36.0525 0x03e8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:35:36.0547 0x03e8  wcncsvc - ok
23:35:36.0551 0x03e8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:35:36.0562 0x03e8  WcsPlugInService - ok
23:35:36.0566 0x03e8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:35:36.0575 0x03e8  Wd - ok
23:35:36.0594 0x03e8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:35:36.0617 0x03e8  Wdf01000 - ok
23:35:36.0623 0x03e8  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:35:36.0636 0x03e8  WdiServiceHost - ok
23:35:36.0640 0x03e8  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:35:36.0652 0x03e8  WdiSystemHost - ok
23:35:36.0660 0x03e8  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
23:35:36.0675 0x03e8  WebClient - ok
23:35:36.0683 0x03e8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:35:36.0712 0x03e8  Wecsvc - ok
23:35:36.0717 0x03e8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:35:36.0743 0x03e8  wercplsupport - ok
23:35:36.0747 0x03e8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:35:36.0774 0x03e8  WerSvc - ok
23:35:36.0778 0x03e8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:35:36.0802 0x03e8  WfpLwf - ok
23:35:36.0806 0x03e8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\DRIVERS\wimmount.sys
23:35:36.0815 0x03e8  WIMMount - ok
23:35:36.0818 0x03e8  WinDefend - ok
23:35:36.0823 0x03e8  WinHttpAutoProxySvc - ok
23:35:36.0835 0x03e8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:35:36.0864 0x03e8  Winmgmt - ok
23:35:36.0908 0x03e8  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
23:35:36.0955 0x03e8  WinRM - ok
23:35:36.0963 0x03e8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
23:35:36.0975 0x03e8  WinUSB - ok
23:35:36.0979 0x03e8  [ 96CC61325A387239C1AD3656F9313DEE, 8016B87E57AE3D507D62EE09122A53AD1D3AD9265D0FDF98DCA836295A09D0B5 ] WiseHDInfo      C:\Windows\WiseHDInfo64.dll
23:35:36.0986 0x03e8  WiseHDInfo - ok
23:35:37.0007 0x03e8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:35:37.0037 0x03e8  Wlansvc - ok
23:35:37.0041 0x03e8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:35:37.0051 0x03e8  WmiAcpi - ok
23:35:37.0059 0x03e8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:35:37.0074 0x03e8  wmiApSrv - ok
23:35:37.0077 0x03e8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:35:37.0088 0x03e8  WPCSvc - ok
23:35:37.0092 0x03e8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:35:37.0106 0x03e8  WPDBusEnum - ok
23:35:37.0109 0x03e8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:35:37.0134 0x03e8  ws2ifsl - ok
23:35:37.0140 0x03e8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:35:37.0156 0x03e8  wscsvc - ok
23:35:37.0158 0x03e8  WSearch - ok
23:35:37.0215 0x03e8  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:35:37.0273 0x03e8  wuauserv - ok
23:35:37.0280 0x03e8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:35:37.0292 0x03e8  WudfPf - ok
23:35:37.0299 0x03e8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:35:37.0313 0x03e8  WUDFRd - ok
23:35:37.0318 0x03e8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:35:37.0329 0x03e8  wudfsvc - ok
23:35:37.0337 0x03e8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:35:37.0351 0x03e8  WwanSvc - ok
23:35:37.0357 0x03e8  [ C1D83317310C9470DF3CD7BB22AA874E, 33BABFB957363DA1D333745033F655DD8EAA1DABEBCA09FC728FF1A87622BE52 ] XTU3SERVICE     C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
23:35:37.0366 0x03e8  XTU3SERVICE - ok
23:35:37.0373 0x03e8  ================ Scan global ===============================
23:35:37.0377 0x03e8  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
23:35:37.0388 0x03e8  [ 841BF993597DCD498247684B5D3AE845, B80FDDE2F36F7DC9BCE253FFE0148C918DC3DD4357F37761B364DE7B887239EA ] C:\Windows\system32\winsrv.dll
23:35:37.0404 0x03e8  [ 841BF993597DCD498247684B5D3AE845, B80FDDE2F36F7DC9BCE253FFE0148C918DC3DD4357F37761B364DE7B887239EA ] C:\Windows\system32\winsrv.dll
23:35:37.0411 0x03e8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:35:37.0422 0x03e8  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
23:35:37.0427 0x03e8  [ Global ] - ok
23:35:37.0428 0x03e8  ================ Scan MBR ==================================
23:35:37.0429 0x03e8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:35:37.0499 0x03e8  \Device\Harddisk0\DR0 - ok
23:35:37.0501 0x03e8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:35:37.0597 0x03e8  \Device\Harddisk1\DR1 - ok
23:35:37.0598 0x03e8  ================ Scan VBR ==================================
23:35:37.0599 0x03e8  [ 0DEC252A96A27EC1A6C32C288FF2F9E6 ] \Device\Harddisk0\DR0\Partition1
23:35:37.0600 0x03e8  \Device\Harddisk0\DR0\Partition1 - ok
23:35:37.0602 0x03e8  [ A293CCFE8CF18E086F310B73F8E88CC3 ] \Device\Harddisk0\DR0\Partition2
23:35:37.0605 0x03e8  \Device\Harddisk0\DR0\Partition2 - ok
23:35:37.0607 0x03e8  [ D0F12C5AEC6173EBBD79121A9E9D015F ] \Device\Harddisk0\DR0\Partition3
23:35:37.0608 0x03e8  \Device\Harddisk0\DR0\Partition3 - ok
23:35:37.0609 0x03e8  [ BA77A799369382124A10E0D68AA4E0A1 ] \Device\Harddisk1\DR1\Partition1
23:35:37.0611 0x03e8  \Device\Harddisk1\DR1\Partition1 - ok
23:35:37.0612 0x03e8  ================ Scan generic autorun ======================
23:35:37.0616 0x03e8  [ 9484BE0A79906D33CEA50437A4CA7E8F, D1C4C4867819A5B469BC6AE9AE2995979D89C1B4AB9B4DB892F1B9CF3818F9FA ] C:\Program Files (x86)\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
23:35:37.0621 0x03e8  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
23:35:38.0211 0x0ca0  Object required for P2P: [ 15DBED67D72057BDCD24097654DA5406 ] OO DiskImage
23:35:40.0025 0x03e8  Detect skipped due to KSN trusted
23:35:40.0025 0x03e8  IAStorIcon - ok
23:35:40.0050 0x03e8  [ 233A10D4B3F6897899112E4EC60F1906, 1F7E768E57064938114DF2EFC5B219EB0D30A7D9E574924E9CED054462505AF0 ] C:\Windows\WindowsMobile\wmdcBase.exe
23:35:40.0077 0x03e8  Windows Mobile-based device management - ok
23:35:40.0192 0x03e8  [ E1E457F60C294A55455856ABCE91B476, C8192FC1304F082D796B58F6C963A2EC57A12340F76933765C7DF7A622CB7BFF ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
23:35:40.0307 0x03e8  HDAudDeck - ok
23:35:40.0336 0x03e8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:35:40.0384 0x03e8  Sidebar - ok
23:35:40.0388 0x03e8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:35:40.0403 0x03e8  mctadmin - ok
23:35:40.0427 0x03e8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:35:40.0457 0x03e8  Sidebar - ok
23:35:40.0462 0x03e8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:35:40.0477 0x03e8  mctadmin - ok
23:35:40.0508 0x03e8  [ 24C5745ADEC2415E5AB6C908F83ECDA7, 09CC9B611A0512F69F660285685CCEC57166FC879EF1D022D83E6579CC90F5B1 ] D:\Programme\Perfect Hotkey\PerfectHotkey.exe
23:35:40.0545 0x03e8  Perfect Hotkey - ok
23:35:40.0557 0x03e8  [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
23:35:40.0577 0x03e8  RESTART_STICKY_NOTES - ok
23:35:40.0686 0x0ca0  Object send P2P result: true
23:35:40.0748 0x03e8  [ F80857C8FD62529CAA2DFFEA34E7BE0F, BB4DEF8833252A8DACD7FE51A531DA0929E9946E5CE58237271D032AA74788EE ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe
23:35:40.0897 0x03e8  kpm.exe - ok
23:35:40.0906 0x03e8  kpm.exe - ok
23:35:40.0936 0x03e8  [ 24C5745ADEC2415E5AB6C908F83ECDA7, 09CC9B611A0512F69F660285685CCEC57166FC879EF1D022D83E6579CC90F5B1 ] D:\Programme\Perfect Hotkey\PerfectHotkey.exe
23:35:40.0967 0x03e8  Perfect Hotkey - ok
23:35:41.0065 0x03e8  [ 6CB376C5D3BD98C04625DE3B50DDF0F0, B31F40A851CA63A413097570A030298856C75935547200DC7C2ACFB3EF458E0B ] d:\internet\proxifier\proxifier.exe
23:35:41.0174 0x03e8  Proxifier - ok
23:35:41.0177 0x03e8  Virtual Audio Streaming(Sound Card Switch) - ok
23:35:41.0201 0x03e8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:35:41.0231 0x03e8  Sidebar - ok
23:35:41.0236 0x03e8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:35:41.0250 0x03e8  mctadmin - ok
23:35:41.0259 0x03e8  Waiting for KSN requests completion. In queue: 68
23:35:41.0965 0x0ed0  Object required for P2P: [ 5F9CBD6D40E32CAEB55DB4A0799EBA72 ] VMAuthdService
23:35:42.0259 0x03e8  Waiting for KSN requests completion. In queue: 68
23:35:43.0259 0x03e8  Waiting for KSN requests completion. In queue: 68
23:35:43.0638 0x080c  Object required for P2P: [ F80857C8FD62529CAA2DFFEA34E7BE0F ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe
23:35:44.0259 0x03e8  Waiting for KSN requests completion. In queue: 57
23:35:44.0419 0x0ed0  Object send P2P result: true
23:35:44.0419 0x0ed0  Object required for P2P: [ C84A6FA836262BD7CBE611F08B554E8B ] VMnetDHCP
23:35:45.0259 0x03e8  Waiting for KSN requests completion. In queue: 53
23:35:46.0269 0x03e8  Waiting for KSN requests completion. In queue: 53
23:35:46.0909 0x0ed0  Object send P2P result: true
23:35:46.0909 0x0ed0  Object required for P2P: [ B30B940E999CC59A701B564A7E359D09 ] VMUSBArbService
23:35:47.0283 0x03e8  Waiting for KSN requests completion. In queue: 51
23:35:47.0627 0x080c  Object send P2P result: true
23:35:47.0627 0x080c  Object required for P2P: [ 6CB376C5D3BD98C04625DE3B50DDF0F0 ] d:\internet\proxifier\proxifier.exe
23:35:48.0297 0x03e8  Waiting for KSN requests completion. In queue: 50
23:35:49.0311 0x03e8  Waiting for KSN requests completion. In queue: 50
23:35:49.0389 0x0ed0  Object send P2P result: true
23:35:49.0405 0x0ed0  Object required for P2P: [ DF89A1667D769377CA5441A6F62F9031 ] VMware NAT Service
23:35:50.0325 0x03e8  Waiting for KSN requests completion. In queue: 49
23:35:51.0339 0x03e8  Waiting for KSN requests completion. In queue: 49
23:35:51.0636 0x080c  Object send P2P result: true
23:35:51.0901 0x0ed0  Object send P2P result: true
23:35:51.0901 0x0ed0  Object required for P2P: [ C1D83317310C9470DF3CD7BB22AA874E ] XTU3SERVICE
23:35:52.0353 0x03e8  Waiting for KSN requests completion. In queue: 1
23:35:53.0367 0x03e8  Waiting for KSN requests completion. In queue: 1
23:35:54.0368 0x03e8  Waiting for KSN requests completion. In queue: 1
23:35:54.0374 0x0ed0  Object send P2P result: true
23:35:55.0387 0x03e8  AV detected via SS2: Kaspersky Total Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\wmiav.exe ( 16.0.0.614 ), 0x41000 ( enabled : updated )
23:35:55.0389 0x03e8  FW detected via SS2: Kaspersky Total Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\wmiav.exe ( 16.0.0.614 ), 0x41010 ( enabled )
23:35:57.0786 0x03e8  ============================================================
23:35:57.0786 0x03e8  Scan finished
23:35:57.0786 0x03e8  ============================================================
23:35:57.0790 0x00b4  Detected object count: 0
23:35:57.0790 0x00b4  Actual detected object count: 0

Ich wollte nur anmerken das mein Benutzer wirklich xxx ist. Nicht das du denkst ich habe dort etwas verstecken wollen oder ähnliches.

M-K-D-B · 30.04.2016, 19:39

Servus,

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

xxlynusxx · 30.04.2016, 22:50

Code:

ATTFilter

# AdwCleaner v5.114 - Bericht erstellt am 30/04/2016 um 22:31:30
# Aktualisiert am 27/04/2016 von Xplode
# Datenbank : 2016-04-27.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : xxx - XXX-NETZWERK
# Gestartet von : C:\Users\xxx\Desktop\AdwCleaner_5.114.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\WiseFtp7.Wise_FTP_Automation

***** [ Internetbrowser ] *****

[-] [C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\prefs.js] gelöscht : user_pref("extensions.tnt.engine.url", "hxxp://search.findwide.com/serp?guid={FEC33A5B-CF0C-4E46-8275-D25C9B129213}&action=default_search&serpv=22&k={searchTerms}");
[-] [C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\prefs.js] gelöscht : user_pref("extensions.tnt.newtaburl", "hxxp://services.freshy.com/general/newhometab.php?hometab=tab&partner=10869&guid={FEC33A5B-CF0C-4E46-8275-D25C9B129213}&i=");
[-] [C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\prefs.js] gelöscht : user_pref("keyword.URL", "hxxp://search.findwide.com/serp?guid={FEC33A5B-CF0C-4E46-8275-D25C9B129213}&action=default_search&serpv=22&k=");
[-] [C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\prefs.js] gelöscht : user_pref("plugin.state.npconduitfirefoxplugin", 0);

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1917 Bytes] - [30/04/2016 22:31:30]
C:\AdwCleaner\AdwCleaner[S1].txt - [1820 Bytes] - [30/04/2016 22:29:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2063 Bytes] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 30.04.2016 22:31, SYSTEM, XXX-NETZWERK, Protection, Malware Protection, Starting, 
Protection, 30.04.2016 22:31, SYSTEM, XXX-NETZWERK, Protection, Malware Protection, Started, 
Protection, 30.04.2016 22:31, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Starting, 
Protection, 30.04.2016 22:31, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Started, 
Update, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Manual, Domain Database, 2016.2.16.8, 2016.4.30.4, 
Update, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Manual, Remediation Database, 2016.2.12.1, 2016.4.29.1, 
Update, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Manual, Malware Database, 2016.2.16.6, 2016.4.30.6, 
Update, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Manual, IP Database, 2016.2.8.1, 2016.4.29.2, 
Protection, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Protection, Refresh, Starting, 
Protection, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Stopping, 
Protection, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Stopped, 
Protection, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Protection, Refresh, Success, 
Protection, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Starting, 
Protection, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Started, 
Protection, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Stopping, 
Protection, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Stopped, 
Protection, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Protection, Malware Protection, Stopping, 
Protection, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Protection, Malware Protection, Stopped, 
Scan, 30.04.2016 22:32, SYSTEM, XXX-NETZWERK, Context, Start: 30.04.2016 22:32, Dauer: 0 Min. 29 Sek., Bedrohungssuchlauf, Abgebrochen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen, 
Protection, 30.04.2016 22:35, SYSTEM, XXX-NETZWERK, Protection, Malware Protection, Starting, 
Protection, 30.04.2016 22:35, SYSTEM, XXX-NETZWERK, Protection, Malware Protection, Started, 
Protection, 30.04.2016 22:35, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Starting, 
Protection, 30.04.2016 22:35, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Started, 
Update, 30.04.2016 22:36, SYSTEM, XXX-NETZWERK, Manual, Rootkit Database, 2016.2.8.1, 2016.4.17.1, 
Protection, 30.04.2016 22:36, SYSTEM, XXX-NETZWERK, Protection, Refresh, Starting, 
Protection, 30.04.2016 22:36, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Stopping, 
Protection, 30.04.2016 22:36, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Stopped, 
Protection, 30.04.2016 22:36, SYSTEM, XXX-NETZWERK, Protection, Refresh, Success, 
Protection, 30.04.2016 22:36, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Starting, 
Protection, 30.04.2016 22:36, SYSTEM, XXX-NETZWERK, Protection, Malicious Website Protection, Started, 
Scan, 30.04.2016 22:47, SYSTEM, XXX-NETZWERK, Manual, Start: 30.04.2016 22:36, Dauer: 10 Min. 31 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 1 Nicht-Malware-Erkennung, 

(end)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x64 
Ran by xxx (Administrator) on 30.04.2016 at 22:53:59,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6 

Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7G2AOQ9A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8IHKNLQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QDO1AFT9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7G2AOQ9A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8IHKNLQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QDO1AFT9 (Temporary Internet Files Folder) 



Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{13DE1696-51C9-40EB-9408-D05E7BD610BC} (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.04.2016 at 22:55:01,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-04-2016
durchgeführt von xxx (Administrator) auf XXX-NETZWERK (30-04-2016 23:49:07)
Gestartet von C:\Users\xxx\Desktop
Geladene Profile: xxx (Verfügbare Profile: xxx & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(O&O Software GmbH) D:\System Tools\OO Software\DiskImage\oodiag.exe
(O&O Software GmbH) D:\System Tools\OO Software\SSD Migration Kit\oosmkag.exe
(Microsoft Corporation) C:\Windows\System32\vdsldr.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(YL Computing, Inc) D:\Programme\Perfect Hotkey\PerfectHotkey.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe
() D:\Programme\Rainmeter\Rainmeter.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Intel Corporation) C:\Program Files (x86)\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Mozilla Corporation) D:\Internet\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Internet\Mozilla Firefox\plugin-container.exe
() C:\Program Files (x86)\NppLauncher\NppLauncher.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-24] (Intel Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\Run: [Perfect Hotkey] => D:\Programme\Perfect Hotkey\PerfectHotkey.exe [1405720 2014-12-02] (YL Computing, Inc)
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe [8087880 2015-12-11] (AO Kaspersky Lab)
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\MountPoints2: {03669e46-0dfb-11e6-a804-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\MountPoints2: {1dee293a-e2d9-11e5-a71a-005056c00008} - H:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\MountPoints2: {70b8f029-f408-11e5-acf0-005056c00008} - G:\HiSuiteDownLoader.exe
IFEO\notepad.exe: [Debugger] C:\Program Files (x86)\NppLauncher\NppLauncher.exe
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-11-13] ()
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox.exe.lnk [2016-01-09]
ShortcutTarget: firefox.exe.lnk -> D:\Internet\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-09-02]
ShortcutTarget: Rainmeter.lnk -> D:\Programme\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe.lnk [2016-01-09]
ShortcutTarget: thunderbird.exe.lnk -> D:\Internet\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 07 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog5-x64 07 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6109D9DC-33EE-4256-A19D-679A4FC9CE87}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A0F505A1-150E-47C2-B46B-070A99DD7628}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1283539077-2619551967-1579459365-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-18] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default
FF NewTab: 
FF DefaultSearchEngine: FindWide
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-12] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-1283539077-2619551967-1579459365-1001: kaspersky.com/KPMPlugin -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\npKPMPlugin.dll [2015-12-11] (Kaspersky Lab)
FF Plugin HKU\S-1-5-21-1283539077-2619551967-1579459365-1001: kpm_win_add_on@kaspersky -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm_win_add_on@kaspersky [2016-02-28] ()
FF Extension: Speed Dial - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2015-09-14]
FF Extension: Greasemonkey - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-04-29]
FF Extension: IPFlood - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\Extensions\ipfuck@p4ul.info.xpi [2016-04-27]
FF Extension: Disable WebRTC - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2016-04-02]
FF Extension: NoScript - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-06]
FF Extension: FT DeepDark - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-12-05]
FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3gx31obe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-03-01]
FF HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\Firefox\Extensions: [kpm_win_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm_win_add_on@kaspersky
FF Extension: Kaspersky Password Manager - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm_win_add_on@kaspersky [2016-02-28]
StartMenuInternet: FIREFOX.EXE - D:\Internet\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

Opera: 
=======
StartMenuInternet: (HKLM) Operadeveloper - D:\Internet\Opera\Launcher.exe

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2015-10-16] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.02\AsusFanControlService.exe [1470592 2012-03-21] (ASUSTeK Computer Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-18] (Kaspersky Lab ZAO)
S4 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138544 2015-03-31] ()
S4 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2015-03-31] ()
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2014-04-24] (Intel Corporation)
S4 MBAMScheduler; D:\System Tools\Sicherheit\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; D:\System Tools\Sicherheit\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 OO DiskImage; D:\System Tools\OO Software\DiskImage\oodiag.exe [7766264 2015-08-28] (O&O Software GmbH)
R2 OO SSD Migration Kit; D:\System Tools\OO Software\SSD Migration Kit\oosmkag.exe [6258472 2013-11-18] (O&O Software GmbH)
S3 OpenVPNService; D:\Internet\OpenVPN\bin\openvpnserv.exe [38200 2016-01-04] (The OpenVPN Project)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
S4 VMAuthdService; D:\Programme\VMware\VMware Player\vmware-authd.exe [89792 2015-11-25] (VMware, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S3 BioNTDrv; D:\System Tools\Paragon Software\Backup and Recovery 2016 Kompakt\program\BioNTDrv.SYS [19120 2016-03-30] (Paragon Software Group)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; D:\System Tools\Sicherheit\EEK\bin64\epp.sys [124080 2016-02-25] (Emsisoft Ltd)
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [31464 2015-08-06] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-02] (REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2015-03-09] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-10-22] (ASUSTeK Computer Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-03-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-12-18] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-12-18] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934808 2016-03-01] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-18] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-30] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255640 2014-12-10] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44696 2014-12-10] (O&O Software GmbH)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [169616 2016-03-14] (Ray Hinchliffe)
U5 UnlockerDriver5; D:\System Tools\Unlocker\x64\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-09-28] (wisecleaner.com)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-30 23:47 - 2016-04-30 23:47 - 00000000 ____D C:\Users\xxx\Desktop\FRST-OlderVersion
2016-04-30 22:55 - 2016-04-30 22:55 - 00001672 _____ C:\Users\xxx\Desktop\JRT.txt
2016-04-30 22:34 - 2016-04-30 22:34 - 00002142 _____ C:\Users\xxx\Desktop\AdwCleaner[C1].txt
2016-04-30 22:30 - 2016-04-30 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-04-30 22:27 - 2016-04-30 22:31 - 00000000 ____D C:\AdwCleaner
2016-04-30 22:27 - 2016-04-30 22:27 - 01610816 _____ (Malwarebytes) C:\Users\xxx\Desktop\JRT.exe
2016-04-30 22:26 - 2016-04-30 22:28 - 22851472 _____ (Malwarebytes ) C:\Users\xxx\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-30 22:26 - 2016-04-30 22:26 - 03581504 _____ C:\Users\xxx\Desktop\AdwCleaner_5.114.exe
2016-04-29 23:35 - 2016-04-29 23:50 - 00219546 _____ C:\TDSSKiller.3.1.0.9_29.04.2016_23.35.08_log.txt
2016-04-29 23:33 - 2016-04-30 23:49 - 00017513 _____ C:\Users\xxx\Desktop\FRST.txt
2016-04-29 23:33 - 2016-04-30 23:49 - 00000000 ____D C:\FRST
2016-04-29 23:30 - 2016-04-29 23:30 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\xxx\Desktop\tdsskiller.exe
2016-04-29 23:29 - 2016-04-30 23:47 - 02377216 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2016-04-27 01:12 - 2016-03-09 21:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-04-27 01:12 - 2016-03-09 21:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-04-27 01:12 - 2016-03-09 20:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-04-27 01:12 - 2016-03-09 20:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-04-27 01:11 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-04-27 01:11 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-04-26 22:52 - 2016-04-26 22:52 - 00000000 ____D C:\Users\Public\Documents\Meine Löschberichte
2016-04-26 22:29 - 2016-04-26 23:08 - 00000000 ____D C:\Users\xxx\AppData\Local\ApplicationHistory
2016-04-26 22:29 - 2016-04-26 22:29 - 00000091 _____ C:\Users\xxx\AppData\Local\fusioncache.dat
2016-04-26 22:13 - 2016-04-26 23:08 - 00000000 ____D C:\Program Files (x86)\NT Registry Optimizer
2016-04-26 21:47 - 2016-04-26 21:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2016-04-26 21:47 - 2016-04-26 21:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-04-26 21:47 - 2016-04-26 21:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2016-04-26 21:47 - 2015-07-31 13:06 - 00011205 _____ C:\Users\Administrator\Desktop\readme.txt
2016-04-26 21:47 - 2015-07-31 11:07 - 00005885 _____ C:\Users\Administrator\Desktop\history.txt
2016-04-26 21:42 - 2016-04-26 21:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2016-04-26 21:09 - 2016-04-26 21:09 - 00062392 _____ C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-22 11:54 - 2016-04-22 11:54 - 00001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-04-21 22:59 - 2016-04-21 22:59 - 00894440 _____ (Opera Software) C:\Users\xxx\Downloads\OperaSetupDeveloper.exe
2016-04-21 19:34 - 2016-04-30 23:46 - 00370476 _____ C:\Windows\ntbtlog.txt
2016-04-20 23:50 - 2016-04-20 23:57 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-20 09:38 - 2016-04-20 09:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2016-04-20 09:38 - 2016-04-20 09:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2016-04-20 09:37 - 2016-04-20 09:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Opera Software
2016-04-20 09:37 - 2016-04-20 09:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Opera Software
2016-04-20 09:36 - 2016-04-20 09:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2016-04-20 09:35 - 2016-04-26 21:41 - 00000046 _____ C:\Users\Administrator\AppData\Roaming\1119HOTK.dat
2016-04-20 09:35 - 2016-04-20 09:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Proxifier
2016-04-19 23:36 - 2016-04-19 23:36 - 00000000 ____D C:\Users\xxx\Pavark
2016-04-19 23:19 - 2016-04-22 12:13 - 00280616 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-19 20:39 - 2016-04-19 20:40 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Total Network Monitor 2
2016-04-19 20:39 - 2016-04-19 20:39 - 00000000 ____D C:\ProgramData\Total Network Monitor 2
2016-04-19 20:39 - 2016-04-19 20:39 - 00000000 ____D C:\ProgramData\TEMP
2016-04-13 17:54 - 2016-04-04 20:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 17:54 - 2016-04-04 20:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 17:54 - 2016-04-02 15:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 17:54 - 2016-03-31 21:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 17:54 - 2016-03-31 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 17:54 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 17:54 - 2016-03-31 02:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 17:54 - 2016-03-31 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 17:54 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 17:54 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 17:54 - 2016-03-31 02:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 17:54 - 2016-03-31 02:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 17:54 - 2016-03-31 02:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 17:54 - 2016-03-31 02:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 17:54 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 17:54 - 2016-03-31 02:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 17:54 - 2016-03-31 02:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 17:54 - 2016-03-31 02:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 17:54 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 17:54 - 2016-03-31 02:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 17:54 - 2016-03-31 02:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 17:54 - 2016-03-31 02:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 17:54 - 2016-03-31 02:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 17:54 - 2016-03-31 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 17:54 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 17:54 - 2016-03-31 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 17:54 - 2016-03-31 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 17:54 - 2016-03-31 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 17:54 - 2016-03-31 01:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 17:54 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 17:54 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 17:54 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 17:54 - 2016-03-31 01:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 17:54 - 2016-03-31 01:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 17:54 - 2016-03-31 01:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 17:54 - 2016-03-31 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 17:54 - 2016-03-31 01:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 17:54 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 17:54 - 2016-03-31 01:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 17:54 - 2016-03-31 01:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 17:54 - 2016-03-31 01:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 17:54 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 17:54 - 2016-03-31 01:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 17:54 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 17:54 - 2016-03-31 01:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 17:54 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 17:54 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 17:54 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 17:54 - 2016-03-31 01:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 17:54 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 17:54 - 2016-03-31 01:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 17:54 - 2016-03-31 01:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 17:54 - 2016-03-31 01:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 17:54 - 2016-03-31 01:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 17:54 - 2016-03-31 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 17:54 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 17:54 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 17:54 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 17:54 - 2016-03-31 01:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 17:54 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 17:54 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 17:54 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 17:54 - 2016-03-31 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 17:54 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 17:54 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 17:54 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 17:54 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 17:54 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 17:54 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-13 17:54 - 2016-03-29 19:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 17:54 - 2016-03-18 01:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 17:54 - 2016-03-18 01:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 17:54 - 2016-03-18 01:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 17:54 - 2016-03-18 01:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 17:54 - 2016-03-18 01:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 17:54 - 2016-03-18 01:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 17:54 - 2016-03-18 00:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 17:54 - 2016-03-18 00:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 17:54 - 2016-03-18 00:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 17:54 - 2016-03-18 00:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 17:54 - 2016-03-18 00:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 17:54 - 2016-03-18 00:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 17:54 - 2016-03-18 00:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 17:54 - 2016-03-18 00:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 17:54 - 2016-03-18 00:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 17:54 - 2016-03-18 00:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 17:54 - 2016-03-18 00:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 17:54 - 2016-03-18 00:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 17:54 - 2016-03-18 00:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 17:54 - 2016-03-18 00:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 17:54 - 2016-03-18 00:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 17:54 - 2016-03-18 00:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 17:54 - 2016-03-18 00:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 17:54 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 17:54 - 2016-03-18 00:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 17:54 - 2016-03-18 00:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 17:54 - 2016-03-18 00:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 17:54 - 2016-03-18 00:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 17:54 - 2016-03-18 00:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 17:54 - 2016-03-18 00:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 17:54 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 17:54 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 17:54 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 17:54 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 17:54 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 17:54 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 17:54 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 17:54 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 17:54 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 17:54 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 17:54 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 17:54 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 17:54 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 17:54 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 17:54 - 2016-03-17 23:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 17:54 - 2016-03-17 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 17:54 - 2016-03-17 23:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 17:54 - 2016-03-17 23:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 17:54 - 2016-03-17 23:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 17:54 - 2016-03-17 23:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 17:54 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 17:54 - 2016-03-17 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 17:54 - 2016-03-17 23:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 17:54 - 2016-03-17 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 17:54 - 2016-03-17 23:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 17:54 - 2016-03-17 23:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 17:54 - 2016-03-17 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 17:54 - 2016-03-17 23:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 17:54 - 2016-03-17 23:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 17:54 - 2016-03-17 23:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 17:54 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 17:54 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 17:54 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 17:54 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 17:54 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 17:54 - 2016-03-16 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 17:54 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-13 17:54 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-13 17:54 - 2016-03-16 02:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 17:54 - 2016-03-16 02:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 17:54 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 17:54 - 2016-03-11 20:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 17:54 - 2016-03-11 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 17:54 - 2016-03-06 20:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 17:54 - 2016-03-06 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 17:54 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 17:54 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-12 10:48 - 2016-04-19 23:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-12 10:48 - 2016-04-19 23:10 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-12 02:41 - 2016-04-19 20:44 - 00000000 ____D C:\Users\xxx\Downloads\PROGRAMME
2016-04-12 02:41 - 2016-04-12 02:41 - 00000000 ____D C:\Users\xxx\Downloads\BILDER
2016-04-05 00:55 - 2016-04-05 00:55 - 00000000 ____D C:\Foxit Software
2016-04-03 02:26 - 2016-04-03 02:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxy Finder
2016-04-03 00:42 - 2016-04-28 23:31 - 00003854 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1459636964
2016-04-03 00:42 - 2016-04-21 23:05 - 00000838 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera developer.lnk
2016-04-03 00:42 - 2016-04-21 23:02 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Opera Software
2016-04-03 00:42 - 2016-04-21 23:02 - 00000000 ____D C:\Users\xxx\AppData\Local\Opera Software
2016-04-02 04:45 - 2016-03-23 16:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-02 04:45 - 2016-03-17 20:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-02 04:45 - 2016-03-17 20:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-02 04:45 - 2016-03-17 20:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-02 04:45 - 2016-03-17 20:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-02 01:58 - 2016-04-03 01:20 - 00000000 ____D C:\Users\xxx\Documents\ProxySearcher
2016-04-01 03:50 - 2016-04-01 03:55 - 00000000 ____D C:\ProgramData\advlauncher
2016-04-01 03:49 - 2016-04-01 03:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 2016 Kompakt

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2099-01-09 00:01 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2099-01-09 00:01 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU(1705).TXT
2016-04-30 23:42 - 2009-07-14 06:45 - 00033616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-30 23:42 - 2009-07-14 06:45 - 00033616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-30 23:38 - 2009-07-14 19:58 - 00752614 _____ C:\Windows\system32\perfh007.dat
2016-04-30 23:38 - 2009-07-14 19:58 - 00170474 _____ C:\Windows\system32\perfc007.dat
2016-04-30 23:38 - 2009-07-14 07:13 - 01060672 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-30 23:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-30 23:34 - 2015-09-02 15:13 - 00000259 _____ C:\Users\xxx\AppData\Roaming\1119HOTK.dat
2016-04-30 23:34 - 2015-08-29 04:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-30 23:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-30 23:18 - 2015-09-02 02:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-29 12:57 - 2015-09-23 22:13 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-27 01:19 - 2015-08-29 03:13 - 00000000 ____D C:\Users\xxx\AppData\Roaming\TeamViewer
2016-04-26 23:09 - 2015-08-29 22:14 - 00000000 ____D C:\Users\Administrator
2016-04-26 23:09 - 2015-08-29 02:40 - 00000000 ____D C:\Users\xxx
2016-04-26 23:08 - 2016-03-10 02:52 - 00000000 ____D C:\Users\MSSQL$ADK
2016-04-26 23:08 - 2016-02-26 20:51 - 00000000 ____D C:\Users\Public\Foxit Software
2016-04-26 23:08 - 2015-10-27 21:38 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Notepad++
2016-04-26 23:08 - 2015-08-29 03:13 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Rainmeter
2016-04-26 23:08 - 2015-08-29 03:12 - 00000000 ____D C:\Users\xxx\AppData\Local\Mozilla
2016-04-26 23:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Msdtc
2016-04-26 23:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-04-26 22:16 - 2015-08-29 02:40 - 03145728 ___SH C:\Users\xxx\ntuser.bak
2016-04-26 22:16 - 2009-07-14 04:34 - 85721088 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-04-26 22:16 - 2009-07-14 04:34 - 22020096 _____ C:\Windows\system32\config\SYSTEM.bak
2016-04-26 22:16 - 2009-07-14 04:34 - 01835008 _____ C:\Windows\system32\config\DEFAULT.bak
2016-04-26 22:16 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-04-26 22:16 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-04-26 21:42 - 2015-08-29 22:17 - 00062392 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-26 14:41 - 2015-09-19 19:33 - 00000000 ____D C:\Users\xxx\AppData\Local\CrashDumps
2016-04-23 01:44 - 2015-09-19 20:30 - 00000000 ____D C:\Users\xxx\AppData\Local\Battle.net
2016-04-22 12:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-21 21:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-04-21 00:49 - 2016-03-02 21:53 - 00002282 ____H C:\Users\xxx\Documents\Default.rdp
2016-04-20 09:47 - 2016-02-28 03:28 - 00000000 ____D C:\Program Files (x86)\Hex-Editor MX
2016-04-19 23:19 - 2015-09-03 04:59 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-04-19 20:39 - 2015-12-08 21:53 - 00000000 ____D C:\ProgramData\Licenses
2016-04-19 20:33 - 2015-09-04 15:08 - 00000000 ____D C:\ProgramData\VMware
2016-04-13 23:20 - 2015-08-29 12:28 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 23:05 - 2015-08-29 03:59 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 23:02 - 2015-08-29 03:59 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-13 18:04 - 2015-11-15 12:31 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-13 18:04 - 2015-11-15 12:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-10 21:43 - 2015-08-29 03:13 - 00000000 ____D C:\Users\xxx\AppData\Roaming\vlc
2016-04-04 01:29 - 2015-10-15 10:52 - 00000827 _____ C:\Users\xxx\Desktop\wichtig.txt
2016-04-03 00:32 - 2016-03-25 01:45 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-02 01:57 - 2016-03-27 13:02 - 00000000 ____D C:\Users\xxx\AppData\Local\Downloaded Installations

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-09-02 15:13 - 2016-04-30 23:34 - 0000259 _____ () C:\Users\xxx\AppData\Roaming\1119HOTK.dat
2016-04-26 22:29 - 2016-04-26 22:29 - 0000091 _____ () C:\Users\xxx\AppData\Local\fusioncache.dat
2015-08-29 03:13 - 2016-03-14 15:13 - 0000600 _____ () C:\Users\xxx\AppData\Local\PUTTY.RND
2015-08-29 03:13 - 2016-03-03 03:48 - 0007644 _____ () C:\Users\xxx\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-30 13:22

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-04-2016
durchgeführt von xxx (2016-04-30 23:49:23)
Gestartet von C:\Users\xxx\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-29 00:40:16)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1283539077-2619551967-1579459365-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-1283539077-2619551967-1579459365-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1283539077-2619551967-1579459365-1017 - Limited - Enabled)
xxx (S-1-5-21-1283539077-2619551967-1579459365-1001 - Administrator - Enabled) => C:\Users\xxx

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 5.5.3 - Atomi Systems, Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.06.16 - )
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.5.0 - Sereby Corporation)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bierzerkers (HKLM-x32\...\Steam App 348460) (Version:  - Shield Break Studios)
Break Into Zatwor (HKLM-x32\...\Steam App 395980) (Version:  - Zonitron Productions)
Broadsword : Age of Chivalry (HKLM\...\Steam App 312710) (Version:  - Hoplite Research LLC)
Curse Client (HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Deadbreed® (HKLM\...\Steam App 277950) (Version:  - Deadbreed AB)
EVGA PrecisionX 16 (HKLM-x32\...\Steam App 268850) (Version:  - EVGA)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
Gorky 17 (HKLM-x32\...\Steam App 253920) (Version:  - )
Herr des Wetters - Die verborgene Welt (HKLM-x32\...\{C5DD4A8C-5F57-45E4-A559-199413803FEF}) (Version: 1.00.0000 - PurpleHills)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 41.003.50.00.06 - Huawei Technologies Co.,Ltd)
Hotfix für Microsoft Visual Basic 2010 Express - DEU (KB2635973) (HKLM-x32\...\{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}.KB2635973) (Version: 1 - Microsoft Corporation)
Intel Extreme Tuning Utility (HKLM-x32\...\{e3931098-f44a-4c70-bf9c-f48d24bdd066}) (Version: 6.0.2.8 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.0.2.8 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.4.1000 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{F46A1003-7E9A-418C-8149-C6AF1EAF6B89}) (Version: 8.0.4.394 - Kaspersky Lab)
Kaspersky Password Manager (x32 Version: 8.0.4.394 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 4.2.3.296 - KC Softwares)
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241) (HKLM\...\{46556DC7-EFC0-361E-832E-E0A9B0D2EFAB}) (Version: 4.6.01067 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{D958C1AC-7891-42B6-AFBE-FA9070FACE13}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C668416A-9213-4058-B7F2-01A42D85559D}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 de)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Mozilla Thunderbird 45.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.0 (x86 de)) (Version: 45.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NppLauncher (HKLM-x32\...\NppLauncher) (Version: 0.9.9 - )
NVIDIA 3D Vision Treiber 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
O&O DiskImage Professional (HKLM\...\{10C83530-840D-4AA3-994A-A9B9559B56C5}) (Version: 9.10.102 - O&O Software GmbH)
O&O SafeErase Professional (HKLM\...\{12DA3057-6836-4C8B-A44D-A447474E302B}) (Version: 6.0.538 - O&O Software GmbH)
O&O SSD Migration Kit (HKLM\...\{E8640F01-FE2F-44D3-9F5B-5C3D2C3E8291}) (Version: 7.1.36 - O&O Software GmbH)
OCCT 4.4.1 (HKLM-x32\...\OCCT) (Version: 4.4.1 - Ocbase.com)
OpenVPN 2.3.10-I001  (HKLM\...\OpenVPN) (Version: 2.3.10-I001 - )
Opera developer 38.0.2213.0 (HKLM-x32\...\Opera 38.0.2213.0) (Version: 38.0.2213.0 - Opera Software)
Overcast - Walden and the Werewolf (HKLM-x32\...\Steam App 293180) (Version:  - Microblast Games)
Paragon Backup and Recovery™ 2016 Kompakt (HKLM\...\{21FC91F0-ED08-11E5-B5CC-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Perfect Hotkey Version 1.32 (HKLM-x32\...\{4D9D70B0-31B9-4D04-A7E8-F6BA16FE51EC}_is1) (Version: 1.32 - YL Computing)
Planetary Annihilation (HKLM\...\Steam App 233250) (Version:  - Uber Entertainment)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Pressure (HKLM\...\Steam App 224220) (Version:  - Chasing Carrots)
Proxifier version 3.29 (HKLM-x32\...\Proxifier_is1) (Version: 3.29 - Initex)
Proxy Searcher (HKLM-x32\...\{7EA74723-FE48-410D-A24E-949870747174}) (Version: 5.10.0000 - Proxy Searcher)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RenderManNC-Installer (HKLM\...\{DAB7A2E1-D380-11E4-BBF3-001CC4171F87}) (Version: 1.0.0 - Pixar)
RenderManStudio-20.2-maya2014 (HKLM\...\{63FD4B00-4B71-11E5-9FE9-2C27D7EF5B5C}) (Version: 20.2.0 - Pixar)
RenderManStudio-20.2-maya2015 (HKLM\...\{1181004F-4B72-11E5-81D8-2C27D7EF5B5C}) (Version: 20.2.0 - Pixar)
RenderManStudio-20.2-maya2016 (HKLM\...\{0F938830-4B72-11E5-BD16-2C27D7EF5B5C}) (Version: 20.2.0 - Pixar)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
SanDisk SSD Dashboard (HKLM-x32\...\SanDisk SSD Dashboard) (Version: 1.4.1 - SanDisk Corporation)
SanDisk SSD Dashboard Service (HKLM-x32\...\{EE9255E4-283A-4318-ABB6-A75BEE59ACA3}) (Version: 1.0.0 - SanDisk Corporation)
Septerra Core (HKLM-x32\...\Steam App 253940) (Version:  - )
Service Pack 2 for SQL Server 2012 (KB2958429) (HKLM-x32\...\KB2958429) (Version: 11.2.5058.0 - Microsoft Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
The Troma Project (HKLM\...\Steam App 279640) (Version:  - Nekrosoft)
Total Network Monitor 2.1.0 build 4040 (HKLM-x32\...\Total Network Monitor 2_is1) (Version: 2.1.0.4040 - Softinventive Lab Inc.)
Trinium Wars (HKLM\...\Steam App 410560) (Version:  - Hanmaru Soft)
TS3 Admin (HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\...\7a0e88a04267d7dd) (Version: 1.0.3.106 - noa-x)
Two Worlds II (HKLM-x32\...\Steam App 7520) (Version:  - Reality Pump Studios)
Two Worlds: Epic Edition (HKLM-x32\...\Steam App 1930) (Version:  - Reality Pump Studios)
Ubinota (HKLM-x32\...\Steam App 323630) (Version:  - Rotateam)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Virtual Audio Streaming 4.0 (HKLM-x32\...\{B9FDEDF1-DD77-42BD-B2BD-ABCB30655C73}_is1) (Version: 4.0 - ShiningMorning Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.)
Why So Evil (HKLM-x32\...\Steam App 331710) (Version:  - Zonitron Productions)
Why So Evil 2: Dystopia (HKLM-x32\...\Steam App 354850) (Version:  - Zonitron Productions)
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WISE-FTP 7 (HKLM-x32\...\{3EAF3023-F780-46E5-8220-72F8DB87A7EB}_is1) (Version:  - AceBIT GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1292F2EE-382F-4528-9A07-5F4ADE30DB7E} - System32\Tasks\OO DiskImage {4c7ccc84-c698-4f52-a2a7-f8d22fb85d07} => D:\System Tools\OO Software\DiskImage\oodiag.exe [2015-08-28] (O&O Software GmbH)
Task: {60DAB3DB-A8FB-47F4-B4DE-DCA536BC7C72} - System32\Tasks\Logon Screen SkipUAC => D:\Programme\Logon Screen\Logon Screen.exe [2015-02-15] (Daniel Rebelo)
Task: {80CAD6AF-2989-455C-9852-9BC27C71C8AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-13] (Adobe Systems Incorporated)
Task: {8E6A2259-6C1B-41A2-97E2-C16D95CCFC08} - System32\Tasks\{128ECD8A-7CF5-4FCD-B8B0-62F3F6303903} => pcalua.exe -a C:\Users\xxx\Desktop\GPUTweak_2_5_2\setup.exe -d C:\Users\xxx\Desktop\GPUTweak_2_5_2
Task: {9BF06BAF-1149-497D-98BA-D96FA394DAB8} - System32\Tasks\{63E3E043-43F8-4ED5-BECE-4246CAC0E787} => pcalua.exe -a C:\Users\xxx\Desktop\GPUTweak_2_5_2\setup.exe -d C:\Users\xxx\Desktop\GPUTweak_2_5_2
Task: {9DD77CF7-26CB-4B1B-BAFE-DCA7365A1D1D} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-05-05] (Intel Corporation)
Task: {A7C113FD-3323-4F1E-B81B-44703CF20049} - System32\Tasks\EVGAPrecisionX => E:\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe [2016-04-20] (EVGA Corp.)
Task: {B02E4064-7656-43BF-B8F8-691A9EB7D998} - System32\Tasks\Opera scheduled Autoupdate 1459636964 => D:\Internet\Opera\launcher.exe [2016-04-28] (Opera Software)
Task: {B7603031-1DA0-4B2B-851B-21DFA0893597} - System32\Tasks\{0EDA6852-15A1-49EE-B2C0-5C4A587DF6E3} => pcalua.exe -a C:\Users\xxx\AppData\Local\Temp\GPUTweak_2_5_2\setup.exe -d C:\Users\xxx\AppData\Local\Temp\GPUTweak_2_5_2
Task: {DEA360BB-3B07-4CDA-B1E7-2D877BDF1D90} - System32\Tasks\OO DiskImage {4e6ed83a-2dc9-40f4-942f-4bbeea59d354} => D:\System Tools\OO Software\DiskImage\oodiag.exe [2015-08-28] (O&O Software GmbH)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\OO DiskImage {4c7ccc84-c698-4f52-a2a7-f8d22fb85d07}.job => 
Task: C:\Windows\Tasks\OO DiskImage {4e6ed83a-2dc9-40f4-942f-4bbeea59d354}.job => D:\System Tools\OO Software\DiskImage\oodiag.exe,/run {4e6ed83a-2dc9-40f4-942f-4bbeea59d354}SYSTEMBC:\ProgramData\OO Software\DiskImage\Aufgaben\Aufgabe20151203.xml

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-02-26 22:51 - 2015-03-28 16:55 - 00096840 _____ () C:\Windows\system32\PrxerNsp.dll
2016-03-25 01:45 - 2016-01-29 12:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-04-21 12:34 - 2015-08-28 01:01 - 00326904 _____ () D:\System Tools\OO Software\DiskImage\oodiagrs.dll
2016-04-21 12:34 - 2013-11-18 05:58 - 00318760 _____ () D:\System Tools\OO Software\SSD Migration Kit\oosmkagrs.dll
2016-04-21 12:34 - 2015-08-06 20:52 - 00036544 _____ () D:\Programme\Rainmeter\Rainmeter.exe
2016-04-21 12:34 - 2015-08-06 20:52 - 00816320 _____ () D:\Programme\Rainmeter\Rainmeter.dll
2016-04-21 12:34 - 2015-08-06 20:51 - 00058368 _____ () D:\Programme\Rainmeter\Plugins\WebParser.DLL
2015-12-02 21:31 - 2012-10-25 11:26 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-12-02 21:31 - 2012-10-25 11:26 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-04-21 20:39 - 2013-04-21 20:39 - 00026112 _____ () C:\Program Files (x86)\NppLauncher\NppLauncher.exe
2015-07-09 00:18 - 2015-07-09 00:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2015-12-11 19:18 - 2015-12-11 19:18 - 00437216 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\ipm_service.dll
2015-06-08 21:06 - 2015-06-08 21:06 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2013-04-21 20:39 - 2013-04-21 20:39 - 00052224 _____ () C:\Program Files (x86)\Notepad++\plugins\NppLauncherPlugin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60777651.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NVFLASH => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nvflash.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60777651.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NVFLASH => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nvflash.sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{F12FEF70-8E12-4F7D-AB29-DC6E82D65B39}] => (Allow) D:\Internet\Mozilla Firefox\firefox.exe
FirewallRules: [{F6BC446D-E30C-42AA-BED2-ABB73A0BF504}] => (Allow) D:\Internet\Mozilla Firefox\firefox.exe
FirewallRules: [{BD7825B2-003C-409B-8C60-EC2B5C865B65}] => (Allow) D:\Internet\Mozilla Firefox\firefox.exe
FirewallRules: [{2F726E8F-1786-467A-A8F4-9938BFFA122E}] => (Allow) D:\Internet\Mozilla Firefox\firefox.exe
FirewallRules: [{092F9EF1-438F-412D-AD04-61622201F5AE}] => (Allow) C:\Users\xxx\AppData\Local\Apps\2.0\J6A9JLJN.VC0\03TXEEKQ.H8V\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{FDB5CA6C-0585-4A41-A209-2B9C2E6D009E}] => (Allow) C:\Users\xxx\AppData\Local\Apps\2.0\J6A9JLJN.VC0\03TXEEKQ.H8V\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{FE97F1CF-5AA6-4872-B7FD-31537D0DF816}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{83969BFD-EFA9-4B9D-8A5B-94AC2024D534}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{CD16E77B-789A-433C-8126-69014D7929E0}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{2EE8D6EF-723F-4C97-8605-8DAD7FD9C228}] => (Allow) E:\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{2E1C1283-47AF-4634-80DF-9050EF16FA96}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{AD3175D1-9E3D-408E-BC35-87DEF82A1415}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{81FBE924-AA32-4703-B1FE-9812E3FCD7FC}] => (Allow) E:\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{F9D4E0AA-12B7-4289-9ACE-7D9045BD83EE}] => (Allow) E:\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{D8705FBC-AC89-473B-B213-D2AAE202BC22}] => (Allow) E:\Steam\steamapps\common\Nexuiz Beta\Bin32\Nexuiz.exe
FirewallRules: [{FEB7E9D0-AA42-4363-8184-88A747A863F3}] => (Allow) E:\Steam\steamapps\common\Nexuiz Beta\Bin32\Nexuiz.exe
FirewallRules: [{2E39A8ED-4486-4758-9BBC-931F5F2EBC8A}] => (Allow) E:\Steam\steamapps\common\Nexuiz Beta\Bin32\DedicatedServer.exe
FirewallRules: [{E6EC18ED-5908-4A8F-A497-9B7F89D4AAD9}] => (Allow) E:\Steam\steamapps\common\Nexuiz Beta\Bin32\DedicatedServer.exe
FirewallRules: [{D7ED3BBB-1CD1-4240-91E1-76DCB8C21907}] => (Allow) E:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{C7FD92FC-65A8-4FD1-A711-98859F5B4BFE}] => (Allow) E:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{59CB0D72-0D44-4651-B470-4EEED43083F8}] => (Allow) E:\Steam\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{49D8819C-7A54-4031-80C2-9FA04E26E61E}] => (Allow) E:\Steam\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
FirewallRules: [{76F495EC-D564-4DC8-A9C4-8CB475296372}] => (Allow) E:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{B81ABAF2-3B02-4AF0-8C3F-5B948C28F428}] => (Allow) E:\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{48AB1B2D-9455-4176-9A54-6BB329A60DBE}] => (Allow) E:\Steam\steamapps\common\Ubinota\Ubinota.exe
FirewallRules: [{F8FA2FF8-7D82-4664-B392-8ED597C76D4C}] => (Allow) E:\Steam\steamapps\common\Ubinota\Ubinota.exe
FirewallRules: [{57CF6E66-44E6-4512-A8BB-4D66E3C8BDB9}] => (Allow) E:\Steam\steamapps\common\Blood of Old\BloodofOld.exe
FirewallRules: [{2B387C32-C6EF-456C-B07F-10AA958C6C05}] => (Allow) E:\Steam\steamapps\common\Blood of Old\BloodofOld.exe
FirewallRules: [{626499B7-23FD-4D7E-93B7-85308939362D}] => (Allow) E:\Steam\steamapps\common\Blood of Old\BloodofOld32.exe
FirewallRules: [{2299367A-90C0-4C72-A14B-B98B43D1C3AB}] => (Allow) E:\Steam\steamapps\common\Blood of Old\BloodofOld32.exe
FirewallRules: [{CA27C0BB-8165-4108-9E4D-E72F2A16FBC8}] => (Allow) E:\Steam\steamapps\common\Burgers\Burgers.exe
FirewallRules: [{A1B75666-D7A3-4451-8D80-C99FC225807E}] => (Allow) E:\Steam\steamapps\common\Burgers\Burgers.exe
FirewallRules: [{6911D82C-0FEF-4534-A8BB-B206DAEB4860}] => (Allow) D:\Multimedia\ActivePresenter\ActivePresenter.exe
FirewallRules: [{5FA8FA1D-481B-41AB-BBE6-54554D06A5B3}] => (Allow) D:\Multimedia\ActivePresenter\ActivePresenter.exe
FirewallRules: [{FE34807A-2572-41C7-8028-F1CB7A7D341B}] => (Allow) D:\Multimedia\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{178C55C4-D863-47E0-8BF4-5F113710047E}] => (Allow) D:\Multimedia\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{3CCB1A3B-B8E8-49CB-8671-F3A15386DF9A}] => (Allow) D:\Multimedia\ActivePresenter\rlactivator.exe
FirewallRules: [{3EA5A3D8-E53D-4902-82EA-206296E836CC}] => (Allow) D:\Multimedia\ActivePresenter\rlactivator.exe
FirewallRules: [{20F20070-059A-4530-B527-F3A0B645D88C}] => (Allow) D:\Multimedia\ActivePresenter\rlupdater.exe
FirewallRules: [{46CDA9FE-0C3A-4F4A-8665-AEE15BE6CF13}] => (Allow) D:\Multimedia\ActivePresenter\rlupdater.exe
FirewallRules: [{6828C83C-8D45-4460-B0E5-242E4B6610EA}] => (Allow) D:\Multimedia\ActivePresenter\ActivePresenter.exe
FirewallRules: [{F35B4176-497A-4499-A161-1A037EDF1C7F}] => (Allow) D:\Multimedia\ActivePresenter\ActivePresenter.exe
FirewallRules: [{2C42600E-DC73-46F1-B140-E4C1A9EC56ED}] => (Allow) D:\Multimedia\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{1478745B-EF91-471A-8B81-CC0709A913D0}] => (Allow) D:\Multimedia\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{D1C4C941-D334-4635-876E-B9DF2C83EF57}] => (Allow) D:\Multimedia\ActivePresenter\rlactivator.exe
FirewallRules: [{33CA773C-F2F6-442D-812E-3AC7B630C0D9}] => (Allow) D:\Multimedia\ActivePresenter\rlactivator.exe
FirewallRules: [{888059D0-28AD-4B2D-A9A5-6C2247DB9A1C}] => (Allow) D:\Multimedia\ActivePresenter\rlupdater.exe
FirewallRules: [{F4A60236-D10F-4414-87ED-A8F7C6AA4FC3}] => (Allow) D:\Multimedia\ActivePresenter\rlupdater.exe
FirewallRules: [{263191B4-E204-4531-86B9-E9A4C8788AEE}] => (Allow) E:\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{B755B4D4-02F3-42FA-877F-59859738BE32}] => (Allow) E:\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{934D3B3A-C090-4605-9A6E-B3B29AD0877E}] => (Allow) E:\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe
FirewallRules: [{3412C5AA-92E3-459F-A76B-A8DC4B702338}] => (Allow) E:\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe
FirewallRules: [{48D0624E-175B-42C3-9FE5-1924F7DC2922}] => (Allow) E:\Steam\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe
FirewallRules: [{138F497D-3015-48EF-AE6A-4EE97A3878F8}] => (Allow) E:\Steam\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe
FirewallRules: [{32AF96E2-EB74-4E5B-B31E-C3C16FA91646}] => (Allow) E:\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{7F714371-48C2-4B7B-B106-AEED352C42AC}] => (Allow) E:\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe
FirewallRules: [{ED372989-DA65-4CFC-A0F7-39C6EBA6C3B8}] => (Allow) E:\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{B4926C37-EE24-42E6-9259-214C936F0A02}] => (Allow) E:\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe
FirewallRules: [{6DCCB7C8-4F30-4FF6-9BBE-8EDFD3EAFE4D}] => (Allow) E:\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{4ECA5DA6-0C4C-4991-BAD9-D1E6C0A3FFDA}] => (Allow) E:\Steam\steamapps\common\nosgoth\Binaries\Win32\Nosgoth.exe
FirewallRules: [{0F833C2D-8AFE-4986-ABCB-0BB6B24EDB75}] => (Allow) D:\Programme\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{80998A9B-7445-40F4-B49F-404C8F8A5DEE}] => (Allow) D:\Programme\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{9F271F34-560E-49B7-B17E-93160DCD426B}] => (Allow) E:\Steam\steamapps\common\nosgoth\NosgothLauncher.exe
FirewallRules: [{11212522-A727-4AF5-9260-D2DEC7D9A2B5}] => (Allow) E:\Steam\steamapps\common\nosgoth\NosgothLauncher.exe
FirewallRules: [{1CD3B6B3-9D8B-490E-937E-8C5E0F9C84D4}] => (Allow) E:\Steam\steamapps\common\Nexuiz\Bin32\Nexuiz.exe
FirewallRules: [{B4268A3E-384B-4B56-ACE4-7008601CC878}] => (Allow) E:\Steam\steamapps\common\Nexuiz\Bin32\Nexuiz.exe
FirewallRules: [{059A8152-BC6D-496A-A190-13D0133F88AF}] => (Allow) E:\Steam\steamapps\common\Nexuiz\Bin32\Editor.exe
FirewallRules: [{AC811C4D-FD39-4EEA-9D7A-24E290245C7B}] => (Allow) E:\Steam\steamapps\common\Nexuiz\Bin32\Editor.exe
FirewallRules: [{226E7DF2-E259-4917-98F9-BAFAD594D8E0}] => (Allow) E:\Steam\steamapps\common\Overcast - Walden and the Werewolf\Overcast - Walden and the Werewolf.exe
FirewallRules: [{C3B49CB6-582A-41AE-8AB8-426E85422460}] => (Allow) E:\Steam\steamapps\common\Overcast - Walden and the Werewolf\Overcast - Walden and the Werewolf.exe
FirewallRules: [{D9AA143C-3456-4CF9-8040-D05EBECA0DBA}] => (Allow) E:\Steam\steamapps\common\Why So Evil\Why So Evil_50f.exe
FirewallRules: [{D9621EB1-37DF-4DD2-A877-3F8B618C6F98}] => (Allow) E:\Steam\steamapps\common\Why So Evil\Why So Evil_50f.exe
FirewallRules: [{7803A0DF-5988-417C-984D-9AD36693992D}] => (Allow) E:\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe
FirewallRules: [{E94B062B-47EC-48FB-9D7D-783A24F0D8B3}] => (Allow) E:\Steam\steamapps\common\Break Into Zatwor\BreakIntoZatwor.exe
FirewallRules: [{398866A3-D6A0-4844-A71B-283DE47B227D}] => (Allow) E:\Steam\steamapps\common\Why So Evil 2 Dystopia\Why So Evil 2 Dystopia.exe
FirewallRules: [{6A3D1345-F2D6-410B-8498-6E484F18B8A8}] => (Allow) E:\Steam\steamapps\common\Why So Evil 2 Dystopia\Why So Evil 2 Dystopia.exe
FirewallRules: [{8FC381CF-2F8E-4D07-8B74-509DC101F540}] => (Allow) E:\Steam\steamapps\common\Gorky 17\gorky17.exe
FirewallRules: [{FA0D7AEB-99AE-495D-93E0-1AA00E156D48}] => (Allow) E:\Steam\steamapps\common\Gorky 17\gorky17.exe
FirewallRules: [{F9DD7984-6B3B-41A1-B56A-9CE6F1E7F879}] => (Allow) E:\Steam\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{13523CDF-0B56-4F66-869F-57679061FA97}] => (Allow) E:\Steam\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{401C18FC-C034-4A88-BCF8-9A2BC57CDBFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{71C89887-BCB5-42B2-91F8-B7703E2F8799}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C790FBB3-3210-46DD-9BE2-8540A8BFDB49}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{87A83931-1715-49A6-9087-2EFE115FA672}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{271AC25D-AEAC-467E-AFB3-116CDAE0BC23}] => (Allow) E:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{D67DADC8-807D-49F4-A8BF-8BD0B9C3B2EC}] => (Allow) E:\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{12CFA9FC-733D-4F14-B760-26614B9316AE}] => (Allow) LPort=26675
FirewallRules: [{D68F7085-F9EF-4867-AA27-FFBD874B6719}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{FDF79033-139F-4119-ACD4-CF40C53A1B4A}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{A53F242B-EE52-4892-8EBD-7A52AF6CFBDF}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer 3\CNC3Launcher.exe
FirewallRules: [{169B87FB-0F9B-4BA4-8915-3EF1931E5A3A}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer 3\CNC3Launcher.exe
FirewallRules: [{34A141AE-7C2E-4890-B513-80FF273C204B}] => (Allow) S:\Program Files (x86)\Origin Games\Command Conquer 4 Tiberian Twilight\CNC4.exe
FirewallRules: [{05A4651E-A6F5-412B-AAEE-A75B2D656BC8}] => (Allow) S:\Program Files (x86)\Origin Games\Command Conquer 4 Tiberian Twilight\CNC4.exe
FirewallRules: [{8706C8EE-279B-4AF5-9791-AB9E3DC3A5E1}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{06933CE2-F28D-4469-A264-EAA6206E03D4}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{B8A1F955-EB71-499F-AA17-E9559E26F16C}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Red Alert 3\RA3Launcher.exe
FirewallRules: [{FFB2035F-7422-4775-AE69-0DEECF3F17AF}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Red Alert 3\RA3Launcher.exe
FirewallRules: [{CCA3E802-F827-4100-B60B-C400345744F1}] => (Allow) S:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{254B980C-3C52-455C-BE86-4DE4644421A0}] => (Allow) S:\Program Files (x86)\Origin Games\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{715FCF01-F638-4E11-9D58-3D8A045AA216}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe
FirewallRules: [{5F66D156-037B-41D5-9F4D-931266F97310}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe
FirewallRules: [{E6D94E90-09C6-44E7-A4F3-17A297C685C5}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Red Alert\RA95Launcher.exe
FirewallRules: [{534519A9-DE52-4C09-A756-EAEA6DD38C01}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Red Alert\RA95Launcher.exe
FirewallRules: [{4981C77F-8358-4ACC-8343-9FA330935341}] => (Allow) S:\Program Files (x86)\Origin Games\Renegade\RenegadeLauncher.exe
FirewallRules: [{BAB8C47C-029D-410C-9099-90489247267C}] => (Allow) S:\Program Files (x86)\Origin Games\Renegade\RenegadeLauncher.exe
FirewallRules: [{DC65C855-4A5C-4C0A-8CFA-AADF927C2F73}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Tiberian Sun\TSLauncher.exe
FirewallRules: [{FDB13755-AF49-4E3F-9F03-C02F5D8EC679}] => (Allow) S:\Program Files (x86)\Origin Games\Command and Conquer Tiberian Sun\TSLauncher.exe
FirewallRules: [{C6530177-3426-47C6-99B8-D37F2F8E86E8}] => (Allow) E:\Steam\steamapps\common\Bierzerkers\Local\VikingGame\Binaries\Win64\VikingGame.exe
FirewallRules: [{A47A96F2-0D0A-4CB7-927D-B94C43458ABF}] => (Allow) E:\Steam\steamapps\common\Bierzerkers\Local\VikingGame\Binaries\Win64\VikingGame.exe
FirewallRules: [{121BDB0D-341A-4F5C-A070-B8E5A2AE8E0C}] => (Allow) E:\Steam\steamapps\common\Septerra Core\septerra.exe
FirewallRules: [{822455C7-DD7F-4EBE-9A1A-33937F1123FB}] => (Allow) E:\Steam\steamapps\common\Septerra Core\septerra.exe
FirewallRules: [{411ED630-95EB-4D4E-A88A-CE861E6F1F69}] => (Allow) C:\Users\xxx\AppData\Local\Apps\2.0\J6A9JLJN.VC0\03TXEEKQ.H8V\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{B7B3B2B5-9563-4848-AD42-A95268FF5F17}] => (Allow) C:\Users\xxx\AppData\Local\Apps\2.0\J6A9JLJN.VC0\03TXEEKQ.H8V\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D184CC5E-0F0C-454F-94E7-B81E44716AC9}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x86\PA.exe
FirewallRules: [{FEACFD58-8C73-466B-98D5-854C985019E0}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x86\PA.exe
FirewallRules: [{AD554D2B-D449-48A8-A92F-A8736D95B478}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe
FirewallRules: [{09FFAC58-A192-406A-92A7-6B209A8C772F}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe
FirewallRules: [{52728CB8-D5C3-401C-A4E2-3F1913F06468}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{E518A89D-AC3D-4A2C-A96A-CC9FB8868E24}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{EE4AA29B-56BC-4DEA-9EAA-11DB48D3B331}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{575C260A-B2FC-4F15-84FF-737B1C81B98F}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{C4BDD933-E7F0-43B4-84AE-3D0B86CCCC8E}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe
FirewallRules: [{9690F709-25A6-45C0-9BC3-DDB27CE49718}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe
FirewallRules: [{4ADA3312-FC6C-40A7-BDA9-5FDE81253F69}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{CAD347AA-811A-455C-BFD3-0847DAA4B6B5}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{CA50F64D-8311-4614-99D4-B5DBE8ABEF1B}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\server.exe
FirewallRules: [{068239E1-A400-44C6-8B36-7BA09B1F53A2}] => (Allow) E:\Steam\steamapps\common\Planetary Annihilation\bin_x64\server.exe
FirewallRules: [{1D1AE719-880C-4126-9EFD-F8759EAB71A2}] => (Allow) E:\Steam\steamapps\common\Deadbreed\Deadbreed.exe
FirewallRules: [{179A893B-79D8-4092-B506-48923CF9D0BA}] => (Allow) E:\Steam\steamapps\common\Deadbreed\Deadbreed.exe
FirewallRules: [{C8603C84-906A-4F04-953E-CFC30CF14A8B}] => (Allow) E:\Steam\steamapps\common\pressure\bin\pressure.exe
FirewallRules: [{27F3957A-3659-401F-91B4-6593159CFAF9}] => (Allow) E:\Steam\steamapps\common\pressure\bin\pressure.exe
FirewallRules: [{5B1791B5-CE2D-40AE-9C1A-C3FDD0FE5F98}] => (Allow) E:\Steam\steamapps\common\TriniumWars\TriniumWars.exe
FirewallRules: [{95F2C644-4B63-45FE-AC1E-721C5068D0C6}] => (Allow) E:\Steam\steamapps\common\TriniumWars\TriniumWars.exe
FirewallRules: [{E7AA58C4-2F7C-44D8-A7D9-9C6804D601B5}] => (Allow) E:\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds.exe
FirewallRules: [{8A9112C3-285F-4700-953D-DCD46B99B0A0}] => (Allow) E:\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds.exe
FirewallRules: [{9524A504-3703-4302-BA3C-CC233CA9786D}] => (Allow) E:\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds_RADEON.exe
FirewallRules: [{5BF4BD43-860C-42AA-B602-5F16B435C177}] => (Allow) E:\Steam\steamapps\common\Two Worlds - Epic Edition\TwoWorlds_RADEON.exe
FirewallRules: [{117B4F2A-E607-459B-A1BB-85BA113C7306}] => (Allow) E:\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{1BE00EA3-EDB4-40FD-8B98-EA0ACFBEE50E}] => (Allow) E:\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{6FC16F03-7AFE-4828-9929-B95EE996362F}] => (Allow) E:\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{8B454E78-773E-4927-AC19-C02A68E82C18}] => (Allow) E:\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{8C8CC4CB-261E-4E95-99F1-0C440B531088}] => (Allow) E:\Steam\steamapps\common\Broadsword Age of Chivalry\Broadsword24-08-2015.exe
FirewallRules: [{A5B4F38E-35F3-4AF4-AB04-A0C4550EF0BA}] => (Allow) E:\Steam\steamapps\common\Broadsword Age of Chivalry\Broadsword24-08-2015.exe
FirewallRules: [{22F01F77-3D42-4288-8DEC-F5D4EA74FD07}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9225AADA-33C3-4CF2-A72E-7CA2F38FF961}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EB062544-AFB9-4AA2-B310-0A8D2C7D602A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CC5DB641-D74A-432F-888D-1B9AFD5247FD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4C38D1EC-8406-4FCB-AACF-C5CEE2ABD066}] => (Allow) E:\Steam\steamapps\common\Troma\TROMA.exe
FirewallRules: [{CC0FA527-1B6F-4F5B-A244-0E8C1747B10C}] => (Allow) E:\Steam\steamapps\common\Troma\TROMA.exe
FirewallRules: [{799FF519-006C-484D-AB5A-3E09FD0D551C}] => (Allow) E:\Steam\steamapps\common\Troma\BonerMaterial\START.exe
FirewallRules: [{AB7E3D73-6CA9-4A34-97A5-F8799B68A4B4}] => (Allow) E:\Steam\steamapps\common\Troma\BonerMaterial\START.exe

==================== Wiederherstellungspunkte =========================

26-04-2016 22:03:04 Windows Update
26-04-2016 22:06:10 Installed Easy fix 50202
26-04-2016 22:28:02 Installed Microsoft .NET Framework 1.1
26-04-2016 22:37:41 Microsoft .NET Framework 4.5 wird installiert
26-04-2016 22:42:02 Microsoft .NET Framework 4.5 wird installiert
26-04-2016 22:42:21 Microsoft .NET Framework 4.5.2 wird installiert
26-04-2016 22:44:57 Windows Update
26-04-2016 23:00:10 Windows Update
26-04-2016 23:05:25 Installiert Paragon Backup and Recovery™ 14 Free.
26-04-2016 23:07:35 Wiederherstellungsvorgang
26-04-2016 23:12:56 Windows Update
27-04-2016 01:12:02 Windows Update
30-04-2016 22:54:00 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/30/2016 10:35:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/29/2016 12:28:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/26/2016 11:10:12 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows Update). Zusätzliche Informationen: 0xc0000022.

Error: (04/26/2016 11:05:30 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework64\v4.0.30319 doesn't have a matching runtime directory

Error: (04/26/2016 11:04:55 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework\v4.0.30319 doesn't have a matching runtime directory

Error: (04/26/2016 11:04:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/26/2016 11:01:54 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241) - Update "KB3136000" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\KB3136000_20160426_230134417-Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3120241)-MSP0.txt enthalten.

Error: (04/26/2016 11:01:35 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework64\v4.0.30319 doesn't have a matching runtime directory

Error: (04/26/2016 11:01:32 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 4.5.2 -- A later version of Microsoft .NET Framework 4.5.2 is already installed.

Error: (04/26/2016 11:01:32 PM) (Source: .NET Runtime) (EventID: 1024) (User: )
Description: Shim database version C:\Windows\Microsoft.NET\Framework64\v4.0.30319 doesn't have a matching runtime directory


Systemfehler:
=============
Error: (04/30/2016 10:54:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/29/2016 12:58:05 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:05 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:05 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:05 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:05 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:05 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:04 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:04 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error: (04/29/2016 12:58:04 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.


CodeIntegrity:
===================================
  Date: 2016-04-30 12:18:45.916
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-30 12:18:45.884
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-30 12:18:45.838
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-28 23:29:45.100
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-28 23:29:45.069
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-28 23:29:45.038
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-27 03:15:19.702
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-27 03:15:19.666
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-27 03:15:19.631
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2016-04-26 11:54:08.228
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kldw.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz
Prozentuale Nutzung des RAM: 21%
Installierter physikalischer RAM: 12279.05 MB
Verfügbarer physikalischer RAM: 9686.89 MB
Summe virtueller Speicher: 24556.29 MB
Verfügbarer virtueller Speicher: 21696.88 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:111.73 GB) (Free:43.57 GB) NTFS
Drive d: (Programme) (Fixed) (Total:111.74 GB) (Free:71.73 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:465.76 GB) (Free:134.5 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: DF140A0D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3F95D275)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

M-K-D-B · 01.05.2016, 14:42

Servus,

hast du auch die Logdatei des Suchlaufs von MBAM? Bitte nachreichen.

Du hast die Logdatei des Echtzeitschutzes gepostet, die interessiert mich nicht...

xxlynusxx · 01.05.2016, 19:24

das ist der letzte log unter "durchsuchen" welchen log brauchst du genau?

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Scan, 01.05.2016 20:04, SYSTEM, XXX-NETZWERK, Manual, Start: 01.05.2016 19:47, Dauer: 16 Min. 42 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen, 

(end)

M-K-D-B · 02.05.2016, 16:19

Servus,

danke.

wir entfernen die letzten Reste und kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von HitmanPro,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

xxlynusxx · 02.05.2016, 22:19

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:02-05-2016
durchgeführt von xxx (2016-05-02 21:20:13) Run:1
Gestartet von C:\Users\xxx\Desktop
Geladene Profile: xxx (Verfügbare Profile: xxx & Administrator)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         
*****************

Prozess erfolgreich geschlossen.

========= RemoveProxy: =========

HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1283539077-2619551967-1579459365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Auflճungscache wurde geleert.

========= Ende von CMD: =========


=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur£kgesetzt.
Sie m³sen den Computer neu starten, um den Vorgang abzuschlie⦮.


========= Ende von CMD: =========

EmptyTemp: => 5.7 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 21:20:26 ====

Zwischendurch schon mal weitere Probleme die auftreten.

Ereignissanzeige/Administrative Ereignisse:

Protokollname: System
Quelle: Service Control Manager
Datum: 02.05.2016 21:31:46
Ereignis-ID: 7000
Aufgabenkategorie:Keine
Ebene: Fehler
Schlüsselwörter:Klassisch
Benutzer: Nicht zutreffend
Computer: xxx-Netzwerk
Beschreibung:
Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

und

Protokollname: System
Quelle: Application Popup
Datum: 02.05.2016 21:31:46
Ereignis-ID: 1060
Aufgabenkategorie:Keine
Ebene: Fehler
Schlüsselwörter:Klassisch
Benutzer: Nicht zutreffend
Computer: xxx-Netzwerk
Beschreibung:
Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\xxx\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Jetzt ist noch nen BlueScreen dazu gekommen wodurch der ESET Online Scann abgebrochen wurde.

Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.1.7601.2.1.0.256.48
Gebietsschema-ID: 1031

Zusatzinformationen zum Problem:
BCCode: a
BCP1: 0000000000000080
BCP2: 0000000000000002
BCP3: 0000000000000000
BCP4: FFFFF80002288402
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

M-K-D-B · 03.05.2016, 16:43

Servus,

scheint eher ein Treiberproblem zu sein, hat wohl nichts mit Malware zu tun.

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

xxlynusxx · 03.05.2016, 18:34

Code:

ATTFilter

Farbar Service Scanner Version: 27-01-2016
Ran by xxx (administrator) on 03-05-2016 at 19:32:42
Running from "C:\Users\xxx\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

M-K-D-B · 04.05.2016, 14:43

Malware ist keine vorhanden, wir sind hier fertig..

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	Microsoft Security Essentials	ESET

Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

xxlynusxx · 04.05.2016, 22:49

Vielen Dank schonmal für deine Hilfe.

Ein Problem hätte ich noch.

Ich guck ja immer gerne in die Verwaltung und dort ist mir diese Warnung ins Auge gefallen:

Code:

ATTFilter

Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.  

 DETAIL - 
 11 user registry handles leaked from \Registry\User\S-1-5-21-1283539077-2619551967-1579459365-1001:
Process 5364 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1283539077-2619551967-1579459365-1001
Process 5364 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1283539077-2619551967-1579459365-1001
Process 5364 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1283539077-2619551967-1579459365-1001
Process 5364 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1283539077-2619551967-1579459365-1001
Process 5364 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1283539077-2619551967-1579459365-1001\Software\Microsoft\SystemCertificates\trust
Process 5364 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1283539077-2619551967-1579459365-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 5364 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1283539077-2619551967-1579459365-1001\Software\Microsoft\SystemCertificates\My
Process 5364 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1283539077-2619551967-1579459365-1001\Software\Microsoft\SystemCertificates\CA
Process 5364 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1283539077-2619551967-1579459365-1001\Software\Microsoft\SystemCertificates\Root
Process 5364 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1283539077-2619551967-1579459365-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 5364 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1283539077-2619551967-1579459365-1001\Software\Microsoft\SystemCertificates\TrustedPeople

M-K-D-B · 05.05.2016, 12:11

Ist nicht schlimm.
Kannst du als Hinweis verstehen, mehr aber auch nicht.

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

01.05.2016, 14:42	#7
M-K-D-B /// TB-Ausbilder	Schadware finden und Netzwerk-Einstellungen optimieren. Servus, hast du auch die Logdatei des Suchlaufs von MBAM? Bitte nachreichen. Du hast die Logdatei des Echtzeitschutzes gepostet, die interessiert mich nicht...

Schadware finden und Netzwerk-Einstellungen optimieren.

Plagegeister aller Art und deren Bekämpfung: Schadware finden und Netzwerk-Einstellungen optimieren.