| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.05.2016, 14:02
| #1 |
 |  E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnen Hallo, als unerfahrener Computeruser, ist mir ein Fehler passiert. Bei einer E-Mail, die angeblich von direct pay ag an mich versendet wurde, habe ich versucht den Anhang zu öffnen, wobei ich den Hinweis erhielt die Datei könne nicht geöffnet werden und ich solle mir kostenpflichtig winzip , winrar auf meinen PC herunterladen. Nun hat man mich gewarnt, dass ich mir eventuell malware auf meinem PC installiert habe. In der Zwischenzeit habe ich allerdings bereits Onlinebanking gemacht, paypal genutzt, Mails gecheckt usw.. Kann mir bitte jemand helfen?  |
|
21.05.2016, 16:32
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnen Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1   Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
23.05.2016, 14:26
| #3 |
| | E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnen AdwCleaner Logfile:
__________________Code:
ATTFilter # AdwCleaner v5.117 - Bericht erstellt am 23/05/2016 um 15:00:49
# Aktualisiert am 15/05/2016 von Xplode
# Datenbank : 2016-05-15.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : Lisa - TOSHIBA
# Gestartet von : C:\Users\Lisa\Desktop\AdwCleaner_5.117.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht : C:\ProgramData\Babylon
[-] Ordner gelöscht : C:\ProgramData\ParetoLogic
[-] Ordner gelöscht : C:\ProgramData\Partner
[-] Ordner gelöscht : C:\ProgramData\Trymedia
[#] Ordner gelöscht : C:\ProgramData\Application Data\Babylon
[#] Ordner gelöscht : C:\ProgramData\Application Data\ParetoLogic
[#] Ordner gelöscht : C:\ProgramData\Application Data\Partner
[#] Ordner gelöscht : C:\ProgramData\Application Data\Trymedia
[-] Ordner gelöscht : C:\Program Files (x86)\ParetoLogic
[-] Ordner gelöscht : C:\Program Files (x86)\Common Files\ParetoLogic
[-] Ordner gelöscht : C:\Users\Lisa\AppData\Local\Babylon
[-] Ordner gelöscht : C:\Users\Lisa\AppData\Roaming\Babylon
[-] Ordner gelöscht : C:\Users\Lisa\AppData\Roaming\DriverCure
[-] Ordner gelöscht : C:\Users\Lisa\AppData\Roaming\dvdvideosoftiehelpers
[-] Ordner gelöscht : C:\Users\Lisa\AppData\Roaming\ParetoLogic
[-] Ordner gelöscht : C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
***** [ Dateien ] *****
[-] Datei gelöscht : C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
[-] Datei gelöscht : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\searchplugins\avira-safesearch.xml
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
[-] Geplante Aufgabe gelöscht : paretologic registration3
[-] Geplante Aufgabe gelöscht : updateTask
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\03d58665a6e9c0f559309b7dc386cfd2
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\05a9476dd7c65dae0e0bf509e331f234
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\107f226270b58782dddaf11c238527fc
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2676f0f40a58e1504dcf9e7d1474af70
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2904a2a04a36bdc12abffae94282ed4a
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\293ed71a57a6da98ee78bf212b61aad1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3c36b7a360dd03987df305acd90a3595
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4bac6fb593175c943074855e335147ce
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4f476b0b701b4b9af44b06de22d86d54
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\60894d7af2d48da278c715733f278f65
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6822f7694b68895e8f79bc440d1dd514
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\885ef1ff2f322aab8954628b33671792
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\94df6f1cc2db8f9c4117d624c8a1c01d
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a22b095e99344c2f0ade133e7bd579a7
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b8d793a2f680395d37bf6265405a4da2
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c050d9f3901edd9853bb302936f8c43d
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c28ac53fbd371b6ad5145ede61846e8c
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c42651be636fde3e1aed5f2f8f5e7574
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d9d957c43a33317e8ff67a98df26115b
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e55e1cd4e5529d1632e08e4a4aba1c89
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Wert gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-] Schlüssel gelöscht : HKCU\Software\OCS
[-] Schlüssel gelöscht : HKCU\Software\ParetoLogic
[-] Schlüssel gelöscht : HKCU\Software\Softonic
[-] Schlüssel gelöscht : HKCU\Software\madFlac
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Babylon
[-] Schlüssel gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Schlüssel gelöscht : HKLM\SOFTWARE\ParetoLogic
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Trymedia Systems
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}
[-] Daten wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Daten wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Daten wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Daten wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Daten wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Daten wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Daten wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Daten wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Daten wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Daten wiederhergestellt : HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Daten wiederhergestellt : HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten wiederhergestellt : HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Daten wiederhergestellt : HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
***** [ Internetbrowser ] *****
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("avira.safe_search.installed", "[\"safesearch\"]");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("avira.safe_search.search_was_active", "false");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("browser.newtab.url", "hxxps://safesearch.avira.com/#?source=newtab");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.enabledItems", "{F3BCF7EE-E099-4F03-BE86-F30DBE55098C}:1.9.1,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900,{6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900,{CAFEEFAC-0016-0000[...]
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.facemoods.aflt", "_#wbst");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.facemoods.first_time", false);
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.facemoods.id", "_#eea80e431e5b446a8275ff34b61a2505");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.facemoods.instlDay", "_#15277");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.facemoods.sid", "_#eea80e431e5b446a8275ff34b61a2505");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.facemoods.update", "_#v1.4.0");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"148f402f1806-06ab87a72191be8-42504136-0-148f402f181d8\"");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1431285506");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"794f782b88925a30470a89471dac5fdd0f2911e7\"");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "4447967242");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"c90a803e6aa62c30e65516cb5eddacd0cdd212b7\"");
[-] [C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\prefs.js] gelöscht : user_pref("extensions.safesearch.install", "1412843106696");
[-] [C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : isearch.avg.com
[-] [C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] gelöscht : search provided by yahoo.com
[-] [C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] gelöscht : hxxp://de.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mlvi_15_40¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtCzzzyzzyDtCyByCtByDtN0D0Tzu0StCtAyCzytN1L2XzutAtFtCtAtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0A0E0EtC0EzzyC0CtGyD0ByEtDtGyEtByDyBtGzytD0FtBtG0CyC0BtCzzyEyD0DyEzyyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EyByCyCtD0FyDtG0D0C0D0EtGyEtD0ByDtGzzyDtCtCtG0DtD0DtA0FyDzztA0AyCtByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyDyB%26cr%3D1578186917%26a%3Dwncy_mlvi_15_40%26os%3DWindows%2B7%2BHome%2BPremium
[-] [C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] gelöscht : hxxp://de.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mlvi_15_40¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtCzzzyzzyDtCyByCtByDtN0D0Tzu0StCtAyCzytN1L2XzutAtFtCtAtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0A0E0EtC0EzzyC0CtGyD0ByEtDtGyEtByDyBtGzytD0FtBtG0CyC0BtCzzyEyD0DyEzyyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EyByCyCtD0FyDtG0D0C0D0EtGyEtD0ByDtGzzyDtCtCtG0DtD0DtA0FyDzztA0AyCtByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyDyB%26cr%3D1578186917%26a%3Dwncy_mlvi_15_40%26os%3DWindows%2B7%2BHome%2BPremium
[-] [C:\Users\Lisa\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] gelöscht : search provided by yahoo
[-] [C:\Users\Lisa\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] gelöscht : hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mlvi_15_40¶m1=1¶m2=f%3D1%26b%3Dchmm%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtCzzzyzzyDtCyByCtByDtN0D0Tzu0StCtAyCzytN1L2XzutAtFtCtAtFtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0A0E0EtC0EzzyC0CtGyD0ByEtDtGyEtByDyBtGzytD0FtBtG0CyC0BtCzzyEyD0DyEzyyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EyByCyCtD0FyDtG0D0C0D0EtGyEtD0ByDtGzzyDtCtCtG0DtD0DtA0FyDzztA0AyCtByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyDyB%26cr%3D1578186917%26a%3Dwncy_mlvi_15_40%26os%3DWindows%2B7%2BHome%2BPremium&uref=chmm
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Einstellungen zurückgesetzt : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default
:: Chrome Einstellungen zurückgesetzt : C:\Users\Lisa\AppData\Local\Chromium\User Data\Default
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [16918 Bytes] - [23/05/2016 15:00:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [374 Bytes] - [23/05/2016 14:38:04]
C:\AdwCleaner\AdwCleaner[S2].txt - [427 Bytes] - [23/05/2016 14:53:09]
C:\AdwCleaner\AdwCleaner[S3].txt - [17321 Bytes] - [23/05/2016 14:55:57]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [17210 Bytes] ##########
Hallo Jürgen, mein Name ist Rita und ich bin sehr dankbar für Deine Hilfe. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:22-05-2016 01 durchgeführt von Lisa (Administrator) auf TOSHIBA (23-05-2016 15:17:17) Gestartet von C:\Users\Lisa\Desktop Geladene Profile: Lisa (Verfügbare Profile: Lisa & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe (Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Google Inc.) C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Google Inc.) C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (Tablet Driver) C:\Windows\SysWOW64\WTClient.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Farbar) C:\Users\Lisa\Desktop\FRST64 (2).exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-26] (Toshiba Europe GmbH) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-08-03] (Realtek Semiconductor) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1813288 2009-08-17] (Synaptics Incorporated) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-09-03] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation) HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-08-03] (TOSHIBA Corporation.) HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA) HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.) HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA) HKLM-x32\...\Run: [WTClient] => C:\Windows\system32\WTClient.exe [32768 2009-08-19] (Tablet Driver) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [814608 2016-05-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-04-25] (Avira Operations GmbH & Co. KG) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\...\Run: [Google Update] => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\...\MountPoints2: {b6df64a7-08ff-11e5-8148-002622e94d30} - G:\Startme.exe HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\...\MountPoints2: {bae51b08-0854-11df-ae4b-002622e94d30} - F:\SETUP.EXE HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [3231232 2016-01-22] (Microsoft Corporation) <==== ACHTUNG ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-24] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-24] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-09-24] ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk [2016-05-23] ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{4E076EAC-BD07-46D2-B8DE-4CBE05750EA7}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{51DFFC57-E7D6-47AD-B640-3BA3B24AA83D}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2847114485-2203063503-2096561936-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\S-1-5-21-2847114485-2203063503-2096561936-1000 -> {056393CD-2C3E-438A-91DF-F74DB5762400} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} SearchScopes: HKU\S-1-5-21-2847114485-2203063503-2096561936-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-2847114485-2203063503-2096561936-1000 -> {86AF710D-C738-4480-B9DF-A50E86360896} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX Runtime 2.0\bin\jp2ssv.dll [2011-09-20] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08] (DivX, LLC) BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08] (DivX, LLC) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-28] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-28] (Oracle Corporation) DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] () FF Plugin: @java.com/DTPlugin,version=10.2.1 -> C:\Windows\system32\npDeployJava1.dll [2011-09-20] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.2.1 -> C:\Program Files\Oracle\JavaFX Runtime 2.0\bin\new_plugin\npjp2.dll [2011-09-20] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08] (DivX, LLC) FF Plugin-x32: @divx.com/DivX OVS Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2010-11-20] (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-28] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll [Keine Datei] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN) FF Plugin HKU\S-1-5-21-2847114485-2203063503-2096561936-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin HKU\S-1-5-21-2847114485-2203063503-2096561936-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin HKU\S-1-5-21-2847114485-2203063503-2096561936-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lisa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS) FF user.js: detected! => C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\user.js [2012-02-14] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2009-02-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-17] (Apple Inc.) FF Extension: Avira Browser Safety - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\Extensions\abs@avira.com [2016-02-06] FF Extension: Avira SafeSearch - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\Extensions\safesearch@avira.com [2015-10-02] [ist nicht signiert] FF Extension: Clean Links - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2015-10-02] FF Extension: Adblock Plus - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\eadxcfu0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-24] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010-12-12] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010-12-12] [ist nicht signiert] FF HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\...\Firefox\Extensions: [{F3BCF7EE-E099-4F03-BE86-F30DBE55098C}] - C:\Users\Lisa\AppData\Local\{F3BCF7EE-E099-4F03-BE86-F30DBE55098C} FF Extension: XULRunner - C:\Users\Lisa\AppData\Local\{F3BCF7EE-E099-4F03-BE86-F30DBE55098C} [2010-10-07] [ist nicht signiert] Chrome: ======= CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-23] CHR Extension: (Google Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-23] CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-23] CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-23] CHR Extension: (Google Tabellen) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-23] CHR Extension: (Avira Browserschutz) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-23] CHR Extension: (DivX HiQ) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2016-05-23] CHR Extension: (Google Docs Offline) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-23] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-23] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2016-05-23] CHR Extension: (Google Mail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-23] CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09] CHR Extension: (Google Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09] CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-09] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-09] CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-09] CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-09] CHR Extension: (Google Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-09] CHR Extension: (Avira Browser Safety) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-09] CHR Extension: (DivX HiQ) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2015-03-09] CHR Extension: (Google Wallet) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-03-09] CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-09] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2010-12-08] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2010-12-08] StartMenuInternet: Google Chrome.6F6ELVVAXUFGA5I57GHTSAA66A - C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com) [Datei ist nicht signiert] S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [970656 2016-05-11] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [467016 2016-05-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [467016 2016-05-11] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-26] (Avira Operations GmbH & Co. KG) S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [280008 2016-04-25] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-05] () [Datei ist nicht signiert] R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation) R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2016-04-25] (RealNetworks, Inc.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-10-28] () R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-26] (Toshiba Europe GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2009-09-23] (Tablet Driver) [Datei ist nicht signiert] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-03-11] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-03-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-05-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-11] (Avira Operations GmbH & Co. KG) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-03-11] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-23] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd) S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-23] () [Datei ist nicht signiert] S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [Datei ist nicht signiert] S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) U3 ar3u2svc; C:\Windows\System32\Drivers\ar3u2svc.sys [0 ] (Microsoft Corporation) <==== ACHTUNG (Null Byte Datei/Ordner) S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X] S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X] S3 WPRO_40_1340; system32\drivers\WPRO_40_1340.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-23 15:17 - 2016-05-23 15:18 - 00029813 _____ C:\Users\Lisa\Desktop\FRST.txt 2016-05-23 15:16 - 2016-05-23 15:16 - 02383360 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64 (2).exe 2016-05-23 14:50 - 2016-05-23 14:50 - 03651136 _____ C:\Users\Lisa\Desktop\AdwCleaner_5.117.exe 2016-05-23 14:49 - 2016-05-23 14:49 - 03651136 _____ C:\Users\Lisa\Downloads\AdwCleaner_5.117 (1).exe 2016-05-23 14:32 - 2016-05-23 15:00 - 00000000 ____D C:\AdwCleaner 2016-05-23 14:32 - 2016-05-23 14:32 - 03651136 _____ C:\Users\Lisa\Downloads\AdwCleaner_5.117.exe 2016-05-23 14:25 - 2016-05-23 14:28 - 00059888 _____ C:\Users\Lisa\Downloads\Addition.txt 2016-05-23 14:21 - 2016-05-23 14:28 - 00070665 _____ C:\Users\Lisa\Downloads\FRST.txt 2016-05-23 14:20 - 2016-05-23 14:20 - 02383360 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (1).exe 2016-05-23 14:18 - 2016-05-23 15:17 - 00000000 ____D C:\FRST 2016-05-23 14:17 - 2016-05-23 14:17 - 02383360 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64.exe 2016-05-21 18:23 - 2016-05-23 15:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-21 18:23 - 2016-05-21 18:23 - 00000914 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-05-21 18:23 - 2016-05-21 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-05-21 18:23 - 2016-05-21 18:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-05-21 18:23 - 2016-05-21 18:23 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2016-05-21 18:23 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-05-21 18:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-05-21 18:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-05-21 18:21 - 2016-05-21 18:21 - 22851472 _____ (Malwarebytes ) C:\Users\Lisa\Downloads\mbam-setup-2.2.1.1043 (1).exe 2016-05-21 18:20 - 2016-05-21 18:20 - 22851472 _____ (Malwarebytes ) C:\Users\Lisa\Downloads\mbam-setup-2.2.1.1043.exe 2016-05-21 17:55 - 2016-05-21 18:04 - 00000000 ____D C:\Program Files (x86)\Trojan Remover 2016-05-21 17:54 - 2016-05-21 17:54 - 01475080 _____ C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer (1).exe 2016-05-21 16:31 - 2016-05-21 16:31 - 01475080 _____ C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer.exe 2016-05-21 15:27 - 2016-05-21 15:27 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-05-21 15:27 - 2016-05-21 15:27 - 00000000 ____D C:\Program Files\Common Files\AV 2016-05-21 15:25 - 2016-05-21 19:47 - 00000000 ____D C:\ProgramData\AVAST Software 2016-05-21 15:25 - 2016-05-21 15:25 - 05066104 _____ (AVAST Software) C:\Users\Lisa\Downloads\avast_free_antivirus_setup_online (1).exe 2016-05-21 15:23 - 2016-05-21 15:24 - 05066104 _____ (AVAST Software) C:\Users\Lisa\Downloads\avast_free_antivirus_setup_online.exe 2016-05-21 08:35 - 2016-05-21 08:35 - 00051282 _____ C:\Users\Lisa\Downloads\S_20160521_083521_Neue_Nachrichten.ZIP 2016-05-20 20:39 - 2016-05-20 20:40 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Laruaville3 2016-05-20 16:08 - 2016-05-20 16:08 - 00254899 _____ C:\Users\Lisa\Downloads\04908021.pdf 2016-05-20 12:08 - 2016-05-20 12:08 - 00001712 _____ C:\Users\Lisa\Desktop\Laruaville 3.lnk 2016-05-20 12:07 - 2016-05-20 12:07 - 00001997 _____ C:\Users\Lisa\Desktop\Fitness Bustle - Energy Boost.lnk 2016-05-19 12:01 - 2016-05-19 12:01 - 00001927 _____ C:\Users\Lisa\Desktop\Heart's Medicine - Time to Heal Deluxe.lnk 2016-05-19 11:26 - 2016-05-19 11:26 - 00457351 _____ C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (3).zip 2016-05-19 11:26 - 2016-05-19 11:26 - 00457351 _____ C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (2).zip 2016-05-19 11:25 - 2016-05-19 11:25 - 00457351 _____ C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016.zip 2016-05-19 11:25 - 2016-05-19 11:25 - 00457351 _____ C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (1).zip 2016-05-19 11:24 - 2016-05-19 11:24 - 00000418 _____ C:\Users\Lisa\Downloads\Attachment 2016-05-17 20:02 - 2016-05-17 20:02 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\CrazyRings 2016-05-17 19:53 - 2016-05-17 19:53 - 00001694 _____ C:\Users\Lisa\Desktop\Crazy Rings.lnk 2016-05-17 19:33 - 2016-05-17 19:33 - 00117352 _____ C:\Users\Lisa\AppData\Local\GDIPFONTCACHEV1.DAT 2016-05-17 19:32 - 2016-05-17 19:32 - 00442776 _____ C:\Windows\system32\FNTCACHE.DAT 2016-05-11 16:22 - 2016-04-23 19:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-05-11 16:22 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-05-11 16:22 - 2016-04-23 07:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-05-11 16:22 - 2016-04-23 07:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-05-11 16:22 - 2016-04-23 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-05-11 16:22 - 2016-04-23 07:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-05-11 16:22 - 2016-04-23 07:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-05-11 16:22 - 2016-04-23 07:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-05-11 16:22 - 2016-04-23 07:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-05-11 16:22 - 2016-04-23 07:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-05-11 16:22 - 2016-04-23 07:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-05-11 16:22 - 2016-04-23 06:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-05-11 16:22 - 2016-04-23 06:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-05-11 16:22 - 2016-04-23 06:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-05-11 16:22 - 2016-04-23 06:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-05-11 16:22 - 2016-04-23 06:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-05-11 16:22 - 2016-04-23 06:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-05-11 16:22 - 2016-04-23 06:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-05-11 16:22 - 2016-04-23 06:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-05-11 16:22 - 2016-04-23 06:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-05-11 16:22 - 2016-04-23 06:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-05-11 16:22 - 2016-04-23 06:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-05-11 16:22 - 2016-04-23 06:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-05-11 16:22 - 2016-04-23 06:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-05-11 16:22 - 2016-04-23 06:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-05-11 16:22 - 2016-04-23 06:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-05-11 16:22 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-05-11 16:22 - 2016-04-23 06:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-05-11 16:22 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-05-11 16:22 - 2016-04-23 06:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-05-11 16:22 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-05-11 16:22 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-05-11 16:22 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-05-11 16:22 - 2016-04-23 06:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-05-11 16:22 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-05-11 16:22 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-05-11 16:22 - 2016-04-23 06:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-05-11 16:22 - 2016-04-23 06:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-05-11 16:22 - 2016-04-23 06:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-05-11 16:22 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-05-11 16:22 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-05-11 16:22 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-05-11 16:22 - 2016-04-23 06:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-05-11 16:22 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-05-11 16:22 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-05-11 16:22 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-05-11 16:22 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-05-11 16:22 - 2016-04-23 05:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-05-11 16:22 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-05-11 16:22 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-05-11 16:22 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-05-11 16:22 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-05-11 16:22 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-05-11 16:22 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-05-11 16:22 - 2016-04-23 05:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-05-11 16:22 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-05-11 16:22 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-05-11 16:22 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-05-11 16:22 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-05-11 16:22 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-05-11 16:22 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-05-11 16:22 - 2016-04-23 05:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-05-11 16:22 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-05-11 16:22 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-05-11 16:22 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-05-11 16:22 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-05-11 16:22 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-05-11 16:22 - 2016-04-14 15:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-05-11 16:22 - 2016-04-09 09:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-05-11 16:22 - 2016-04-09 09:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-05-11 16:22 - 2016-04-09 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-05-11 16:22 - 2016-04-09 08:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-05-11 16:22 - 2016-04-09 08:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-05-11 16:22 - 2016-04-09 08:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-05-11 16:22 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-05-11 16:22 - 2016-04-09 07:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-05-11 16:22 - 2016-04-06 17:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-05-11 16:22 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-05-11 16:22 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-05-11 16:21 - 2016-04-09 09:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-05-11 16:21 - 2016-04-09 09:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-05-11 16:21 - 2016-04-09 09:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-05-11 16:21 - 2016-04-09 09:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-05-11 16:21 - 2016-04-09 09:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-05-11 16:21 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-05-11 16:21 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-05-11 16:21 - 2016-04-09 08:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-05-11 16:21 - 2016-04-09 08:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 08:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 07:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-05-11 16:21 - 2016-04-09 07:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-05-11 16:21 - 2016-04-09 07:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-05-11 16:21 - 2016-04-09 07:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-05-11 16:21 - 2016-04-09 07:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-05-11 16:21 - 2016-04-09 07:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-05-11 16:21 - 2016-04-09 07:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-05-11 16:21 - 2016-04-09 07:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-05-11 16:21 - 2016-04-09 07:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-05-11 16:21 - 2016-04-09 07:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-05-11 16:21 - 2016-04-09 07:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-05-11 16:21 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-05-11 16:21 - 2016-04-09 07:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-05-11 16:21 - 2016-04-09 07:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-05-11 16:21 - 2016-04-09 07:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-05-11 16:21 - 2016-04-09 07:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-05-11 16:21 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-05-11 16:21 - 2016-04-09 07:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 07:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 07:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 16:21 - 2016-04-09 07:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-05-11 16:20 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-05-11 16:20 - 2016-04-09 05:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-05-03 23:25 - 2016-05-03 23:25 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\WildWestChase ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-05-23 15:16 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-23 15:16 - 2009-07-14 06:45 - 00019024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-23 15:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\inetsrv 2016-05-23 15:05 - 2010-08-12 20:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-23 15:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-23 14:53 - 2013-10-27 15:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-23 14:53 - 2013-10-27 14:56 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2847114485-2203063503-2096561936-1000UA.job 2016-05-23 14:27 - 2010-08-12 20:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-21 19:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-05-21 19:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Globalization 2016-05-21 17:58 - 2010-07-21 01:58 - 00000000 ____D C:\ProgramData\TEMP 2016-05-21 00:53 - 2013-10-27 14:56 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2847114485-2203063503-2096561936-1000Core.job 2016-05-20 12:08 - 2014-09-08 13:22 - 00000000 ____D C:\Zylom Games 2016-05-20 12:08 - 2014-09-08 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom 2016-05-20 12:08 - 2014-09-08 13:10 - 00000000 ____D C:\Users\Lisa\AppData\Local\com.gamehouse.acid 2016-05-20 01:59 - 2014-09-08 17:18 - 00000000 ____D C:\Users\Lisa\Desktop\Rita 2016-05-19 10:47 - 2015-08-06 11:52 - 00000000 ____D C:\Users\Lisa\Desktop\Ebay 2016-05-16 20:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-05-15 18:24 - 2014-09-08 13:02 - 00000000 ____D C:\Users\Lisa\Desktop\Programme 2016-05-15 18:24 - 2009-09-24 16:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA 2016-05-14 08:36 - 2014-10-09 10:23 - 00000000 ____D C:\ProgramData\Package Cache 2016-05-13 16:36 - 2013-10-28 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-05-13 11:53 - 2013-10-27 15:20 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-13 11:53 - 2013-10-27 15:20 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-05-13 11:53 - 2011-09-30 18:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-13 01:54 - 2013-10-27 14:57 - 00002370 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-12 18:12 - 2014-12-11 14:28 - 00000000 ____D C:\Windows\system32\appraiser 2016-05-12 12:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2016-05-12 09:49 - 2009-07-14 19:58 - 00775794 _____ C:\Windows\system32\perfh007.dat 2016-05-12 09:49 - 2009-07-14 19:58 - 00176730 _____ C:\Windows\system32\perfc007.dat 2016-05-12 09:49 - 2009-07-14 07:13 - 01812314 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-12 08:43 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-12 02:49 - 2013-09-27 20:32 - 00000000 ____D C:\Windows\system32\MRT 2016-05-12 02:24 - 2011-11-13 20:03 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-05-11 00:48 - 2013-10-27 14:56 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2847114485-2203063503-2096561936-1000UA 2016-05-11 00:48 - 2013-10-27 14:56 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2847114485-2203063503-2096561936-1000Core 2016-05-11 00:25 - 2013-10-28 14:58 - 00141920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2016-05-11 00:25 - 2013-10-28 14:58 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2016-05-10 23:21 - 2010-08-12 20:25 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-10 23:21 - 2010-08-12 20:25 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-06 04:03 - 2015-04-04 16:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-05-06 04:03 - 2015-04-04 16:14 - 00000000 ___SD C:\Windows\system32\GWX 2016-05-03 01:19 - 2011-08-29 07:17 - 01786594 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-05-01 00:30 - 2015-11-23 20:59 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\8floor 2016-04-24 20:32 - 2016-02-11 12:25 - 00000000 ____D C:\Users\Lisa\Documents\8floor 2016-04-23 01:34 - 2015-06-04 19:48 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\GameHouse ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2011-01-16 20:40 - 2011-01-16 22:06 - 0004290 _____ () C:\Users\Lisa\AppData\Roaming\BBMS_EXCEPTION.txt 2010-10-07 20:45 - 2010-10-07 20:46 - 0000020 _____ () C:\Users\Lisa\AppData\Roaming\cnmkat.dat 2015-10-01 13:03 - 2015-10-01 13:03 - 0000044 _____ () C:\Users\Lisa\AppData\Roaming\WB.CFG 2011-01-16 23:57 - 2011-04-25 01:30 - 0005120 _____ () C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-10-07 20:48 - 2010-10-08 21:36 - 0000120 _____ () C:\Users\Lisa\AppData\Local\Mxupawev.dat 2010-10-07 21:55 - 2012-05-31 18:25 - 0007602 _____ () C:\Users\Lisa\AppData\Local\Resmon.ResmonCfg 2010-10-07 20:48 - 2010-10-08 05:39 - 0000000 _____ () C:\Users\Lisa\AppData\Local\Swukupecejoxodok.bin 2012-12-09 15:03 - 2012-12-09 15:03 - 0000057 _____ () C:\ProgramData\Ament.ini Einige Dateien in TEMP: ==================== C:\Users\Lisa\AppData\Local\Temp\avgnt.exe C:\Users\Lisa\AppData\Local\Temp\libeay32.dll C:\Users\Lisa\AppData\Local\Temp\msvcr120.dll C:\Users\Lisa\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-05-18 17:11 ==================== Ende von FRST.txt ============================ |
|
23.05.2016, 14:29
| #4 |
| | E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnenCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:22-05-2016 01
durchgeführt von Lisa (2016-05-23 15:19:04)
Gestartet von C:\Users\Lisa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-12-21 16:54:43)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2847114485-2203063503-2096561936-500 - Administrator - Disabled)
Gast (S-1-5-21-2847114485-2203063503-2096561936-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2847114485-2203063503-2096561936-1002 - Limited - Enabled)
Lisa (S-1-5-21-2847114485-2203063503-2096561936-1000 - Administrator - Enabled) => C:\Users\Lisa
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader 9.2 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{bfb60b68-92b8-481b-b416-7e05b4ea01c9}) (Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{0F9639CB-D661-4FA0-A4B1-0441E515E0B7}) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.2.0.24 - DivX, LLC)
eBay (HKLM-x32\...\{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}) (Version: 1.0.4 - eBay Inc.)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
FoxTab PDF Converter (HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\...\FoxTab PDF Converter) (Version: - ) <==== ACHTUNG
Free YouTube to MP3 Converter version 3.12.3.610 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.3.610 - DVDVideoSoft Ltd.)
Google Chrome (HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA)
HDMI Control Manager (Version: 2.0 - TOSHIBA) Hidden
HDMI Control Manager (x32 Version: 2.0 - TOSHIBA) Hidden
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{DF37555F-0259-43DA-B60C-47106FA14AA3}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Hilfe (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java(TM) 6 Update 27 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.270 - Sun Microsystems, Inc.)
Java(TM) 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Java(TM) SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 sdk (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.5.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.5.0 - )
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Online Games Manager v1.40 (HKLM-x32\...\Online Games Manager) (Version: 1.40.2 - Real Networks, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.2 (HKLM-x32\...\{2217B0B4-35CB-48C6-B640-864DF2F30F99}) (Version: 3.2.9483 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Play withSIX (HKLM-x32\...\{D7F3EEAD-183C-47DE-BDC5-593539573F97}) (Version: 1.30.0476 - SIX Networks)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Skype™ 6.9 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.9.106 - Skype Technologies S.A.)
Source SDK (HKLM-x32\...\Steam App 211) (Version: - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.44.1000 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.1.1 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.23 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.11-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.11.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.1.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
Toshiba Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.0-663 - myphotobook GmbH)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.3 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}) (Version: 1.0.04.64 - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisorkennwort (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
Toshiba TEMPRO (HKLM-x32\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.06 - Toshiba Europe GmbH)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.7 - TOSHIBA) Hidden
Trust Tablet Driver (HKLM-x32\...\TabletDriver) (Version: - )
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Unity Web Player (HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2847114485-2203063503-2096561936-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2847114485-2203063503-2096561936-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2847114485-2203063503-2096561936-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2847114485-2203063503-2096561936-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2847114485-2203063503-2096561936-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0B3983A7-FF7C-45B0-8C8E-871241CE6569} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04] (Adobe Systems Incorporated)
Task: {10C05E59-81C6-4558-8574-5315DA5510A2} - System32\Tasks\{040C6B66-BFB2-411F-AD34-5CC45E690F07} => C:\Program Files (x86)\Activision\GUN\Gun.exe
Task: {1700D53F-4B52-4888-98D0-A1A495C6462C} - System32\Tasks\{62166471-59DA-4648-902A-AB827C9EEF73} => C:\Program Files (x86)\Activision\GUN\Gun.exe
Task: {1E5E8F70-6905-4760-876A-7548D029EB68} - System32\Tasks\{5CD8F072-71E5-4B4E-BBA1-55DEBF2B90CF} => C:\Users\Lisa\Desktop\oblivion-train11.exe
Task: {1EB94471-40D6-4F98-BB71-0230D2FF3C7F} - System32\Tasks\{0AF239D7-C33B-4968-BC2A-0CA139DA2B89} => pcalua.exe -a C:\Users\Lisa\Downloads\vcredist_x86(3).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {23CFCEA3-0206-485F-84F1-48BF1C690654} - System32\Tasks\{9390EE57-E917-473C-B402-EF9139AE5F32} => C:\Program Files (x86)\Activision\GUN\Gun.exe
Task: {2568FD9B-AB47-4959-BFDC-3EF878218C13} - System32\Tasks\{9836F6AE-1CCA-41AA-B786-FFA8A1355ED0} => pcalua.exe -a F:\directx\dxsetup.exe -d F:\directx
Task: {2D141768-74E6-43D5-8C7C-D4518106AB01} - System32\Tasks\{15C576F1-4D15-4A34-8114-D144807C004B} => C:\Program Files (x86)\Activision\GUN\Gun.exe
Task: {30D310B9-D492-4FDB-B4EC-7523099814C7} - System32\Tasks\{510F6BFC-DE17-4C7E-986E-5EC69C2229AC} => C:\Users\Lisa\Desktop\oblivion-train11.exe
Task: {39F94E55-DF24-4F9B-B4E0-47AF4A157A10} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-09-03] (TOSHIBA CORPORATION)
Task: {3DF1BB2C-2478-4E02-9EDB-3405A9CF82A9} - System32\Tasks\Google Updater and Installer => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3FBE419C-1644-4567-8A6A-F823DB2A0E25} - System32\Tasks\{96F1108D-9994-450C-A6C2-6AFEAF37297C} => C:\Users\Lisa\Desktop\oblivion-train11.exe
Task: {41D23E83-E1D4-4DA4-BAD5-9DB354D0A6F6} - System32\Tasks\{8347D5E7-F7CF-4DED-99E8-8911B23D93C9} => C:\Program Files (x86)\Activision\GUN\Gun.exe
Task: {43FA5CFD-1B2C-4D2C-A61F-00DA186D9C62} - System32\Tasks\{96C4BC3F-565C-442F-9466-CCEA62A84197} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{2DFF2906-52BB-4222-8062-1509259FC013}
Task: {4F0812B2-1A48-4D0F-8FDC-3EB933B7E209} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2847114485-2203063503-2096561936-1000Core => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {57772431-55A4-46B0-98FA-29EA3525840B} - System32\Tasks\{739E0BDD-006F-4A46-8F56-BB903558C1B6} => pcalua.exe -a C:\Users\Lisa\Desktop\brew-fc2.exe -d C:\Users\Lisa\Desktop
Task: {57E803EF-F2FE-4DE9-9AD1-C9B5415926DD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {5BE025C6-6C69-4EF4-89E2-503187904685} - System32\Tasks\{1BB94ADC-0763-4503-8ADB-5185FDD512E4} => pcalua.exe -a E:\TagesSetup.exe -d E:\
Task: {5E340623-E6A9-447D-96D9-EFC879CD816A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2847114485-2203063503-2096561936-1000UA => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5ED77180-EC43-4B29-8492-A987D57CF316} - System32\Tasks\{F011BAAD-E10C-485C-9A1B-9AA0CCD4DFA3} => C:\Users\Lisa\Desktop\oblivion-train11.exe
Task: {605053EB-B9F1-46DB-9F3A-DB218F9E84F7} - System32\Tasks\{869B7653-771D-42F6-8AB5-D92F83478A05} => C:\Users\Lisa\Desktop\oblivion-train11.exe
Task: {628370A8-A366-4F80-9E90-0622B9481415} - System32\Tasks\{6B2BBA9D-58BD-4BD3-9316-6552B58FA89C} => C:\Program Files (x86)\The Witcher Enhanced Edition\launcher.exe
Task: {6543BD49-F59F-44EE-AA94-CBC8C6ADB8DB} - System32\Tasks\{E718345D-A1CC-4C38-894D-0B7DE8C797A6} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/300
Task: {66342059-99C4-4E5C-8137-9E84E4D2276A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {6A2D95AE-4787-43A3-8DAE-2C4BB247F5F1} - System32\Tasks\{A7F7BA0E-4D23-4334-97DB-33DBB8D2FCAB} => C:\Program Files (x86)\Activision\GUN\Gun.exe
Task: {6B49ABCA-D0D9-4EB9-BB4A-59881D53D073} - System32\Tasks\{B8FE14E5-31B7-4651-A108-84725DADE162} => C:\Program Files (x86)\Activision\GUN\Gun.exe
Task: {6DB49AB8-2E3F-4320-BF7E-1F2683308CCD} - System32\Tasks\{F28F94C0-E526-4189-8624-EB39B32FBB12} => C:\Users\Lisa\Desktop\oblivion-train11.exe
Task: {71A4D761-BADD-48BC-B75B-24C3F19EADAB} - System32\Tasks\{B80EAC5E-97EE-4318-809D-315BDD3EBD4A} => C:\Program Files (x86)\Activision\GUN\Gun.exe
Task: {73172ABE-C615-4B84-8CBA-3FF5926550B3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {770A582E-915E-437E-9F02-AA9633FE9D19} - System32\Tasks\{4C2148F8-0ECF-47F2-9684-4B78736A3296} => pcalua.exe -a C:\Users\Lisa\Downloads\PESEdit_2010_V._3.0.exe -d C:\Users\Lisa\Downloads
Task: {835C9E8E-B4E7-44F3-ACE0-D5CCC35625A7} - System32\Tasks\{E05CCBFA-2B3E-4FE2-B87F-18371F819435} => C:\Program Files (x86)\UseNeXT\UseNeXT.exe
Task: {8650681E-4E9E-4446-B3D1-D1544E27A070} - System32\Tasks\{5BA45FF3-C5C5-45E7-9286-8E1ED17A5AF1} => pcalua.exe -a "C:\Program Files\Tamagotchi Simulator\fimain.exe"
Task: {88163B67-4223-4AEC-B996-2E67E1D18C93} - System32\Tasks\{81BB2BC4-A59B-44AD-B006-4F6C93B1EBB2} => pcalua.exe -a C:\Users\Lisa\Desktop\tqtrn120.exe -d C:\Users\Lisa\Desktop
Task: {8F68060B-F51C-47BF-A56C-64F846D9BE35} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-24] (Google Inc.)
Task: {8F741BBD-A120-4F9C-B3CF-568C8281C9BD} - System32\Tasks\{F539BD6C-8639-43E9-A50B-B546D1A0CDFF} => C:\Users\Lisa\Desktop\oblivion-train11.exe
Task: {950BD1F1-0FF6-4CE6-A97C-478B0E1818A5} - System32\Tasks\{4E5F64A5-AC31-422D-B53D-C9D93A489DF8} => pcalua.exe -a "C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O10ZY41C\7Million_0_16_0-minimum[1].exe" -d C:\Users\Lisa\Desktop
Task: {A083A431-3771-4EF4-B671-D1C9A38CF5E3} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe
Task: {A7CE6A7F-A8EA-4815-9118-C4986598BE96} - System32\Tasks\{E073862E-8667-450F-834A-7707F1A3A50F} => C:\Users\Lisa\Desktop\oblivion-train11.exe
Task: {AB51F884-7ECE-4144-9FAB-3F9C33607FF4} - System32\Tasks\{A4BE904A-C806-4D37-ADEC-D8836DE3F41E} => C:\Program Files (x86)\The Witcher Enhanced Edition\launcher.exe
Task: {AE099634-F360-47EB-B99C-17B1A741B661} - System32\Tasks\{738FE2C1-FC4F-48C2-9733-5ECAF3354D7D} => pcalua.exe -a C:\Users\Lisa\Desktop\oblivion-train11.exe -d C:\Users\Lisa\Desktop
Task: {B3716CB6-133E-4BD5-9C13-96CCFB2C9259} - System32\Tasks\{49666FC4-ADBA-4219-839B-58CB71E96C84} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\SleepingDogs\redist\D3D11Install_2010.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\SleepingDogs\redist"
Task: {B647B566-AFC4-4FAF-B872-19F5F91B2B77} - System32\Tasks\{9C8CECEA-189F-4106-A5CE-B44357B33A2E} => C:\Users\Lisa\Desktop\oblivion-train11.exe
Task: {C39E92C1-34B9-4202-811C-A64FDA6B20D5} - System32\Tasks\{A5DD857B-3C86-42AC-9EE1-B3ECF55B38DF} => C:\Users\Lisa\Desktop\oblivion-train11.exe
Task: {CB1F6352-D278-4A81-B929-F9C4BC9CB407} - System32\Tasks\{2533E42B-B102-460F-8796-A58578E97C43} => C:\Program Files (x86)\The Witcher Enhanced Edition\launcher.exe
Task: {D1B843DE-C2A1-4E6E-8DF6-F8703EE7306B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-05-21] (AVAST Software)
Task: {D2CB005D-3D77-410F-AADC-7C31A2794D5A} - System32\Tasks\{C98FA486-9665-425D-900B-75C7767D05E9} => pcalua.exe -a F:\setup.exe -d F:\
Task: {D86EDBCD-9071-423B-ABCD-2BDB7F8C147E} - System32\Tasks\{0A441D9E-654B-449D-A68A-D66F3B827C4A} => C:\Users\Lisa\Desktop\ARDSi_104\WindowsInstaller-KB893803-v2-x86.exe
Task: {D92F1A6F-96A9-4C2C-97CA-EFA9D69D1856} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-24] (Google Inc.)
Task: {E2746BE0-83BD-4C2D-ADF4-D11AC1B2FAE2} - System32\Tasks\{6C8CF6DB-8D90-4F1E-A89A-201F2E6702C1} => C:\Program Files (x86)\Activision\GUN\Gun.exe
Task: {E616ABAD-83DB-4365-8AA2-829AA1BC239E} - System32\Tasks\{7B2D9361-345B-4F6C-B329-6D2A1B1DB8B5} => C:\Program Files (x86)\Activision\GUN\Gun.exe
Task: {E9A6FF5C-D8AA-469C-9441-190BC1D0D1D8} - System32\Tasks\{72BE728C-D27D-4DF6-AF90-F2ADC607EF3B} => pcalua.exe -a C:\Users\Lisa\Downloads\FileZilla_3.2.7.1_win32-setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {F52EAB8E-B57B-4868-8A11-9645B12C2033} - System32\Tasks\{37AADF5C-B236-4645-B5C8-753EFA241D30} => C:\Users\Lisa\Desktop\oblivion-train11.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2847114485-2203063503-2096561936-1000Core.job => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2847114485-2203063503-2096561936-1000UA.job => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2009-07-16 16:27 - 2009-07-16 16:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 16:27 - 2009-07-16 16:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-09-24 16:22 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-09-03 21:38 - 2009-09-03 21:38 - 00559480 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2010-05-18 19:50 - 2011-10-28 10:10 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-08-03 18:18 - 2009-08-03 18:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-10-10 23:48 - 2013-10-10 23:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2009-09-24 17:17 - 2009-09-24 17:17 - 00267264 _____ () C:\Windows\system32\wintab32.dll
2009-09-24 17:17 - 2009-09-24 17:17 - 00267264 _____ () C:\Windows\system32\WinTab32.DLL
2016-05-13 01:54 - 2016-05-11 13:48 - 01738904 _____ () C:\Users\Lisa\AppData\Local\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 01:54 - 2016-05-11 13:48 - 00086168 _____ () C:\Users\Lisa\AppData\Local\Google\Chrome\Application\50.0.2661.102\libegl.dll
2009-09-24 17:16 - 2009-09-24 17:16 - 00200704 _____ () C:\Windows\SysWOW64\WinTab32.DLL
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Lisa:zylomtest [0]
AlternateDataStreams: C:\Users\Lisa:zylomtr{000HQ7FF-AD7A-3FG7-5P29-2A14KFREQVPH} [38]
AlternateDataStreams: C:\ProgramData\TEMP:27F44544 [143]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [144]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\startupfolder: C:^Users^Lisa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FIFA 11-Registrierung.lnk => C:\Windows\pss\FIFA 11-Registrierung.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lisa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Metropolis => rundll32.exe C:\Users\Lisa\AppData\Local\Temp\sshnas21.dll,GetHandle
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TOSHIBA Online Product Information => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TQ566808 => "E:\Setup.exe"
MSCONFIG\startupreg: TWebCamera => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{899B419C-3699-4915-8EEC-19F7AC7C82E1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{76FF8C72-98C6-4A97-9743-53E1DB32C51E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D7AD88EF-4E6B-49FA-84A3-581920991C15}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1274F71E-EF76-47D4-BDDA-0F1C48C9D196}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{86E9F717-5B4F-4B71-8EEF-6EEF798CC3B7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F3EFAD2B-D98F-4304-B7DF-12A163CAFBB7}] => (Allow) svchost.exe
FirewallRules: [{6C260BFD-3D7B-47FE-BB11-A6423FFA2F86}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{07784AA7-09CD-4013-A303-3E2067909B1A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C85FF48B-2770-429B-8CF3-DF8BCF78A5AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{4019B158-F852-4B86-8172-B3C1B061B90B}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{C9DC9FA4-C8F3-48DE-ADEF-317F5B3A4F0D}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{A2BDF779-6629-4F89-A690-66C14340C480}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{10A340FC-611F-4575-B119-3256ED145EB4}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{5412C3C6-EAEB-4AAB-BC23-9584872C9F96}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4171ABB2-21E7-4681-86BA-D7C1C2877B98}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{02350756-A9AA-4810-8208-A220079E67AF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{94F29A59-47C0-4C5F-8786-01BF107418D7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C1878CCA-7DCA-449D-970C-7E6425A274A2}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{0CBE179C-9FF2-488B-BD08-6F6DFAAC5CB9}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [TCP Query User{52228758-7082-4D7A-9E30-C09F311648D5}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{5A81EAF7-4B48-436D-82A0-3400EB00F17C}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{51FA299C-C015-4B41-99AB-1A94C1AA07E0}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe
FirewallRules: [UDP Query User{64860A1C-47CA-4A4C-90FD-BC86258ED994}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{B170B5DB-8E9F-4A44-8221-AC44664A41EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{B0DFFFE1-FBC7-41DE-B185-F7E6EEF7B0A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{A96DD63A-A3D7-4F63-BEB8-3121B990B5F9}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E09DDE6C-927A-48AD-88A3-D770D606D1C4}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{D40D4A16-413A-4572-8331-F2F0D6336D85}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{93315FF6-6AC3-446A-A975-487DD63E0269}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{A5297E28-CB2E-4DDA-B592-FC0A9A897467}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe] => (Allow) C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe
FirewallRules: [TCP Query User{9BBD80B7-5355-4C80-A86B-F4FC61EB63C2}C:\users\lisa\appdata\local\play withsix\tools\mingw\bin\rsync.exe] => (Allow) C:\users\lisa\appdata\local\play withsix\tools\mingw\bin\rsync.exe
FirewallRules: [UDP Query User{AFCA0D8D-30D7-4F9C-B092-C10B8386F541}C:\users\lisa\appdata\local\play withsix\tools\mingw\bin\rsync.exe] => (Allow) C:\users\lisa\appdata\local\play withsix\tools\mingw\bin\rsync.exe
FirewallRules: [TCP Query User{4E376CB0-EFB7-4589-9D93-51C8E3B6E0FE}C:\users\lisa\appdata\local\play withsix\tools\mingw\bin\rsync.exe] => (Allow) C:\users\lisa\appdata\local\play withsix\tools\mingw\bin\rsync.exe
FirewallRules: [UDP Query User{C1CAE541-BF31-4FBD-A8B1-58260F33BAEB}C:\users\lisa\appdata\local\play withsix\tools\mingw\bin\rsync.exe] => (Allow) C:\users\lisa\appdata\local\play withsix\tools\mingw\bin\rsync.exe
FirewallRules: [{0904B7F9-193B-4FC2-ABF0-AAC050A9C7DD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{33148D07-B261-4E57-9C68-6F77FA52F14F}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{F1204CEE-00E7-466E-80FF-20A3449D8378}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F98C6A20-31EE-40AF-B113-4F0F8119E4E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{592DB0F3-8755-40AF-AB51-F40E2D2F5097}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E9478FE-9729-468C-9419-A41103E61077}] => (Allow) C:\Zylom Games\Big City Adventure - Barcelona\BigCityAdventureBarcelona.exe
FirewallRules: [{3E102E28-41A6-421E-B068-42813135A616}] => (Allow) C:\Zylom Games\Big City Adventure - Barcelona\BigCityAdventureBarcelona.exe
FirewallRules: [{02EBF42B-3701-4505-8BA8-695871E88115}] => (Allow) C:\Zylom Games\Big City Adventure - Barcelona\BigCityAdventureBarcelona.exe
FirewallRules: [{4B159F67-5FB4-409A-80C5-48692C52707A}] => (Allow) C:\Zylom Games\Big City Adventure - Barcelona\BigCityAdventureBarcelona.exe
FirewallRules: [{6DAC2175-9187-40FD-BF1A-D37142A549AE}] => (Allow) C:\Zylom Games\Brownies Platinum Edition\Launcher.exe
FirewallRules: [{D3EEBFD9-CAFA-4168-8F7A-375F47DB7A75}] => (Allow) C:\Zylom Games\Brownies Platinum Edition\Launcher.exe
FirewallRules: [{D036F386-5205-4B34-91D9-C367249CFFAF}] => (Allow) C:\Zylom Games\Brownies Platinum Edition\Launcher.exe
FirewallRules: [{E8471284-66A3-4691-8FEA-F7FF65839C8A}] => (Allow) C:\Zylom Games\Brownies Platinum Edition\Launcher.exe
FirewallRules: [{B910739C-030A-4942-A317-40D2518AA587}] => (Allow) C:\Zylom Games\Among the Heavens\AmongTheHeavens.exe
FirewallRules: [{7232B0BC-E052-497D-87CB-CA42FA9B37EA}] => (Allow) C:\Zylom Games\Among the Heavens\AmongTheHeavens.exe
FirewallRules: [{CC12C195-E6AA-46E1-96F3-4B9405C2EC94}] => (Allow) C:\Zylom Games\Among the Heavens\AmongTheHeavens.exe
FirewallRules: [{D3A4C532-1D6A-4D98-81B3-485A2159245F}] => (Allow) C:\Zylom Games\Among the Heavens\AmongTheHeavens.exe
FirewallRules: [{ED0445B4-A627-491C-89B8-0D354F831E96}] => (Allow) C:\Zylom Games\Viking Saga Super Pack\Viking Saga Super Pack.exe
FirewallRules: [{D2BBE193-EF81-46BB-A7E5-A222B969441D}] => (Allow) C:\Zylom Games\Viking Saga Super Pack\Viking Saga Super Pack.exe
FirewallRules: [{B9FC4706-EBC7-4B39-A2C7-F276CC27A881}] => (Allow) C:\Zylom Games\Viking Saga Super Pack\Viking Saga Super Pack.exe
FirewallRules: [{695C3EA2-5F6C-445E-B113-35E4F48998AE}] => (Allow) C:\Zylom Games\Viking Saga Super Pack\Viking Saga Super Pack.exe
FirewallRules: [{D2B75490-0A39-4C74-B0F4-0DA132D53480}] => (Allow) C:\Zylom Games\The Other Side - Tower Of Souls\TheOtherSide_TowerofSouls.exe
FirewallRules: [{07C15C5C-5735-435A-B4FE-857A8ED9AAF8}] => (Allow) C:\Zylom Games\The Other Side - Tower Of Souls\TheOtherSide_TowerofSouls.exe
FirewallRules: [{7E9ECCED-D88D-44F2-B4F8-3678086C944A}] => (Allow) C:\Zylom Games\The Other Side - Tower Of Souls\TheOtherSide_TowerofSouls.exe
FirewallRules: [{649CDFA5-32C5-47C6-8AE4-4DA9AAE83DDD}] => (Allow) C:\Zylom Games\The Other Side - Tower Of Souls\TheOtherSide_TowerofSouls.exe
FirewallRules: [{33F007C3-2455-420D-B395-4C7A22A06544}] => (Allow) C:\Zylom Games\Rescue Team 4\RescueTeam4.exe
FirewallRules: [{550D6E30-6C5A-498E-9E8A-AEC3B4C3B7B8}] => (Allow) C:\Zylom Games\Rescue Team 4\RescueTeam4.exe
FirewallRules: [{39052E26-BBD9-404D-B0B1-32DC3F0D00A4}] => (Allow) C:\Zylom Games\Rescue Team 4\RescueTeam4.exe
FirewallRules: [{0C5E36C8-201E-446C-ABE5-EAD6ED048DEB}] => (Allow) C:\Zylom Games\Rescue Team 4\RescueTeam4.exe
FirewallRules: [{E09068DC-5C22-4040-8D9F-3005DB91960E}] => (Allow) C:\Zylom Games\Delicious Super Pack\Delicious Super Pack.exe
FirewallRules: [{916E8383-D6A9-49FD-BACD-A3776330BC1E}] => (Allow) C:\Zylom Games\Delicious Super Pack\Delicious Super Pack.exe
FirewallRules: [{AB297866-85B8-462B-8BD2-733C48DE40EE}] => (Allow) C:\Zylom Games\Delicious Super Pack\Delicious Super Pack.exe
FirewallRules: [{9FF42508-BCB2-48FB-8818-D32DF6C42350}] => (Allow) C:\Zylom Games\Delicious Super Pack\Delicious Super Pack.exe
FirewallRules: [{39388175-C5D7-4D9C-96FB-20FDD21906C8}] => (Allow) C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe
FirewallRules: [{E4078226-4B9E-496E-A8BA-D0398EF5D63F}] => (Allow) C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe
FirewallRules: [{37C2A9BF-371B-4D97-B745-36251F35293D}] => (Allow) C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe
FirewallRules: [{5AD1B768-41A7-4525-AF4D-8CD6F10EA6C8}] => (Allow) C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe
FirewallRules: [{CD52ED8F-DA09-41E6-9642-54943E1D9829}] => (Allow) C:\Zylom Games\Fairy Kingdom Deluxe\kingdom.exe
FirewallRules: [{C5AA1C33-B67B-4AF5-9F4E-16ABBD3050AF}] => (Allow) C:\Zylom Games\Fairy Kingdom Deluxe\kingdom.exe
FirewallRules: [{F638093A-244A-472F-AB88-E2FFC036C3EB}] => (Allow) C:\Zylom Games\Fairy Kingdom Deluxe\kingdom.exe
FirewallRules: [{7F8C9E0B-20F4-4C51-9222-7E55A0730096}] => (Allow) C:\Zylom Games\Fairy Kingdom Deluxe\kingdom.exe
FirewallRules: [{5CD06754-9871-4E33-A420-0CD3852ABAEB}] => (Allow) C:\Zylom Games\Gardens Inc 3 - Bridal Pursuit\GardensInc3_ABridalPursuitCE.exe
FirewallRules: [{05B3AB8B-5E05-4985-B390-A05B471719E7}] => (Allow) C:\Zylom Games\Gardens Inc 3 - Bridal Pursuit\GardensInc3_ABridalPursuitCE.exe
FirewallRules: [{4FFE14B1-9343-489A-B64E-E820A084153A}] => (Allow) C:\Zylom Games\Gardens Inc 3 - Bridal Pursuit\GardensInc3_ABridalPursuitCE.exe
FirewallRules: [{6B3154FD-B51A-423F-9664-2635FBC1B6BE}] => (Allow) C:\Zylom Games\Gardens Inc 3 - Bridal Pursuit\GardensInc3_ABridalPursuitCE.exe
FirewallRules: [{AE1288B2-2834-4875-8AA1-3BC6854BAE23}] => (Allow) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
FirewallRules: [{8023E1EB-883F-42F0-97D9-F7EC1CFAC2DF}] => (Allow) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
FirewallRules: [{01C9AEEF-C94C-4907-9A34-CAE3E2F94035}] => (Allow) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
FirewallRules: [{FD4B0404-90F2-49AA-A961-100F8052128A}] => (Allow) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
FirewallRules: [{96A93E49-8716-4451-8686-B87FA22832FE}] => (Allow) C:\Zylom Games\Mystery Murders - The Sleeping Palace\palaceMystery.exe
FirewallRules: [{315D2989-BBF7-4E58-84B8-8C0A354E30CC}] => (Allow) C:\Zylom Games\Mystery Murders - The Sleeping Palace\palaceMystery.exe
FirewallRules: [{B430F39B-EC51-4443-A6F6-8815A2B68660}] => (Allow) C:\Zylom Games\Mystery Murders - The Sleeping Palace\palaceMystery.exe
FirewallRules: [{3D62DFB2-E2FD-424B-9369-4E01F16078C2}] => (Allow) C:\Zylom Games\Mystery Murders - The Sleeping Palace\palaceMystery.exe
FirewallRules: [{818F56C9-916E-4B7E-9F3D-5F04CEA2016F}] => (Allow) C:\Zylom Games\Northern Tale Super Pack\Northern Tale Super Pack.exe
FirewallRules: [{91C618EF-34ED-484C-BED3-CCE1122E5B88}] => (Allow) C:\Zylom Games\Northern Tale Super Pack\Northern Tale Super Pack.exe
FirewallRules: [{32C4D209-C7CE-4EBD-AC23-3CEF0F3C1D3D}] => (Allow) C:\Zylom Games\Northern Tale Super Pack\Northern Tale Super Pack.exe
FirewallRules: [{9BC6F5B6-440D-4613-8900-778FE810193D}] => (Allow) C:\Zylom Games\Northern Tale Super Pack\Northern Tale Super Pack.exe
==================== Wiederherstellungspunkte =========================
15-05-2016 19:00:43 Windows-Sicherung
23-05-2016 14:09:00 Windows-Sicherung
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (05/23/2016 03:01:09 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Der RPC-Server ist nicht verfügbar. (0x800706BA)"
Error: (05/23/2016 03:01:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "IVssAsync::QueryStatus" ist ein unerwarteter Fehler aufgetreten. hr = 0x800706ba, Der RPC-Server ist nicht verfügbar.
.
Vorgang:
BackupComplete-Ereignis
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: BackupComplete
Error: (05/23/2016 02:55:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AdwCleaner_5.117.exe, Version 5.1.1.7 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d60
Startzeit: 01d1b4f20185f6af
Endzeit: 0
Anwendungspfad: C:\Users\Lisa\Desktop\AdwCleaner_5.117.exe
Berichts-ID:
Error: (05/23/2016 02:43:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AdwCleaner_5.117.exe, Version 5.1.1.7 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c30
Startzeit: 01d1b4ef304b19c7
Endzeit: 5
Anwendungspfad: C:\Users\Lisa\Downloads\AdwCleaner_5.117.exe
Berichts-ID:
Systemfehler:
=============
Error: (05/23/2016 03:06:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (05/23/2016 03:01:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (05/23/2016 03:00:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Virtueller Datenträger" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/23/2016 03:00:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Blockebenen-Sicherungsmodul" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/23/2016 03:00:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/23/2016 03:00:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ConfigFree Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/23/2016 03:00:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/23/2016 03:00:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ConfigFree Gadget Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/23/2016 03:00:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ConfigFree WiMAX Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/23/2016 03:00:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2012-05-15 20:21:10.314
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-05-15 20:21:10.250
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-05-15 20:20:17.686
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-05-15 20:20:17.608
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-16 23:40:23.934
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\dsiarhwprog_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-16 23:40:23.890
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\dsiarhwprog_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-16 23:39:22.902
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\dsiarhwprog_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-16 23:39:22.855
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\dsiarhwprog_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-16 23:32:38.464
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\dsiarhwprog_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-16 23:32:38.417
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\dsiarhwprog_x64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 4060.87 MB
Verfügbarer physikalischer RAM: 2203.5 MB
Summe virtueller Speicher: 8119.92 MB
Verfügbarer virtueller Speicher: 5737.54 MB
==================== Laufwerke ================================
Drive c: (WINDOWS) (Fixed) (Total:186.31 GB) (Free:93.67 GB) NTFS
Drive d: (Data) (Fixed) (Total:185.91 GB) (Free:39.66 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: FD839285)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185.9 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
23.05.2016, 22:17
| #5 |
| /// TB-Ausbilder /// Anleitungs-Guru | E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnen Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
24.05.2016, 10:44
| #6 |
| | E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnenCode:
ATTFilter 11:26:20.0205 0x1430 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
11:26:29.0852 0x1430 ============================================================
11:26:29.0852 0x1430 Current date / time: 2016/05/24 11:26:29.0852
11:26:29.0852 0x1430 SystemInfo:
11:26:29.0852 0x1430
11:26:29.0852 0x1430 OS Version: 6.1.7601 ServicePack: 1.0
11:26:29.0852 0x1430 Product type: Workstation
11:26:29.0853 0x1430 ComputerName: TOSHIBA
11:26:29.0853 0x1430 UserName: Lisa
11:26:29.0853 0x1430 Windows directory: C:\Windows
11:26:29.0853 0x1430 System windows directory: C:\Windows
11:26:29.0853 0x1430 Running under WOW64
11:26:29.0853 0x1430 Processor architecture: Intel x64
11:26:29.0853 0x1430 Number of processors: 2
11:26:29.0853 0x1430 Page size: 0x1000
11:26:29.0853 0x1430 Boot type: Normal boot
11:26:29.0853 0x1430 ============================================================
11:26:32.0548 0x1430 KLMD registered as C:\Windows\system32\drivers\54338120.sys
11:26:33.0511 0x1430 System UUID: {FFB1E597-DBAD-6EAB-D5D5-79AC8386C4A3}
11:26:34.0572 0x1430 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 ( 372.61 Gb ), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:26:34.0580 0x1430 ============================================================
11:26:34.0580 0x1430 \Device\Harddisk0\DR0:
11:26:34.0580 0x1430 MBR partitions:
11:26:34.0580 0x1430 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1749C800
11:26:34.0580 0x1430 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17565000, BlocksNum 0x173D4000
11:26:34.0580 0x1430 ============================================================
11:26:34.0609 0x1430 C: <-> \Device\Harddisk0\DR0\Partition1
11:26:34.0752 0x1430 D: <-> \Device\Harddisk0\DR0\Partition2
11:26:34.0752 0x1430 ============================================================
11:26:34.0753 0x1430 Initialize success
11:26:34.0753 0x1430 ============================================================
11:30:16.0001 0x15f4 ============================================================
11:30:16.0001 0x15f4 Scan started
11:30:16.0001 0x15f4 Mode: Manual; SigCheck; TDLFS;
11:30:16.0001 0x15f4 ============================================================
11:30:16.0001 0x15f4 KSN ping started
11:30:18.0920 0x15f4 KSN ping finished: true
11:30:28.0099 0x15f4 ================ Scan system memory ========================
11:30:28.0099 0x15f4 System memory - ok
11:30:28.0099 0x15f4 ================ Scan services =============================
11:30:28.0281 0x15f4 [ A0709B82FA3B5AFAD1467E565B8B3BA0, 3C20E66B37768169A69514F7F1DD21113483499BF3BD8852B803882E019B60FC ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:30:28.0657 0x15f4 !SASCORE - detected UnsignedFile.Multi.Generic ( 1 )
11:30:31.0310 0x15f4 Detect skipped due to KSN trusted
11:30:31.0310 0x15f4 !SASCORE - ok
11:30:31.0845 0x15f4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:30:31.0909 0x15f4 1394ohci - ok
11:30:31.0975 0x15f4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:30:32.0044 0x15f4 ACPI - ok
11:30:32.0126 0x15f4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:30:32.0187 0x15f4 AcpiPmi - ok
11:30:32.0292 0x15f4 [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
11:30:32.0395 0x15f4 acsock - ok
11:30:32.0859 0x15f4 [ 6A050671F2C76FB48131F12786802807, 71B37A9CEAE5AB1B069FB010BC547E14445461885B74FA879E63F9F2DAF644A5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:30:32.0902 0x15f4 AdobeFlashPlayerUpdateSvc - ok
11:30:33.0089 0x15f4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:30:33.0347 0x15f4 adp94xx - ok
11:30:33.0448 0x15f4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:30:33.0561 0x15f4 adpahci - ok
11:30:33.0731 0x15f4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:30:33.0833 0x15f4 adpu320 - ok
11:30:33.0964 0x15f4 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:30:34.0001 0x15f4 AeLookupSvc - ok
11:30:34.0135 0x15f4 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
11:30:34.0200 0x15f4 AFD - ok
11:30:34.0351 0x15f4 [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
11:30:34.0621 0x15f4 AgereSoftModem - ok
11:30:34.0720 0x15f4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
11:30:34.0774 0x15f4 agp440 - ok
11:30:34.0867 0x15f4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
11:30:35.0134 0x15f4 ALG - ok
11:30:35.0287 0x15f4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
11:30:35.0429 0x15f4 aliide - ok
11:30:35.0509 0x15f4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
11:30:35.0594 0x15f4 amdide - ok
11:30:35.0696 0x15f4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:30:35.0854 0x15f4 AmdK8 - ok
11:30:35.0913 0x15f4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:30:35.0981 0x15f4 AmdPPM - ok
11:30:36.0094 0x15f4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:30:36.0147 0x15f4 amdsata - ok
11:30:36.0222 0x15f4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:30:36.0319 0x15f4 amdsbs - ok
11:30:36.0367 0x15f4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:30:36.0482 0x15f4 amdxata - ok
11:30:36.0755 0x15f4 [ 157DA3885AA4F03C80C10DAEB0949CAA, 69EA1C9F904FBDFE904A3BC52CB0E188AF18A93EA87A119E5E6234C6F5D4742E ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
11:30:36.0825 0x15f4 AntiVirMailService - ok
11:30:37.0265 0x15f4 [ BD65021AB0EC790AECC503C394E61BA4, 51AD9C6F1192A3604902AE4F3B4B791DF1D58EA0B39B12AE4FA38F59E02F6D68 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:30:37.0307 0x15f4 AntiVirSchedulerService - ok
11:30:37.0584 0x15f4 [ BD65021AB0EC790AECC503C394E61BA4, 51AD9C6F1192A3604902AE4F3B4B791DF1D58EA0B39B12AE4FA38F59E02F6D68 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:30:37.0619 0x15f4 AntiVirService - ok
11:30:38.0061 0x15f4 [ B667AB46FA82FC246F9069D81BB1065C, CC3ADE01E745B6A4F425E41C5C380BF0D06121B3823BDF0A8DF2973DA59F86EA ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
11:30:38.0576 0x15f4 AntiVirWebService - ok
11:30:39.0187 0x15f4 [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
11:30:39.0385 0x15f4 AppHostSvc - ok
11:30:39.0525 0x15f4 [ 6474F8823C7188D2DA579F01FB6CED6B, 81D4E9D026CA60FB8840D520D151B8C2F4745A75DF90A4D6C80641F1A23AB605 ] AppID C:\Windows\system32\drivers\appid.sys
11:30:39.0626 0x15f4 AppID - ok
11:30:39.0783 0x15f4 [ 8F58BA1F7772D6D7CE45F03309608001, CDB109E0DD241042C058F7D81A1BDEBC34435CB2DC4A7A7A3692193DD5806097 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:30:39.0910 0x15f4 AppIDSvc - ok
11:30:39.0992 0x15f4 [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo C:\Windows\System32\appinfo.dll
11:30:40.0143 0x15f4 Appinfo - ok
11:30:40.0253 0x15f4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:30:40.0307 0x15f4 arc - ok
11:30:40.0365 0x15f4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:30:40.0423 0x15f4 arcsas - ok
11:30:40.0765 0x15f4 [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:30:41.0207 0x15f4 aspnet_state - ok
11:30:41.0287 0x15f4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:30:41.0364 0x15f4 AsyncMac - ok
11:30:41.0484 0x15f4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
11:30:41.0548 0x15f4 atapi - ok
11:30:42.0308 0x15f4 [ 3EFD964D52221360AF0673CD61C2F4F5, 76D636CAF2E4FEDAAC6B0D958865A901340CF836EE4FCE59F1D5291E3BEC9F1E ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
11:30:43.0601 0x15f4 atikmdag - ok
11:30:43.0767 0x15f4 [ FC0E8778C000291CAF60EB88C011E931, 09BCCA3DE01021AEF76DFB46F01D21BA6FF409E816FA7547E5C3DFBF3A615ED2 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
11:30:43.0839 0x15f4 atksgt - ok
11:30:43.0927 0x15f4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:30:43.0969 0x15f4 AudioEndpointBuilder - ok
11:30:44.0106 0x15f4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:30:44.0140 0x15f4 AudioSrv - ok
11:30:44.0473 0x15f4 [ 742D578C28F6F58B8B576F91A1D8EB4E, 6C49EC198E67CE40728F0C19CB2BDCB59310BA59324F58E4D456DA2C8CC28BA6 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:30:44.0502 0x15f4 avgntflt - ok
11:30:44.0607 0x15f4 [ C9BED3BDC39FBCAA77A88308355B237E, AFC74D4BF86FB695D7D31534C174D926C8ED57E7D8E98339CE3ED060AC3BB6D0 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:30:44.0637 0x15f4 avipbb - ok
11:30:44.0897 0x15f4 [ 125DFFF37D51A45A72934C3BF89A64CD, 19208A6544DC822D5010C835A6FA5E8AC5406CBFB277C4C9E034EF6309B113EE ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
11:30:44.0927 0x15f4 Avira.ServiceHost - ok
11:30:45.0059 0x15f4 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
11:30:45.0085 0x15f4 avkmgr - ok
11:30:45.0228 0x15f4 [ 138A53D17B040F5A3A307D44A89D0905, AD212E430F2DE43F037BECF6A46FCD53270A5EE11427030C7D5CBC3EAAAAA029 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
11:30:45.0253 0x15f4 avnetflt - ok
11:30:45.0372 0x15f4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:30:45.0499 0x15f4 AxInstSV - ok
11:30:45.0621 0x15f4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:30:45.0723 0x15f4 b06bdrv - ok
11:30:45.0770 0x15f4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:30:45.0860 0x15f4 b57nd60a - ok
11:30:45.0930 0x15f4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
11:30:45.0996 0x15f4 BDESVC - ok
11:30:46.0032 0x15f4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
11:30:46.0089 0x15f4 Beep - ok
11:30:46.0188 0x15f4 [ B1359701847FF1FF415FA083F1610F48, 991F995B9CF614549F5F7EB5C5B2D47F34EFF0F47B35C4BF4CE716666B9DA1D3 ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
11:30:46.0243 0x15f4 BEService - detected UnsignedFile.Multi.Generic ( 1 )
11:30:49.0022 0x15f4 BEService ( UnsignedFile.Multi.Generic ) - warning
11:30:51.0325 0x1478 Object required for P2P: [ 6A050671F2C76FB48131F12786802807 ] AdobeFlashPlayerUpdateSvc
11:30:51.0834 0x15f4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
11:30:51.0915 0x15f4 BFE - ok
11:30:52.0014 0x15f4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
11:30:52.0081 0x15f4 BITS - ok
11:30:52.0120 0x15f4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:30:52.0164 0x15f4 blbdrive - ok
11:30:52.0198 0x15f4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:30:52.0233 0x15f4 bowser - ok
11:30:52.0258 0x15f4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:30:52.0286 0x15f4 BrFiltLo - ok
11:30:52.0304 0x15f4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:30:52.0379 0x15f4 BrFiltUp - ok
11:30:52.0465 0x15f4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
11:30:52.0530 0x15f4 Browser - ok
11:30:52.0638 0x15f4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:30:52.0745 0x15f4 Brserid - ok
11:30:52.0795 0x15f4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:30:52.0849 0x15f4 BrSerWdm - ok
11:30:52.0887 0x15f4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:30:52.0933 0x15f4 BrUsbMdm - ok
11:30:52.0967 0x15f4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:30:53.0010 0x15f4 BrUsbSer - ok
11:30:53.0036 0x15f4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:30:53.0088 0x15f4 BTHMODEM - ok
11:30:53.0145 0x15f4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
11:30:53.0192 0x15f4 bthserv - ok
11:30:53.0242 0x15f4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:30:53.0310 0x15f4 cdfs - ok
11:30:53.0370 0x15f4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:30:53.0422 0x15f4 cdrom - ok
11:30:53.0482 0x15f4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
11:30:53.0543 0x15f4 CertPropSvc - ok
11:30:53.0731 0x15f4 [ 837FF2D497880198C918E6954DBD170C, 249CEEAD3CF864A50BB144B5E376D427BBF985DA9E2FEF02410101248951BBAD ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
11:30:53.0759 0x15f4 cfWiMAXService - ok
11:30:53.0784 0x15f4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:30:53.0831 0x15f4 circlass - ok
11:30:53.0877 0x15f4 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
11:30:53.0915 0x15f4 CLFS - ok
11:30:54.0015 0x15f4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:30:54.0033 0x15f4 clr_optimization_v2.0.50727_32 - ok
11:30:54.0145 0x15f4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:30:54.0148 0x1478 Object send P2P result: true
11:30:54.0150 0x1478 Object required for P2P: [ 157DA3885AA4F03C80C10DAEB0949CAA ] AntiVirMailService
11:30:54.0164 0x15f4 clr_optimization_v2.0.50727_64 - ok
11:30:54.0240 0x15f4 [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:30:54.0517 0x15f4 clr_optimization_v4.0.30319_32 - ok
11:30:54.0565 0x15f4 [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:30:54.0703 0x15f4 clr_optimization_v4.0.30319_64 - ok
11:30:54.0733 0x15f4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:30:54.0769 0x15f4 CmBatt - ok
11:30:54.0806 0x15f4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:30:54.0829 0x15f4 cmdide - ok
11:30:54.0947 0x15f4 [ CA3FB5A6B626D8A00A89E049CF95954E, CD5E3E40972513195108BA46CEC1D0AEA6B09A67EEBDD17EB759BD1729B07C06 ] CNG C:\Windows\system32\Drivers\cng.sys
11:30:54.0988 0x15f4 CNG - ok
11:30:55.0038 0x15f4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:30:55.0059 0x15f4 Compbatt - ok
11:30:55.0100 0x15f4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:30:55.0140 0x15f4 CompositeBus - ok
11:30:55.0161 0x15f4 COMSysApp - ok
11:30:55.0210 0x15f4 [ D252C53BCDFC199BBA55EEB10CDB266E, 758E4FE0B20C0F7179BC45CBA50AF11380330DC7597141B00D914450EAC022DF ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
11:30:55.0245 0x15f4 ConfigFree Gadget Service - ok
11:30:55.0275 0x15f4 [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
11:30:55.0305 0x15f4 ConfigFree Service - ok
11:30:55.0339 0x15f4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:30:55.0361 0x15f4 crcdisk - ok
11:30:55.0422 0x15f4 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:30:55.0469 0x15f4 CryptSvc - ok
11:30:55.0545 0x15f4 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch C:\Windows\system32\rpcss.dll
11:30:55.0653 0x15f4 DcomLaunch - ok
11:30:55.0701 0x15f4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
11:30:55.0775 0x15f4 defragsvc - ok
11:30:55.0858 0x15f4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:30:55.0931 0x15f4 DfsC - ok
11:30:56.0004 0x15f4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:30:56.0068 0x15f4 Dhcp - ok
11:30:56.0207 0x15f4 [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\Windows\system32\diagtrack.dll
11:30:56.0356 0x15f4 DiagTrack - ok
11:30:56.0396 0x15f4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
11:30:56.0436 0x15f4 discache - ok
11:30:56.0499 0x15f4 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk C:\Windows\system32\drivers\disk.sys
11:30:56.0528 0x15f4 Disk - ok
11:30:56.0595 0x15f4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:30:56.0676 0x15f4 Dnscache - ok
11:30:56.0747 0x15f4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
11:30:56.0815 0x15f4 dot3svc - ok
11:30:56.0879 0x15f4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
11:30:56.0902 0x1478 Object send P2P result: true
11:30:56.0905 0x1478 Object required for P2P: [ C9BED3BDC39FBCAA77A88308355B237E ] avipbb
11:30:56.0957 0x15f4 DPS - ok
11:30:57.0008 0x15f4 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:30:57.0041 0x15f4 drmkaud - ok
11:30:57.0119 0x15f4 [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:30:57.0173 0x15f4 DXGKrnl - ok
11:30:57.0219 0x15f4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
11:30:57.0262 0x15f4 EapHost - ok
11:30:57.0458 0x15f4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:30:57.0690 0x15f4 ebdrv - ok
11:30:57.0719 0x15f4 [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] EFS C:\Windows\System32\lsass.exe
11:30:57.0795 0x15f4 EFS - ok
11:30:57.0910 0x15f4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:30:57.0986 0x15f4 ehRecvr - ok
11:30:58.0026 0x15f4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
11:30:58.0116 0x15f4 ehSched - ok
11:30:58.0185 0x15f4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:30:58.0226 0x15f4 elxstor - ok
11:30:58.0297 0x15f4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:30:58.0332 0x15f4 ErrDev - ok
11:30:58.0389 0x15f4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
11:30:58.0457 0x15f4 EventSystem - ok
11:30:58.0482 0x15f4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
11:30:58.0553 0x15f4 exfat - ok
11:30:58.0643 0x15f4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:30:58.0714 0x15f4 fastfat - ok
11:30:58.0796 0x15f4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
11:30:58.0889 0x15f4 Fax - ok
11:30:58.0964 0x15f4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:30:59.0017 0x15f4 fdc - ok
11:30:59.0084 0x15f4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
11:30:59.0140 0x15f4 fdPHost - ok
11:30:59.0165 0x15f4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
11:30:59.0228 0x15f4 FDResPub - ok
11:30:59.0258 0x15f4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:30:59.0276 0x15f4 FileInfo - ok
11:30:59.0308 0x15f4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:30:59.0363 0x15f4 Filetrace - ok
11:30:59.0395 0x15f4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:30:59.0430 0x15f4 flpydisk - ok
11:30:59.0474 0x15f4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:30:59.0500 0x15f4 FltMgr - ok
11:30:59.0622 0x15f4 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll
11:30:59.0683 0x1478 Object send P2P result: true
11:30:59.0683 0x1478 Object required for P2P: [ 125DFFF37D51A45A72934C3BF89A64CD ] Avira.ServiceHost
11:30:59.0752 0x15f4 FontCache - ok
11:30:59.0839 0x15f4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:30:59.0865 0x15f4 FontCache3.0.0.0 - ok
11:30:59.0893 0x15f4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:30:59.0909 0x15f4 FsDepends - ok
11:30:59.0942 0x15f4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:30:59.0968 0x15f4 Fs_Rec - ok
11:31:00.0038 0x15f4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:31:00.0064 0x15f4 fvevol - ok
11:31:00.0099 0x15f4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:31:00.0123 0x15f4 gagp30kx - ok
11:31:00.0172 0x15f4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:31:00.0191 0x15f4 GEARAspiWDM - ok
11:31:00.0302 0x15f4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
11:31:00.0382 0x15f4 gpsvc - ok
11:31:00.0585 0x15f4 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:31:00.0620 0x15f4 gupdate - ok
11:31:00.0662 0x15f4 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:31:00.0676 0x15f4 gupdatem - ok
11:31:00.0765 0x15f4 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
11:31:00.0794 0x15f4 hamachi - ok
11:31:00.0825 0x15f4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:31:00.0861 0x15f4 hcw85cir - ok
11:31:00.0935 0x15f4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:31:00.0993 0x15f4 HdAudAddService - ok
11:31:01.0047 0x15f4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:31:01.0084 0x15f4 HDAudBus - ok
11:31:01.0120 0x15f4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:31:01.0183 0x15f4 HidBatt - ok
11:31:01.0204 0x15f4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:31:01.0258 0x15f4 HidBth - ok
11:31:01.0315 0x15f4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:31:01.0371 0x15f4 HidIr - ok
11:31:01.0423 0x15f4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
11:31:01.0490 0x15f4 hidserv - ok
11:31:01.0549 0x15f4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:31:01.0567 0x15f4 HidUsb - ok
11:31:01.0642 0x15f4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:31:01.0726 0x15f4 hkmsvc - ok
11:31:01.0768 0x15f4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:31:01.0843 0x15f4 HomeGroupListener - ok
11:31:01.0887 0x15f4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:31:01.0930 0x15f4 HomeGroupProvider - ok
11:31:01.0966 0x15f4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:31:02.0001 0x15f4 HpSAMD - ok
11:31:02.0060 0x15f4 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:31:02.0101 0x15f4 HTTP - ok
11:31:02.0148 0x15f4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:31:02.0164 0x15f4 hwpolicy - ok
11:31:02.0223 0x15f4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:31:02.0263 0x15f4 i8042prt - ok
11:31:02.0304 0x15f4 [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:31:02.0333 0x15f4 iaStor - ok
11:31:02.0387 0x15f4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:31:02.0447 0x15f4 iaStorV - ok
11:31:02.0465 0x1478 Object send P2P result: true
11:31:02.0465 0x1478 Object required for P2P: [ 138A53D17B040F5A3A307D44A89D0905 ] avnetflt
11:31:02.0547 0x15f4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:31:02.0655 0x15f4 idsvc - ok
11:31:02.0754 0x15f4 IEEtwCollectorService - ok
11:31:02.0783 0x15f4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:31:02.0807 0x15f4 iirsp - ok
11:31:02.0844 0x15f4 [ AB55B8A9B13130F638546881CE4425F8, 8427E67BE02ECABAA3F0C48BD4205BCBD4C978B48AE4E7336DA5821DFC49029E ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
11:31:02.0918 0x15f4 IISADMIN - ok
11:31:03.0008 0x15f4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
11:31:03.0062 0x15f4 IKEEXT - ok
11:31:03.0204 0x15f4 [ 0C3CF4B3BAE28E121A1689E3538F8712, 1599785D54E8306872A1DDD8546D316C9B193A85C5AEB37CF956B8C4077B8792 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:31:03.0322 0x15f4 IntcAzAudAddService - ok
11:31:03.0382 0x15f4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
11:31:03.0415 0x15f4 intelide - ok
11:31:03.0479 0x15f4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:31:03.0496 0x15f4 intelppm - ok
11:31:03.0561 0x15f4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:31:03.0604 0x15f4 IPBusEnum - ok
11:31:03.0663 0x15f4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:31:03.0730 0x15f4 IpFilterDriver - ok
11:31:03.0783 0x15f4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:31:03.0832 0x15f4 iphlpsvc - ok
11:31:03.0869 0x15f4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:31:03.0916 0x15f4 IPMIDRV - ok
11:31:03.0951 0x15f4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:31:04.0009 0x15f4 IPNAT - ok
11:31:04.0203 0x15f4 [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:31:04.0250 0x15f4 iPod Service - ok
11:31:04.0317 0x15f4 [ 11FE7637A49B67D9B1F895B2AD4D982F, D448DA9083044E0B2627042D9FA5DC65C74A34AB09FF627777634B254260F4FB ] iprip C:\Windows\System32\iprip.dll
11:31:04.0391 0x15f4 iprip - ok
11:31:04.0426 0x15f4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:31:04.0446 0x15f4 IRENUM - ok
11:31:04.0495 0x15f4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:31:04.0523 0x15f4 isapnp - ok
11:31:04.0576 0x15f4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:31:04.0611 0x15f4 iScsiPrt - ok
11:31:04.0725 0x15f4 [ 25D602AE635A0443458FBED1A8B6E4E9, 4EAA8D88692B32EB3F699637141ADECC5A8CF4DC17EC1BBFCFB2FF5B28BBAD0E ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
11:31:04.0749 0x15f4 JMCR - ok
11:31:04.0769 0x15f4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:31:04.0789 0x15f4 kbdclass - ok
11:31:04.0836 0x15f4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:31:04.0896 0x15f4 kbdhid - ok
11:31:04.0931 0x15f4 [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] KeyIso C:\Windows\system32\lsass.exe
11:31:04.0949 0x15f4 KeyIso - ok
11:31:04.0982 0x15f4 [ 0878723427BA190E5ABA5AA0112FA4D4, E332C83D3F4DF71761AA3DAC2C721FC2029F71ECC88A66E175BA56510855C4D4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:31:04.0999 0x15f4 KSecDD - ok
11:31:05.0015 0x15f4 [ C08CCCE2BE68D04E6C142614736959DA, AEC0AFC5C28DDC14DD6918BB6E236FA1C85CC30D69DA9AE40F9962D88248040F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:31:05.0034 0x15f4 KSecPkg - ok
11:31:05.0062 0x15f4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:31:05.0121 0x15f4 ksthunk - ok
11:31:05.0170 0x15f4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
11:31:05.0222 0x1478 Object send P2P result: true
11:31:05.0260 0x15f4 KtmRm - ok
11:31:05.0336 0x15f4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:31:05.0402 0x15f4 LanmanServer - ok
11:31:05.0472 0x15f4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:31:05.0540 0x15f4 LanmanWorkstation - ok
11:31:05.0587 0x15f4 [ 156AB2E56DC3CA0B582E3362E07CDED7, 7B03929273861690DC42E4C686E655BE5A1C60136AE5E739D7E62306AFD4AB9A ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
11:31:05.0608 0x15f4 lirsgt - ok
11:31:05.0640 0x15f4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:31:05.0705 0x15f4 lltdio - ok
11:31:05.0742 0x15f4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:31:05.0841 0x15f4 lltdsvc - ok
11:31:05.0868 0x15f4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:31:05.0965 0x15f4 lmhosts - ok
11:31:06.0002 0x15f4 [ 41E122F6D1448C94CC05196BC41D6BFB, DC027B897A14359669C6C93CCC7FCEEA2FDCEE281489589DDAEE008FAD0B15E2 ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
11:31:06.0020 0x15f4 LPCFilter - ok
11:31:06.0058 0x15f4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:31:06.0083 0x15f4 LSI_FC - ok
11:31:06.0091 0x15f4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:31:06.0116 0x15f4 LSI_SAS - ok
11:31:06.0144 0x15f4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:31:06.0169 0x15f4 LSI_SAS2 - ok
11:31:06.0222 0x15f4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:31:06.0277 0x15f4 LSI_SCSI - ok
11:31:06.0299 0x15f4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
11:31:06.0373 0x15f4 luafv - ok
11:31:06.0486 0x15f4 [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:31:06.0522 0x15f4 MBAMProtector - ok
11:31:06.0695 0x15f4 [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
11:31:06.0767 0x15f4 MBAMScheduler - ok
11:31:06.0915 0x15f4 [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
11:31:06.0995 0x15f4 MBAMService - ok
11:31:07.0148 0x15f4 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
11:31:07.0165 0x15f4 MBAMSwissArmy - ok
11:31:07.0196 0x15f4 [ 452ACB7A9914398D9E18CCCFFCF92208, 754AF45C19731C356E7E84497B04E0333759AC86DC553BA275EFC09845E43E4D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
11:31:07.0239 0x15f4 MBAMWebAccessControl - ok
11:31:07.0280 0x15f4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:31:07.0299 0x15f4 Mcx2Svc - ok
11:31:07.0330 0x15f4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:31:07.0396 0x15f4 megasas - ok
11:31:07.0483 0x15f4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:31:07.0656 0x15f4 MegaSR - ok
11:31:07.0816 0x15f4 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:31:07.0866 0x15f4 Microsoft Office Groove Audit Service - ok
11:31:07.0896 0x15f4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
11:31:07.0993 0x15f4 MMCSS - ok
11:31:08.0013 0x15f4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
11:31:08.0081 0x15f4 Modem - ok
11:31:08.0171 0x15f4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:31:08.0211 0x15f4 monitor - ok
11:31:08.0268 0x15f4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:31:08.0283 0x15f4 mouclass - ok
11:31:08.0393 0x15f4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:31:08.0435 0x15f4 mouhid - ok
11:31:08.0469 0x15f4 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:31:08.0496 0x15f4 mountmgr - ok
11:31:08.0520 0x15f4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
11:31:08.0541 0x15f4 mpio - ok
11:31:08.0578 0x15f4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:31:08.0619 0x15f4 mpsdrv - ok
11:31:08.0718 0x15f4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:31:08.0819 0x15f4 MpsSvc - ok
11:31:08.0852 0x15f4 [ CD22D2563039DDA6793F7624719363A7, 82C91467EDCB61B1DD086A1D25925E4D89E43EF6EFAE3C59AFF3D73280119AF6 ] MQAC C:\Windows\system32\drivers\mqac.sys
11:31:08.0888 0x15f4 MQAC - ok
11:31:08.0924 0x15f4 [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:31:08.0945 0x15f4 MRxDAV - ok
11:31:09.0021 0x15f4 [ 035C0A9A63DF3F3A52B90D8F6BF0F166, F409C8A31156E31A6D16D2B34EEE3098CE0D76A4DB7B49810EDDA2E2E19B2E26 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:31:09.0042 0x15f4 mrxsmb - ok
11:31:09.0065 0x15f4 [ 8308FC2E9147D7632221E3279BB14660, 3051FF91493FD03B7EDD4EDB23B2DE8DD7E03D46E231BC5925502BE98E78B1CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:31:09.0109 0x15f4 mrxsmb10 - ok
11:31:09.0140 0x15f4 [ 1F8DA4ECAEA7E2BCD97E738795817431, FBEF64C7067F5AFF864EF7E220C8A47AC43EB0BFD9A4E4C908F9D9D159AC5139 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:31:09.0171 0x15f4 mrxsmb20 - ok
11:31:09.0216 0x15f4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
11:31:09.0255 0x15f4 msahci - ok
11:31:09.0297 0x15f4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:31:09.0329 0x15f4 msdsm - ok
11:31:09.0350 0x15f4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
11:31:09.0423 0x15f4 MSDTC - ok
11:31:09.0546 0x15f4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:31:09.0605 0x15f4 Msfs - ok
11:31:09.0637 0x15f4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:31:09.0709 0x15f4 mshidkmdf - ok
11:31:09.0766 0x15f4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:31:09.0810 0x15f4 msisadrv - ok
11:31:09.0875 0x15f4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:31:10.0001 0x15f4 MSiSCSI - ok
11:31:10.0007 0x15f4 msiserver - ok
11:31:10.0096 0x15f4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:31:10.0141 0x15f4 MSKSSRV - ok
11:31:10.0180 0x15f4 [ FAAEAEF99E53561BEEE58F946CA56F0D, 78AC692C4B80616E4C44ED20954B8D2FCE2215056C2ED3522123E5B50A7CE67A ] MSMQ C:\Windows\system32\mqsvc.exe
11:31:10.0225 0x15f4 MSMQ - ok
11:31:10.0262 0x15f4 [ 59ED174FD4314B0218DC91F9BFA6CD3D, 13B95FA9892D09341CE46FA7EEB01FF9C88AA9DCB8FBF0A73FFAE567AAA4E02A ] MSMQTriggers C:\Windows\system32\mqtgsvc.exe
11:31:10.0305 0x15f4 MSMQTriggers - ok
11:31:10.0343 0x15f4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:31:10.0404 0x15f4 MSPCLOCK - ok
11:31:10.0428 0x15f4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:31:10.0490 0x15f4 MSPQM - ok
11:31:10.0543 0x15f4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:31:10.0572 0x15f4 MsRPC - ok
11:31:10.0636 0x15f4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:31:10.0652 0x15f4 mssmbios - ok
11:31:10.0690 0x15f4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:31:10.0745 0x15f4 MSTEE - ok
11:31:10.0766 0x15f4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:31:10.0788 0x15f4 MTConfig - ok
11:31:10.0804 0x15f4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
11:31:10.0834 0x15f4 Mup - ok
11:31:10.0889 0x15f4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
11:31:10.0964 0x15f4 napagent - ok
11:31:11.0014 0x15f4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:31:11.0057 0x15f4 NativeWifiP - ok
11:31:11.0166 0x15f4 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:31:11.0223 0x15f4 NDIS - ok
11:31:11.0256 0x15f4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:31:11.0308 0x15f4 NdisCap - ok
11:31:11.0338 0x15f4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:31:11.0392 0x15f4 NdisTapi - ok
11:31:11.0482 0x15f4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:31:11.0541 0x15f4 Ndisuio - ok
11:31:11.0575 0x15f4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:31:11.0639 0x15f4 NdisWan - ok
11:31:11.0700 0x15f4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:31:11.0739 0x15f4 NDProxy - ok
11:31:11.0790 0x15f4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:31:11.0846 0x15f4 NetBIOS - ok
11:31:11.0902 0x15f4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:31:11.0956 0x15f4 NetBT - ok
11:31:11.0977 0x15f4 [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] Netlogon C:\Windows\system32\lsass.exe
11:31:11.0994 0x15f4 Netlogon - ok
11:31:12.0036 0x15f4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
11:31:12.0105 0x15f4 Netman - ok
11:31:12.0175 0x15f4 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:31:12.0240 0x15f4 NetMsmqActivator - ok
11:31:12.0247 0x15f4 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:31:12.0267 0x15f4 NetPipeActivator - ok
11:31:12.0309 0x15f4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
11:31:12.0383 0x15f4 netprofm - ok
11:31:12.0419 0x15f4 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:31:12.0439 0x15f4 NetTcpActivator - ok
11:31:12.0447 0x15f4 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:31:12.0467 0x15f4 NetTcpPortSharing - ok
11:31:12.0513 0x15f4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:31:12.0537 0x15f4 nfrd960 - ok
11:31:12.0588 0x15f4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
11:31:12.0700 0x15f4 NlaSvc - ok
11:31:12.0736 0x15f4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:31:12.0784 0x15f4 Npfs - ok
11:31:12.0817 0x15f4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
11:31:12.0873 0x15f4 nsi - ok
11:31:12.0928 0x15f4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:31:12.0967 0x15f4 nsiproxy - ok
11:31:13.0076 0x15f4 [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:31:13.0199 0x15f4 Ntfs - ok
11:31:13.0256 0x15f4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
11:31:13.0330 0x15f4 Null - ok
11:31:13.0391 0x15f4 [ CB599955CE2CE9694721562F9481CD84, DC8B802396E9D0F11D1855A622E7438711C029D3B76550A953A44CEB8A7E468F ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
11:31:13.0421 0x15f4 NVHDA - ok
11:31:14.0081 0x15f4 [ 7A0FA5FE8B2904CDF3E375F45C23A858, 56AD0860C03EAAC435AC8E46B76E4BFD2BDD6ED673A6ACFEF00766E54ACF8695 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:31:14.0719 0x15f4 nvlddmkm - ok
11:31:14.0795 0x15f4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:31:14.0821 0x15f4 nvraid - ok
11:31:14.0837 0x15f4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:31:14.0865 0x15f4 nvstor - ok
11:31:14.0919 0x15f4 [ 52B23E481F9C31BD0B431A323CF93668, 40994F6B0B1D68112B6BA759204DD722DE66C7D860BE012560EA1E191724B182 ] nvsvc C:\Windows\system32\nvvsvc.exe
11:31:14.0985 0x15f4 nvsvc - ok
11:31:15.0047 0x15f4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:31:15.0085 0x15f4 nv_agp - ok
11:31:15.0180 0x15f4 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:31:15.0227 0x15f4 odserv - ok
11:31:15.0333 0x15f4 [ 7BFE62DB1686979F929073D444A7B1EB, 8342F614AAFC3292F9949F7B38982611C41491B62F1FCAFDF00BB8DD9E1D87CA ] ogmservice C:\Program Files (x86)\Online Games Manager\ogmservice.exe
11:31:15.0375 0x15f4 ogmservice - ok
11:31:15.0415 0x15f4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:31:15.0444 0x15f4 ohci1394 - ok
11:31:15.0500 0x15f4 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:31:15.0526 0x15f4 ose - ok
11:31:15.0570 0x15f4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:31:15.0654 0x15f4 p2pimsvc - ok
11:31:15.0729 0x15f4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
11:31:15.0774 0x15f4 p2psvc - ok
11:31:15.0819 0x15f4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:31:15.0858 0x15f4 Parport - ok
11:31:15.0899 0x15f4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:31:15.0915 0x15f4 partmgr - ok
11:31:15.0958 0x15f4 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:31:16.0000 0x15f4 PcaSvc - ok
11:31:16.0041 0x15f4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
11:31:16.0061 0x15f4 pci - ok
11:31:16.0120 0x15f4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
11:31:16.0148 0x15f4 pciide - ok
11:31:16.0186 0x15f4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:31:16.0224 0x15f4 pcmcia - ok
11:31:16.0250 0x15f4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
11:31:16.0266 0x15f4 pcw - ok
11:31:16.0322 0x15f4 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:31:16.0358 0x15f4 PEAUTH - ok
11:31:16.0459 0x15f4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:31:16.0494 0x15f4 PerfHost - ok
11:31:16.0568 0x15f4 [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
11:31:16.0588 0x15f4 PGEffect - ok
11:31:16.0737 0x15f4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
11:31:16.0846 0x15f4 pla - ok
11:31:16.0933 0x15f4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:31:17.0005 0x15f4 PlugPlay - ok
11:31:17.0035 0x15f4 PnkBstrA - ok
11:31:17.0068 0x15f4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:31:17.0108 0x15f4 PNRPAutoReg - ok
11:31:17.0137 0x15f4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:31:17.0161 0x15f4 PNRPsvc - ok
11:31:17.0216 0x15f4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:31:17.0293 0x15f4 PolicyAgent - ok
11:31:17.0368 0x15f4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
11:31:17.0424 0x15f4 Power - ok
11:31:17.0491 0x15f4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:31:17.0569 0x15f4 PptpMiniport - ok
11:31:17.0645 0x15f4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:31:17.0670 0x15f4 Processor - ok
11:31:17.0721 0x15f4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
11:31:17.0787 0x15f4 ProfSvc - ok
11:31:17.0810 0x15f4 [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:31:17.0829 0x15f4 ProtectedStorage - ok
11:31:17.0915 0x15f4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:31:17.0955 0x15f4 Psched - ok
11:31:18.0024 0x15f4 [ 225D3660F926FE761BC8CE10C512AA02, EAA2241E858CD0FF7A1F159FB03D0DF87735EAD1F245F0A569FB6A0330D1B007 ] PTSimBus C:\Windows\system32\DRIVERS\PTSimBus.sys
11:31:18.0058 0x15f4 PTSimBus - ok
11:31:18.0087 0x15f4 [ BD2194786ABAF4860F41118C0C103E7B, 204C17CF91ADD84635907EC5B77FE02F25A098F0B2174D006610859F930E909E ] PTSimHid C:\Windows\system32\DRIVERS\PTSimHid.sys
11:31:18.0109 0x15f4 PTSimHid - ok
11:31:18.0234 0x15f4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:31:18.0372 0x15f4 ql2300 - ok
11:31:18.0405 0x15f4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:31:18.0433 0x15f4 ql40xx - ok
11:31:18.0463 0x15f4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
11:31:18.0492 0x15f4 QWAVE - ok
11:31:18.0530 0x15f4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:31:18.0583 0x15f4 QWAVEdrv - ok
11:31:18.0631 0x15f4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:31:18.0692 0x15f4 RasAcd - ok
11:31:18.0754 0x15f4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:31:18.0814 0x15f4 RasAgileVpn - ok
11:31:18.0850 0x15f4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
11:31:18.0904 0x15f4 RasAuto - ok
11:31:18.0966 0x15f4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:31:19.0037 0x15f4 Rasl2tp - ok
11:31:19.0109 0x15f4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
11:31:19.0173 0x15f4 RasMan - ok
11:31:19.0211 0x15f4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:31:19.0256 0x15f4 RasPppoe - ok
11:31:19.0297 0x15f4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:31:19.0357 0x15f4 RasSstp - ok
11:31:19.0418 0x15f4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:31:19.0466 0x15f4 rdbss - ok
11:31:19.0491 0x15f4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:31:19.0547 0x15f4 rdpbus - ok
11:31:19.0621 0x15f4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:31:19.0673 0x15f4 RDPCDD - ok
11:31:19.0711 0x15f4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:31:19.0750 0x15f4 RDPENCDD - ok
11:31:19.0805 0x15f4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:31:19.0845 0x15f4 RDPREFMP - ok
11:31:19.0974 0x15f4 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:31:20.0009 0x15f4 RdpVideoMiniport - ok
11:31:20.0044 0x15f4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:31:20.0103 0x15f4 RDPWD - ok
11:31:20.0168 0x15f4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:31:20.0194 0x15f4 rdyboost - ok
11:31:20.0228 0x15f4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:31:20.0294 0x15f4 RemoteAccess - ok
11:31:20.0351 0x15f4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:31:20.0421 0x15f4 RemoteRegistry - ok
11:31:20.0443 0x15f4 RimUsb - ok
11:31:20.0472 0x15f4 [ C903D49655B4AAE46673F0AAA6BE0F58, 0F861775323CC1792A4A4B43D6375532D982FBC9FCC03184B55101A2A579A832 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
11:31:20.0492 0x15f4 RimVSerPort - ok
11:31:20.0530 0x15f4 [ 5BD6B1EC997FF3DD779D62E05D2079A8, BE4BDE29C134BAEDE4D35C777F2C6195F8C12FEF4583FAD2A442F8D1678B7FF7 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
11:31:20.0562 0x15f4 RMCAST - ok
11:31:20.0610 0x15f4 [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
11:31:20.0661 0x15f4 ROOTMODEM - ok
11:31:20.0702 0x15f4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:31:20.0745 0x15f4 RpcEptMapper - ok
11:31:20.0796 0x15f4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
11:31:20.0832 0x15f4 RpcLocator - ok
11:31:20.0882 0x15f4 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs C:\Windows\system32\rpcss.dll
11:31:20.0913 0x15f4 RpcSs - ok
11:31:20.0945 0x15f4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:31:21.0005 0x15f4 rspndr - ok
11:31:21.0065 0x15f4 [ B49DC435AE3695BAC5623DD94B05732D, D63160B09385ED31C2A479ADC5AFCA483906F38598874972025D680BDB45ECA0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:31:21.0102 0x15f4 RTL8167 - ok
11:31:21.0151 0x15f4 [ F70A9384917659A4C5EF30F0F4EC484D, C42E591BA10C3BFF60C93057F205EA7673292A4FB669AF654806A8E13B51CB2B ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
11:31:21.0199 0x15f4 RTL8187B - ok
11:31:21.0313 0x15f4 [ 7475548B0BA58EBA4D12414FC9E9DFE6, 93F5CF9C7F5CE556810A6113014CB17774EA7779BD91D84670FA6653C810361F ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
11:31:21.0372 0x15f4 rtl8192se - ok
11:31:21.0399 0x15f4 [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] SamSs C:\Windows\system32\lsass.exe
11:31:21.0416 0x15f4 SamSs - ok
11:31:21.0486 0x15f4 [ 99DF79C258B3342B6C8A5F802998DE56, BA9E343BF84F0C125896A402DDDEBCC52AD3A6E4573253AE1004FF7A9567F62D ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:31:21.0497 0x15f4 SASDIFSV - ok
11:31:21.0501 0x15f4 [ 2859C35C0651E8EB0D86D48E740388F2, 4AD913E558D51CDE4442C7F4BE42697AD91C0F34C92F2EA63B040830F97AAB77 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:31:21.0512 0x15f4 SASKUTIL - ok
11:31:21.0559 0x15f4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:31:21.0585 0x15f4 sbp2port - ok
11:31:21.0676 0x15f4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:31:21.0742 0x15f4 SCardSvr - ok
11:31:21.0771 0x15f4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:31:21.0827 0x15f4 scfilter - ok
11:31:21.0934 0x15f4 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
11:31:22.0041 0x15f4 Schedule - ok
11:31:22.0096 0x15f4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:31:22.0136 0x15f4 SCPolicySvc - ok
11:31:22.0201 0x15f4 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys
11:31:22.0242 0x15f4 sdbus - ok
11:31:22.0275 0x15f4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:31:22.0352 0x15f4 SDRSVC - ok
11:31:22.0381 0x15f4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:31:22.0441 0x15f4 secdrv - ok
11:31:22.0479 0x15f4 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll
11:31:22.0527 0x15f4 seclogon - ok
11:31:22.0561 0x15f4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
11:31:22.0604 0x15f4 SENS - ok
11:31:22.0634 0x15f4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:31:22.0675 0x15f4 SensrSvc - ok
11:31:22.0705 0x15f4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:31:22.0752 0x15f4 Serenum - ok
11:31:22.0780 0x15f4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:31:22.0806 0x15f4 Serial - ok
11:31:22.0850 0x15f4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:31:22.0888 0x15f4 sermouse - ok
11:31:22.0990 0x15f4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
11:31:23.0060 0x15f4 SessionEnv - ok
11:31:23.0094 0x15f4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:31:23.0126 0x15f4 sffdisk - ok
11:31:23.0144 0x15f4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:31:23.0165 0x15f4 sffp_mmc - ok
11:31:23.0179 0x15f4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:31:23.0200 0x15f4 sffp_sd - ok
11:31:23.0242 0x15f4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:31:23.0282 0x15f4 sfloppy - ok
11:31:23.0339 0x15f4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:31:23.0437 0x15f4 SharedAccess - ok
11:31:23.0489 0x15f4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:31:23.0567 0x15f4 ShellHWDetection - ok
11:31:23.0599 0x15f4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:31:23.0622 0x15f4 SiSRaid2 - ok
11:31:23.0656 0x15f4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:31:23.0680 0x15f4 SiSRaid4 - ok
11:31:23.0736 0x15f4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:31:23.0779 0x15f4 Smb - ok
11:31:23.0846 0x15f4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:31:23.0934 0x15f4 SNMPTRAP - ok
11:31:23.0949 0x15f4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
11:31:23.0964 0x15f4 spldr - ok
11:31:24.0056 0x15f4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
11:31:24.0116 0x15f4 Spooler - ok
11:31:24.0321 0x15f4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
11:31:24.0531 0x15f4 sppsvc - ok
11:31:24.0591 0x15f4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:31:24.0683 0x15f4 sppuinotify - ok
11:31:24.0823 0x15f4 [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd C:\Windows\system32\Drivers\sptd.sys
11:31:24.0824 0x15f4 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB, sha256: C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA
11:31:24.0839 0x15f4 sptd - detected LockedFile.Multi.Generic ( 1 )
11:31:27.0486 0x15f4 Detect skipped due to KSN trusted
11:31:27.0486 0x15f4 sptd - ok
11:31:27.0572 0x15f4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:31:27.0608 0x15f4 srv - ok
11:31:27.0671 0x15f4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:31:27.0703 0x15f4 srv2 - ok
11:31:27.0763 0x15f4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:31:27.0806 0x15f4 srvnet - ok
11:31:27.0853 0x15f4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:31:27.0910 0x15f4 SSDPSRV - ok
11:31:27.0930 0x15f4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:31:27.0986 0x15f4 SstpSvc - ok
11:31:28.0110 0x15f4 [ DB0768632C680B7C0D3AA92D80416893, BEC3CF4F1CB150AC7C4647DD7C0D5D62B10824308E44467CD77CA3427A46FB20 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
11:31:28.0220 0x15f4 Steam Client Service - ok
11:31:28.0251 0x15f4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:31:28.0285 0x15f4 stexstor - ok
11:31:28.0367 0x15f4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
11:31:28.0419 0x15f4 stisvc - ok
11:31:28.0447 0x15f4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
11:31:28.0479 0x15f4 swenum - ok
11:31:28.0531 0x15f4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
11:31:28.0655 0x15f4 swprv - ok
11:31:28.0723 0x15f4 [ 0FAA1933FBCF916C301FF94ACC623031, FCF46367DB46692D0FF84671A00D2CC1820B344AE3602454B0076CCDD737188D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:31:28.0752 0x15f4 SynTP - ok
11:31:28.0874 0x15f4 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
11:31:29.0013 0x15f4 SysMain - ok
11:31:29.0034 0x15f4 Tablet2k - ok
11:31:29.0078 0x15f4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:31:29.0123 0x15f4 TabletInputService - ok
11:31:29.0171 0x15f4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
11:31:29.0246 0x15f4 TapiSrv - ok
11:31:29.0300 0x15f4 [ 530A7F0966493DD437E4342F12CCD63B, 080B107F11CB9CFB315872846106224FA4190A6742B5B68C0E188A0229729EF3 ] TClass2k C:\Windows\system32\DRIVERS\TClass2k.sys
11:31:29.0322 0x15f4 TClass2k - ok
11:31:29.0476 0x15f4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:31:29.0578 0x15f4 Tcpip - ok
11:31:29.0709 0x15f4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:31:29.0780 0x15f4 TCPIP6 - ok
11:31:29.0822 0x15f4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:31:29.0840 0x15f4 tcpipreg - ok
11:31:29.0902 0x15f4 [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
11:31:29.0919 0x15f4 tdcmdpst - ok
11:31:29.0955 0x15f4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:31:29.0981 0x15f4 TDPIPE - ok
11:31:30.0026 0x15f4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:31:30.0049 0x15f4 TDTCP - ok
11:31:30.0092 0x15f4 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:31:30.0110 0x15f4 tdx - ok
11:31:30.0167 0x15f4 [ 7F634E211FE68EAEAC011F96C4E138AE, 1380EA340490B3D649301753B2B82CCFEEFE4CEA317095066055442B0A6E2570 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
11:31:30.0198 0x15f4 TemproMonitoringService - ok
11:31:30.0251 0x15f4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
11:31:30.0281 0x15f4 TermDD - ok
11:31:30.0360 0x15f4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
11:31:30.0426 0x15f4 TermService - ok
11:31:30.0473 0x15f4 [ 48D9D00C2E0E72C3D4F52772C80355F6, 86F281C7F5FA2FCF1A36C69DD6561531E48483CACB8A873B955F7E93D9A1D259 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
11:31:30.0490 0x15f4 TFsExDisk - ok
11:31:30.0512 0x15f4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
11:31:30.0543 0x15f4 Themes - ok
11:31:30.0667 0x15f4 [ C013F6ACAA9761F571BD28DADA7C157D, E57246132B36FE38D4B177AAE3367D25AF28449201CD4D02CB7957C32AF02AC6 ] Thpdrv C:\Windows\system32\DRIVERS\thpdrv.sys
11:31:30.0686 0x15f4 Thpdrv - ok
11:31:30.0721 0x15f4 [ B4E609047434ED948AF7BDEF2FA66E38, 353B7A120E532E9CDF0DE91EC39DF5B9B92A1A99B537FF4FB0D1EA13DBE30D17 ] Thpevm C:\Windows\system32\DRIVERS\Thpevm.SYS
11:31:30.0738 0x15f4 Thpevm - ok
11:31:30.0767 0x15f4 [ 6146EAC71AE3C9DA17B0E33632082B7B, F1DD588C9A01333A12F89B64959FA27BAE8D17BFB0FB4F63BB85AEE616ADF305 ] Thpsrv C:\Windows\system32\ThpSrv.exe
11:31:30.0819 0x15f4 Thpsrv - ok
11:31:30.0854 0x15f4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
11:31:30.0897 0x15f4 THREADORDER - ok
11:31:30.0975 0x15f4 [ F120967184A27E927052E8DDBB727851, B54A1D2B4D52C0DF19AC81617A26CA164C5779C568DB86A6FD97D0A14D5FEEB4 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
11:31:31.0049 0x15f4 TMachInfo - ok
11:31:31.0090 0x15f4 [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv C:\Windows\system32\TODDSrv.exe
11:31:31.0115 0x15f4 TODDSrv - ok
11:31:31.0222 0x15f4 [ 06C61275ADC64F1E36240A2287998A5E, 3131EBB14C3297037EBB68DC4AD97FF68AC3F6393C01C7E604A392B277DD480A ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:31:31.0253 0x15f4 TosCoSrv - ok
11:31:31.0353 0x15f4 [ 598F792718BC78C2B29B589F4B3898D1, EB5656C4F90391DB32F1B78C9BEA9962CB4EA13844F7EBB7D4B89BB2AB44C562 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
11:31:31.0389 0x15f4 TOSHIBA eco Utility Service - ok
11:31:31.0452 0x15f4 [ DD58E1250F604CBBADDA04575E5E2376, 2A5BF5903BE2CA756124FCC66ED8DFD860EC6B30997962302682BE328F9B1E0F ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:31:31.0474 0x15f4 TOSHIBA HDD SSD Alert Service - ok
11:31:31.0563 0x15f4 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8, 0D2CC72B7E02B92C9A1D6B76300B75A39427046903326642B9D511A51A795027 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys
11:31:31.0606 0x15f4 tos_sps64 - ok
11:31:31.0754 0x15f4 [ DE64C52BD0671165CF2EEBF2A728A3E2, 201E7D2CD34248AEAB961C87C8481FA1CD253621C5F26C121F5017D422C74288 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
11:31:31.0785 0x15f4 TPCHSrv - ok
11:31:31.0822 0x15f4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
11:31:31.0879 0x15f4 TrkWks - ok
11:31:31.0978 0x15f4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:31:32.0042 0x15f4 TrustedInstaller - ok
11:31:32.0078 0x15f4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:31:32.0104 0x15f4 tssecsrv - ok
11:31:32.0164 0x15f4 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:31:32.0193 0x15f4 TsUsbFlt - ok
11:31:32.0253 0x15f4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:31:32.0327 0x15f4 tunnel - ok
11:31:32.0399 0x15f4 [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
11:31:32.0425 0x15f4 TVALZ - ok
11:31:32.0480 0x15f4 [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
11:31:32.0511 0x15f4 TVALZFL - ok
11:31:32.0535 0x15f4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:31:32.0559 0x15f4 uagp35 - ok
11:31:32.0643 0x15f4 [ 01662B4865FDB282677B11CF416757CE, AF85FA61B2560E8387388C7CC4F9F4DDFA52E30631DAB1396B2186E7DF80F9E5 ] UCTblHid C:\Windows\system32\DRIVERS\UCTblHid.sys
11:31:32.0675 0x15f4 UCTblHid - ok
11:31:32.0768 0x15f4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:31:32.0815 0x15f4 udfs - ok
11:31:32.0847 0x15f4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:31:32.0874 0x15f4 UI0Detect - ok
11:31:32.0927 0x15f4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:31:32.0984 0x15f4 uliagpkx - ok
11:31:33.0019 0x15f4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:31:33.0055 0x15f4 umbus - ok
11:31:33.0082 0x15f4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:31:33.0123 0x15f4 UmPass - ok
11:31:33.0188 0x15f4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
11:31:33.0246 0x15f4 upnphost - ok
11:31:33.0301 0x15f4 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:31:33.0314 0x15f4 USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
11:31:35.0957 0x15f4 Detect skipped due to KSN trusted
11:31:35.0957 0x15f4 USBAAPL64 - ok
11:31:36.0007 0x15f4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:31:36.0062 0x15f4 usbaudio - ok
11:31:36.0107 0x15f4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:31:36.0151 0x15f4 usbccgp - ok
11:31:36.0183 0x15f4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:31:36.0210 0x15f4 usbcir - ok
11:31:36.0243 0x15f4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:31:36.0296 0x15f4 usbehci - ok
11:31:36.0372 0x15f4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:31:36.0468 0x15f4 usbhub - ok
11:31:36.0565 0x15f4 [ 5C4219C10B5887DFF85E1D2779AED55B, AD0B71103C42D3E4F2E76B949D986FCFE0717CF99D0F14CE4A4F07625C87F094 ] usbio C:\Windows\system32\Drivers\dsiarhwprog_x64.sys
11:31:36.0629 0x15f4 usbio - ok
11:31:36.0663 0x15f4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:31:36.0738 0x15f4 usbohci - ok
11:31:36.0785 0x15f4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:31:36.0840 0x15f4 usbprint - ok
11:31:36.0886 0x15f4 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:31:36.0909 0x15f4 usbscan - ok
11:31:36.0948 0x15f4 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:31:37.0005 0x15f4 USBSTOR - ok
11:31:37.0054 0x15f4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:31:37.0094 0x15f4 usbuhci - ok
11:31:37.0132 0x15f4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:31:37.0153 0x15f4 usbvideo - ok
11:31:37.0186 0x15f4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
11:31:37.0269 0x15f4 UxSms - ok
11:31:37.0290 0x15f4 [ 54C0E3156872881F6AB017210278E27E, 8C3C71535FAC3897E1AE5505302387D7EC7C93D9DB6CA8AD6C1E1B26FE33D367 ] VaultSvc C:\Windows\system32\lsass.exe
11:31:37.0306 0x15f4 VaultSvc - ok
11:31:37.0376 0x15f4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:31:37.0391 0x15f4 vdrvroot - ok
11:31:37.0472 0x15f4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
11:31:37.0530 0x15f4 vds - ok
11:31:37.0567 0x15f4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:31:37.0589 0x15f4 vga - ok
11:31:37.0645 0x15f4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:31:37.0736 0x15f4 VgaSave - ok
11:31:37.0784 0x15f4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:31:37.0810 0x15f4 vhdmp - ok
11:31:37.0845 0x15f4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
11:31:37.0879 0x15f4 viaide - ok
11:31:37.0917 0x15f4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:31:37.0935 0x15f4 volmgr - ok
11:31:37.0989 0x15f4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:31:38.0026 0x15f4 volmgrx - ok
11:31:38.0051 0x15f4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:31:38.0074 0x15f4 volsnap - ok
11:31:38.0176 0x15f4 [ 86C96C079293E2E06708E146A011F4C4, 10F8DBA78B76B304525FC72C83990F10133936010E26D2F9AEB2FB747F8B75C2 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
11:31:38.0205 0x15f4 vpnagent - ok
11:31:38.0269 0x15f4 [ 5932B2999AEF21C4599A792599F28D89, 78B2842BA71F9DAB5BB64BA4AB97BD19DEEFB075F83D735244906D046E78B2DC ] vpnva C:\Windows\system32\DRIVERS\vpnva64-6.sys
11:31:38.0303 0x15f4 vpnva - ok
11:31:38.0335 0x15f4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:31:38.0364 0x15f4 vsmraid - ok
11:31:38.0471 0x15f4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
11:31:38.0666 0x15f4 VSS - ok
11:31:38.0706 0x15f4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:31:38.0741 0x15f4 vwifibus - ok
11:31:38.0769 0x15f4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:31:38.0791 0x15f4 vwififlt - ok
11:31:38.0844 0x15f4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
11:31:38.0912 0x15f4 W32Time - ok
11:31:39.0003 0x15f4 [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
11:31:39.0053 0x15f4 W3SVC - ok
11:31:39.0085 0x15f4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:31:39.0156 0x15f4 WacomPen - ok
11:31:39.0219 0x15f4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:31:39.0277 0x15f4 WANARP - ok
11:31:39.0341 0x15f4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:31:39.0388 0x15f4 Wanarpv6 - ok
11:31:39.0454 0x15f4 [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
11:31:39.0482 0x15f4 WAS - ok
11:31:39.0671 0x15f4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
11:31:39.0806 0x15f4 wbengine - ok
11:31:39.0932 0x15f4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:31:39.0986 0x15f4 WbioSrvc - ok
11:31:40.0130 0x15f4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:31:40.0191 0x15f4 wcncsvc - ok
11:31:40.0254 0x15f4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:31:40.0340 0x15f4 WcsPlugInService - ok
11:31:40.0360 0x15f4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:31:40.0383 0x15f4 Wd - ok
11:31:40.0499 0x15f4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:31:40.0540 0x15f4 Wdf01000 - ok
11:31:40.0624 0x15f4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:31:40.0711 0x15f4 WdiServiceHost - ok
11:31:40.0733 0x15f4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:31:40.0752 0x15f4 WdiSystemHost - ok
11:31:40.0791 0x15f4 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
11:31:40.0829 0x15f4 WebClient - ok
11:31:40.0872 0x15f4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:31:40.0938 0x15f4 Wecsvc - ok
11:31:40.0964 0x15f4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:31:41.0007 0x15f4 wercplsupport - ok
11:31:41.0074 0x15f4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
11:31:41.0117 0x15f4 WerSvc - ok
11:31:41.0138 0x15f4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:31:41.0178 0x15f4 WfpLwf - ok
11:31:41.0208 0x15f4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:31:41.0234 0x15f4 WIMMount - ok
11:31:41.0275 0x15f4 WinDefend - ok
11:31:41.0314 0x15f4 WinHttpAutoProxySvc - ok
11:31:41.0371 0x15f4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:31:41.0439 0x15f4 Winmgmt - ok
11:31:41.0693 0x15f4 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
11:31:41.0888 0x15f4 WinRM - ok
11:31:42.0001 0x15f4 [ 935471EC43505CB23DA16600562EE19A, E43209B2ED8B17F9E39C7982D7A2DD37919B5F913AEF2E029B107A6E293F7482 ] WinTabService C:\Windows\System32\Drivers\WTSRV.EXE
11:31:42.0040 0x15f4 WinTabService - detected UnsignedFile.Multi.Generic ( 1 )
11:31:44.0687 0x15f4 Detect skipped due to KSN trusted
11:31:44.0687 0x15f4 WinTabService - ok
11:31:44.0807 0x15f4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:31:44.0845 0x15f4 WinUsb - ok
11:31:44.0935 0x15f4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:31:45.0156 0x15f4 Wlansvc - ok
11:31:45.0398 0x15f4 [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:31:45.0616 0x15f4 wlidsvc - ok
11:31:45.0680 0x15f4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:31:45.0710 0x15f4 WmiAcpi - ok
11:31:45.0757 0x15f4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:31:45.0796 0x15f4 wmiApSrv - ok
11:31:45.0845 0x15f4 WMPNetworkSvc - ok
11:31:45.0902 0x15f4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:31:45.0978 0x15f4 WPCSvc - ok
11:31:46.0017 0x15f4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:31:46.0051 0x15f4 WPDBusEnum - ok
11:31:46.0074 0x15f4 WPRO_40_1340 - ok
11:31:46.0096 0x15f4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:31:46.0157 0x15f4 ws2ifsl - ok
11:31:46.0192 0x15f4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
11:31:46.0274 0x15f4 wscsvc - ok
11:31:46.0278 0x15f4 WSearch - ok
11:31:46.0468 0x15f4 [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv C:\Windows\system32\wuaueng.dll
11:31:46.0646 0x15f4 wuauserv - ok
11:31:46.0706 0x15f4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:31:46.0738 0x15f4 WudfPf - ok
11:31:46.0803 0x15f4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:31:46.0841 0x15f4 WUDFRd - ok
11:31:46.0876 0x15f4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:31:46.0928 0x15f4 wudfsvc - ok
11:31:46.0983 0x15f4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
11:31:47.0022 0x15f4 WwanSvc - ok
11:31:47.0106 0x15f4 [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
11:31:47.0144 0x15f4 xnacc - ok
11:31:47.0160 0x15f4 ================ Scan global ===============================
11:31:47.0202 0x15f4 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
11:31:47.0253 0x15f4 [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
11:31:47.0274 0x15f4 [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
11:31:47.0323 0x15f4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
11:31:47.0420 0x15f4 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
11:31:47.0443 0x15f4 [ Global ] - ok
11:31:47.0443 0x15f4 ================ Scan MBR ==================================
11:31:47.0465 0x15f4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:31:48.0570 0x15f4 \Device\Harddisk0\DR0 - ok
11:31:48.0571 0x15f4 ================ Scan VBR ==================================
11:31:48.0588 0x15f4 [ A54DE7C4D8759A69791BF56AC31A740E ] \Device\Harddisk0\DR0\Partition1
11:31:48.0589 0x15f4 \Device\Harddisk0\DR0\Partition1 - ok
11:31:48.0620 0x15f4 [ 2E0DA7042D2ACA72EA5365EADFDCC041 ] \Device\Harddisk0\DR0\Partition2
11:31:48.0621 0x15f4 \Device\Harddisk0\DR0\Partition2 - ok
11:31:48.0622 0x15f4 ================ Scan generic autorun ======================
11:31:48.0778 0x15f4 [ B051321EE9D0318DD07EBEBB2031612E, 9F27B5841027825418CCCB87B6B14D50AEB11B1FD1492018D62450627AE20DDF ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
11:31:48.0841 0x15f4 TosSENotify - ok
11:31:48.0845 0x15f4 ThpSrv - ok
11:31:48.0957 0x15f4 [ 4EC4CF28E41033E750C96B4E87AB6389, E16EECB0F2D25AE6B23D7F83455ECB1F735242B097572C59DD2B63A0EBB6CC2C ] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
11:31:49.0054 0x15f4 Toshiba TEMPRO - ok
11:31:49.0057 0x15f4 TosReelTimeMonitor - ok
11:31:49.0063 0x15f4 NvCplDaemon - ok
11:31:49.0542 0x15f4 [ 910AFE116ADE17C93E892C38452075F9, E9CBFCF0549CACAC9B40BB67454548F996F1856AAF568D751015A3158F47043A ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11:31:50.0049 0x15f4 RtHDVCpl - ok
11:31:50.0138 0x15f4 [ FBDAF289E686A28B249E251FEE6F46BA, 95D39320EB317F0AAFBDF072CB8C413EA675D803424324514CDC4CD283B5F7B5 ] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
11:31:50.0179 0x15f4 SmoothView - ok
11:31:50.0217 0x15f4 [ BDB8DDAF65CD3C25715F834F0B037AFD, 47363CFAED28C3D369288130C210ABDA3553AC7B1345B255D5F4C2B28800BDA9 ] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
11:31:50.0238 0x15f4 TPwrMain - ok
11:31:50.0289 0x15f4 [ A62882F40163F1262808E380DB5FED69, 22AB7D89C5C625F7EC8239E8C32868625A459C79A8B6B37B8ADD184597BCA676 ] C:\Program Files\TOSHIBA\TBS\HSON.exe
11:31:50.0300 0x15f4 HSON - ok
11:31:50.0403 0x15f4 [ EA169D84B21E90790778B300E7ED1B17, A49D6287D73947A6DC449ECABA70BFB9A6F0F167C3E7A9D86F5E82E2EA4C9113 ] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
11:31:50.0436 0x15f4 00TCrdMain - ok
11:31:50.0439 0x15f4 SynTPEnh - ok
11:31:50.0441 0x15f4 SmartFaceVWatcher - ok
11:31:50.0462 0x15f4 Teco - ok
11:31:50.0505 0x15f4 [ 68F71973BB04E8E0D34068B206CB21AA, D15FF51C5CD76A8E9A9759AD6FFC6ADF45958CDD54D89EBC9866588188AFC017 ] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
11:31:50.0549 0x15f4 TosWaitSrv - ok
11:31:50.0699 0x15f4 [ CEB832917FD46757169EE35BD00A9172, FF45243B57197007692B6ED88A01016CC1B7A03B8D4770081FC5DC9B66698175 ] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
11:31:50.0758 0x15f4 HDMICtrlMan - ok
11:31:50.0763 0x15f4 MsmqIntCert - ok
11:31:50.0904 0x15f4 [ 96E8146A1107387EDA800CA9CA36CDB0, 76E52A0F3DF48049D6D0B647B9BF3EA5542BCB92699EE930C66A69936024BD9D ] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe
11:31:50.0952 0x15f4 SVPWUTIL - detected UnsignedFile.Multi.Generic ( 1 )
11:31:53.0599 0x15f4 Detect skipped due to KSN trusted
11:31:53.0599 0x15f4 SVPWUTIL - ok
11:31:53.0658 0x15f4 [ 8107E3A186C034DDEB14718D71332714, 641AD52C6F624A59648043D6E044B772B76DA1C82C4B3258A109A2FB67AACFA3 ] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe
11:31:53.0698 0x15f4 HWSetup - detected UnsignedFile.Multi.Generic ( 1 )
11:31:56.0358 0x15f4 Detect skipped due to KSN trusted
11:31:56.0358 0x15f4 HWSetup - ok
11:31:56.0382 0x15f4 [ C5B2679B0AE204FDD0415199B7AFEF20, A488839697F72F5E914DC87077F196F355E4AA85A5AC9C555D67BB47CC198750 ] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
11:31:56.0393 0x15f4 KeNotify - ok
11:31:56.0454 0x15f4 [ 7808875797D50C46B7AB84B6A70F7869, 6AF6DC6DE832B0559350ED06E06B86953323D13836D971B69FBB884D266E15E6 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
11:31:56.0485 0x15f4 TUSBSleepChargeSrv - ok
11:31:56.0532 0x15f4 [ AD64ADB9C72FCAB8E4C992528A9215FE, 6F6D7D4A0A1BD5C56C229A7D460191657E2A772CDFA3AF82991AB1CE73C7646D ] C:\Windows\system32\WTClient.exe
11:31:56.0603 0x15f4 WTClient - detected UnsignedFile.Multi.Generic ( 1 )
11:31:57.0344 0x1048 Object required for P2P: [ 910AFE116ADE17C93E892C38452075F9 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11:31:59.0352 0x15f4 Detect skipped due to KSN trusted
11:31:59.0352 0x15f4 WTClient - ok
11:31:59.0472 0x15f4 [ F316A9C0C8BBA9D2A98BE70EE0D8CA96, 20C83B6D1706DED7B645008CD29346A5FD14A4F67FCF17FED28E7A17F021E15B ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
11:31:59.0523 0x15f4 avgnt - ok
11:31:59.0572 0x15f4 [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
11:31:59.0604 0x15f4 SunJavaUpdateSched - ok
11:31:59.0728 0x15f4 [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
11:31:59.0749 0x15f4 GrooveMonitor - ok
11:31:59.0871 0x15f4 [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
11:31:59.0891 0x15f4 HP Software Update - ok
11:31:59.0911 0x15f4 Sidebar - ok
11:31:59.0956 0x15f4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:31:59.0990 0x15f4 mctadmin - ok
11:31:59.0991 0x15f4 Sidebar - ok
11:32:00.0002 0x15f4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:32:00.0027 0x15f4 mctadmin - ok
11:32:00.0118 0x1048 Object send P2P result: true
11:32:00.0218 0x15f4 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe
11:32:00.0246 0x15f4 Google Update - ok
11:32:00.0247 0x15f4 Sidebar - ok
11:32:00.0267 0x15f4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:32:00.0289 0x15f4 mctadmin - ok
11:32:00.0290 0x15f4 Waiting for KSN requests completion. In queue: 10
11:32:01.0290 0x15f4 Waiting for KSN requests completion. In queue: 10
11:32:02.0290 0x15f4 Waiting for KSN requests completion. In queue: 8
11:32:03.0391 0x15f4 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.17.264 ), 0x41000 ( enabled : updated )
11:32:03.0431 0x15f4 Win FW state via NFP2: enabled ( trusted )
11:32:06.0107 0x15f4 ============================================================
11:32:06.0107 0x15f4 Scan finished
11:32:06.0107 0x15f4 ============================================================
11:32:06.0123 0x0bd0 Detected object count: 1
11:32:06.0123 0x0bd0 Actual detected object count: 1
11:33:52.0744 0x0bd0 BEService ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:52.0744 0x0bd0 BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
24.05.2016, 21:00
| #7 |
| /// TB-Ausbilder /// Anleitungs-Guru | E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnen Jetzt bitte Suchscan durchführen: Schritt 1 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
25.05.2016, 17:03
| #8 |
| | Datei nicht gespeichert Hallo noch einmal Jürgen, so nun habe ich alles genau so gemacht, wie es in der Anleitung stand. Den eset Scanner auf dem Desktop gespeichert laufen lassen (er hat sehr lange gebraucht) und anschliessend ohne Häkchen in besagtem Fenster beendet. Es waren auch einige Bedrohungen gefunden worden. Anschliessend bin ich in den Explorer gegangen und wollte die LogDatei? unter dem beschriebenen Pfad suchen, um sie zu verschicken. Leider ist sie aber nicht dort gespeichert. Was habe ich denn nun falsch gemacht? Viele liebe Grüße Rita Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=dccdd31b22f2a94aa9db6761dec7916f
# end=init
# utc_time=2016-05-25 08:05:25
# local_time=2016-05-25 10:05:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29581
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=dccdd31b22f2a94aa9db6761dec7916f
# end=updated
# utc_time=2016-05-25 08:10:07
# local_time=2016-05-25 10:10:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=dccdd31b22f2a94aa9db6761dec7916f
# engine=29581
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-25 01:22:57
# local_time=2016-05-25 03:22:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 99 19726 60492965 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 81311005 215812427 0 0
# scanned=315326
# found=22
# cleaned=0
# scan_time=18770
sh=5F437ECC88A691B6161B1D168B3F4A93624F5832 ft=1 fh=400e77a5e5d54a3a vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Users\Lisa\AppData\Local\Babylon\Setup\Setup.exe.vir"
sh=42E37CBFA37877D247EBD37D9553CB6224D6BEE6 ft=1 fh=f28c0d11334dc659 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\DMR\dmr_72.exe"
sh=8677B6E03ED26043F72BD08D7302848EC32CB2FF ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\2c5bd440-7e8ebbfb"
sh=9EE86F1BF00B85D299567DACD297E264115FD743 ft=0 fh=0000000000000000 vn="Variante von Java/TrojanDownloader.Agent.NDR Trojaner" ac=I fn="C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\40f44a3c-7a902298"
sh=1447092BA29779C726829611180994E17718C412 ft=1 fh=23f22b72eb3a5b90 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\Downloads\PDFCreator-1_7_2_setup_offline.exe"
sh=D82E699FCE2E53C9EB86439A598B29ED2F88C7DD ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (1).zip"
sh=D82E699FCE2E53C9EB86439A598B29ED2F88C7DD ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (2).zip"
sh=D82E699FCE2E53C9EB86439A598B29ED2F88C7DD ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (3).zip"
sh=D82E699FCE2E53C9EB86439A598B29ED2F88C7DD ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016.zip"
sh=605E3E8418A04E87BAF72E41D00D92D44A2B3439 ft=1 fh=9aaf54e83134ef57 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer (1).exe"
sh=ADFB74744F550DE8622B4D478F2466AF277B1E60 ft=1 fh=5be34080b5af8341 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer.exe"
sh=73811A6ADA417F3312C59AB5817FE22575966F67 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Montiera.T evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2015-12-06 190002\Backup Files 2015-12-06 190002\Backup files 12.zip"
sh=250191F4AC99CC8953F3F9CF08BDE17BA56F3E78 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\TOSHIBA\Backup Set 2015-12-06 190002\Backup Files 2015-12-06 190002\Backup files 19.zip"
sh=1B46050061ECB36938845E941FC520511AE4BBEE ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2015-12-06 190002\Backup Files 2016-01-03 190002\Backup files 28.zip"
sh=E2096F91F29226AFDA378E8081D36736905A9A10 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Montiera.T evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2016-01-17 190003\Backup Files 2016-01-17 190003\Backup files 12.zip"
sh=33C3BC97FE98F00D55F906AE03849F49DBEB0649 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\TOSHIBA\Backup Set 2016-01-17 190003\Backup Files 2016-01-17 190003\Backup files 20.zip"
sh=6F80226EF1DC6E8BE6524B5E8E5F059A59D31631 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2016-01-17 190003\Backup Files 2016-01-17 190003\Backup files 54.zip"
sh=CB5371A33D8C30D096D868085B2A458234271B72 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Montiera.T evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2016-04-03 190003\Backup Files 2016-04-03 190003\Backup files 12.zip"
sh=6F87CC1C2DE253F86DA3E551DBCBFE67E501500B ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\TOSHIBA\Backup Set 2016-04-03 190003\Backup Files 2016-04-03 190003\Backup files 20.zip"
sh=3E74DA6FB8498851235463230E725587E33346F3 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2016-04-03 190003\Backup Files 2016-04-03 190003\Backup files 54.zip"
sh=E84FA5C15A0A7D7C8BBBBC04DA6F95D12254B4B2 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2016-04-03 190003\Backup Files 2016-05-23 140651\Backup files 2.zip"
sh=7747176074D75AAC2097E4F90C535D294C434B0B ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="D:\TOSHIBA\Backup Set 2016-04-03 190003\Backup Files 2016-05-23 140651\Backup files 4.zip"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=dccdd31b22f2a94aa9db6761dec7916f
# end=init
# utc_time=2016-05-25 03:51:59
# local_time=2016-05-25 05:51:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29587
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=dccdd31b22f2a94aa9db6761dec7916f
# end=updated
# utc_time=2016-05-25 03:53:25
# local_time=2016-05-25 05:53:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=dccdd31b22f2a94aa9db6761dec7916f
# engine=29587
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-25 03:54:22
# local_time=2016-05-25 05:54:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 99 13639 60502050 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 81320090 215821512 0 0
# scanned=1895
# found=1
# cleaned=0
# scan_time=57
sh=5F437ECC88A691B6161B1D168B3F4A93624F5832 ft=1 fh=400e77a5e5d54a3a vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Users\Lisa\AppData\Local\Babylon\Setup\Setup.exe.vir"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=dccdd31b22f2a94aa9db6761dec7916f
# end=init
# utc_time=2016-05-25 08:05:25
# local_time=2016-05-25 10:05:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29581
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=dccdd31b22f2a94aa9db6761dec7916f
# end=updated
# utc_time=2016-05-25 08:10:07
# local_time=2016-05-25 10:10:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=dccdd31b22f2a94aa9db6761dec7916f
# engine=29581
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-25 01:22:57
# local_time=2016-05-25 03:22:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 99 19726 60492965 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 81311005 215812427 0 0
# scanned=315326
# found=22
# cleaned=0
# scan_time=18770
sh=5F437ECC88A691B6161B1D168B3F4A93624F5832 ft=1 fh=400e77a5e5d54a3a vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Users\Lisa\AppData\Local\Babylon\Setup\Setup.exe.vir"
sh=42E37CBFA37877D247EBD37D9553CB6224D6BEE6 ft=1 fh=f28c0d11334dc659 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\AppData\Local\Temp\DMR\dmr_72.exe"
sh=8677B6E03ED26043F72BD08D7302848EC32CB2FF ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\2c5bd440-7e8ebbfb"
sh=9EE86F1BF00B85D299567DACD297E264115FD743 ft=0 fh=0000000000000000 vn="Variante von Java/TrojanDownloader.Agent.NDR Trojaner" ac=I fn="C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\40f44a3c-7a902298"
sh=1447092BA29779C726829611180994E17718C412 ft=1 fh=23f22b72eb3a5b90 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\Downloads\PDFCreator-1_7_2_setup_offline.exe"
sh=D82E699FCE2E53C9EB86439A598B29ED2F88C7DD ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (1).zip"
sh=D82E699FCE2E53C9EB86439A598B29ED2F88C7DD ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (2).zip"
sh=D82E699FCE2E53C9EB86439A598B29ED2F88C7DD ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (3).zip"
sh=D82E699FCE2E53C9EB86439A598B29ED2F88C7DD ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016.zip"
sh=605E3E8418A04E87BAF72E41D00D92D44A2B3439 ft=1 fh=9aaf54e83134ef57 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer (1).exe"
sh=ADFB74744F550DE8622B4D478F2466AF277B1E60 ft=1 fh=5be34080b5af8341 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer.exe"
sh=73811A6ADA417F3312C59AB5817FE22575966F67 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Montiera.T evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2015-12-06 190002\Backup Files 2015-12-06 190002\Backup files 12.zip"
sh=250191F4AC99CC8953F3F9CF08BDE17BA56F3E78 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\TOSHIBA\Backup Set 2015-12-06 190002\Backup Files 2015-12-06 190002\Backup files 19.zip"
sh=1B46050061ECB36938845E941FC520511AE4BBEE ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2015-12-06 190002\Backup Files 2016-01-03 190002\Backup files 28.zip"
sh=E2096F91F29226AFDA378E8081D36736905A9A10 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Montiera.T evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2016-01-17 190003\Backup Files 2016-01-17 190003\Backup files 12.zip"
sh=33C3BC97FE98F00D55F906AE03849F49DBEB0649 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\TOSHIBA\Backup Set 2016-01-17 190003\Backup Files 2016-01-17 190003\Backup files 20.zip"
sh=6F80226EF1DC6E8BE6524B5E8E5F059A59D31631 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2016-01-17 190003\Backup Files 2016-01-17 190003\Backup files 54.zip"
sh=CB5371A33D8C30D096D868085B2A458234271B72 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Montiera.T evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2016-04-03 190003\Backup Files 2016-04-03 190003\Backup files 12.zip"
sh=6F87CC1C2DE253F86DA3E551DBCBFE67E501500B ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\TOSHIBA\Backup Set 2016-04-03 190003\Backup Files 2016-04-03 190003\Backup files 20.zip"
sh=3E74DA6FB8498851235463230E725587E33346F3 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2016-04-03 190003\Backup Files 2016-04-03 190003\Backup files 54.zip"
sh=E84FA5C15A0A7D7C8BBBBC04DA6F95D12254B4B2 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\TOSHIBA\Backup Set 2016-04-03 190003\Backup Files 2016-05-23 140651\Backup files 2.zip"
sh=7747176074D75AAC2097E4F90C535D294C434B0B ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Nymaim.BA Trojaner" ac=I fn="D:\TOSHIBA\Backup Set 2016-04-03 190003\Backup Files 2016-05-23 140651\Backup files 4.zip"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=dccdd31b22f2a94aa9db6761dec7916f
# end=init
# utc_time=2016-05-25 03:51:59
# local_time=2016-05-25 05:51:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29587
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=dccdd31b22f2a94aa9db6761dec7916f
# end=updated
# utc_time=2016-05-25 03:53:25
# local_time=2016-05-25 05:53:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=dccdd31b22f2a94aa9db6761dec7916f
# engine=29587
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-25 03:54:22
# local_time=2016-05-25 05:54:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 99 13639 60502050 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 81320090 215821512 0 0
# scanned=1895
# found=1
# cleaned=0
# scan_time=57
sh=5F437ECC88A691B6161B1D168B3F4A93624F5832 ft=1 fh=400e77a5e5d54a3a vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\FileQuarantine\C\Users\Lisa\AppData\Local\Babylon\Setup\Setup.exe.vir"
Schönen Feiertag wünsche ich. |
|
25.05.2016, 21:14
| #9 |
| /// TB-Ausbilder /// Anleitungs-Guru | E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnen Aktive Malware ist da keine. Schritt 1  Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Metropolis
AlternateDataStreams: C:\Users\Lisa:zylomtest [0]
AlternateDataStreams: C:\Users\Lisa:zylomtr{000HQ7FF-AD7A-3FG7-5P29-2A14KFREQVPH} [38]
AlternateDataStreams: C:\ProgramData\TEMP:27F44544 [143]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [144]
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (1).zip
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (2).zip
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (3).zip
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016.zip
C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer (1).exe
C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer.exe
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\...\Firefox\Extensions: [{F3BCF7EE-E099-4F03-BE86-F30DBE55098C}] - C:\Users\Lisa\AppData\Local\{F3BCF7EE-E099-4F03-BE86-F30DBE55098C}
FF Extension: XULRunner - C:\Users\Lisa\AppData\Local\{F3BCF7EE-E099-4F03-BE86-F30DBE55098C} [2010-10-07] [ist nicht signiert]
2010-10-07 20:45 - 2010-10-07 20:46 - 0000020 _____ () C:\Users\Lisa\AppData\Roaming\cnmkat.dat
2010-10-07 20:48 - 2010-10-08 21:36 - 0000120 _____ () C:\Users\Lisa\AppData\Local\Mxupawev.dat
2010-10-07 20:48 - 2010-10-08 05:39 - 0000000 _____ () C:\Users\Lisa\AppData\Local\Swukupecejoxodok.bin
CreateRestorePoint:
EmptyTemp:
Bitte unbedingt die ganzen alten Java-Versionen deinstallieren, Firefox updaten oder deinstallieren.  Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.   Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken (z.B. hier) in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Kauf-Empfehlung:  Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
26.05.2016, 07:38
| #10 |
| | Datei hängt Hallo Jürgen, habe die 'Fixlist' auf dem Desktop gespeichert und den Frst-Editor gestartet. Wenn ich dann die DEL Taste drücke, hängst sich der Frst-Editor auf und muss per Task-Manager geschlossen werden. Weiter komme ich leider nicht. Was nun? LG Rita Also irgendwie hängt im Moment alles. Habe versucht Mozilla zu deinstallieren, aber ...keine Reaktion. Irgendwie funktioniert kein Löschen, kein 'nicht speicher' usw. Die Programme reagieren nicht. Bekomme neuerdings auch diese Fehlermeldung: In dem Script auf dieser Seite ist ein Fehler aufgetreten. Zeile: 408 Zeichen: 13 Fehler: Die Eigenschaft 'scrollTop' eines undefinierten oder Nullverweises kann nicht aufgerufen werden. Code: 0 URL:///C:/ProgramData/Avira/Antivirus/IPM/lpmDocument.html Möchten Sie, dass Scripts auf dieser Seite weiterhin ausgeführt werden? ja nein Kann mir nichts damit anfangen... |
|
26.05.2016, 09:19
| #11 |
| /// TB-Ausbilder /// Anleitungs-Guru | E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnen Dann würde ich Avira deinstallieren und ein Programm verwenden welches benutzerfreundlicher ist. Außerdem soll erst der Fix ausgeführt werden. Wie lange hast Du denn gewartet? Das kann schon 10 Min. oder so dauern.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
28.05.2016, 09:05
| #12 |
| | E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnen Die Fixlist hatte ich ja erstellt und auf dem Desktop gespeichert. Dort ist auch Frst. Habe Frst geöffnet und die 'delate' Taste gedrückt. Da ist der erste Buchstabe des in Frst vorhandenen Textes verschwunden. Weiter ist nichts geschehen. Das Ganze habe ich eben noch einmal versucht, jetzt hängt es zwar nicht mehr, aber alles andere blieb so, wie ich es oben beschrieben habe. Welches Antiviren Programm ist denn benutzerfreundlicher als Avira? Schmeisse das dann runter. Code:
ATTFilter CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Metropolis
AlternateDataStreams: C:\Users\Lisa:zylomtest [0]
AlternateDataStreams: C:\Users\Lisa:zylomtr{000HQ7FF-AD7A-3FG7-5P29-2A14KFREQVPH} [38]
AlternateDataStreams: C:\ProgramData\TEMP:27F44544 [143]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [144]
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (1).zip
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (2).zip
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (3).zip
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016.zip
C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer (1).exe
C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer.exe
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\...\Firefox\Extensions: [{F3BCF7EE-E099-4F03-BE86-F30DBE55098C}] - C:\Users\Lisa\AppData\Local\{F3BCF7EE-E099-4F03-BE86-F30DBE55098C}
FF Extension: XULRunner - C:\Users\Lisa\AppData\Local\{F3BCF7EE-E099-4F03-BE86-F30DBE55098C} [2010-10-07] [ist nicht signiert]
2010-10-07 20:45 - 2010-10-07 20:46 - 0000020 _____ () C:\Users\Lisa\AppData\Roaming\cnmkat.dat
2010-10-07 20:48 - 2010-10-08 21:36 - 0000120 _____ () C:\Users\Lisa\AppData\Local\Mxupawev.dat
2010-10-07 20:48 - 2010-10-08 05:39 - 0000000 _____ () C:\Users\Lisa\AppData\Local\Swukupecejoxodok.bin
CreateRestorePoint:
EmptyTemp:
|
|
28.05.2016, 09:23
| #13 |
| /// TB-Ausbilder /// Anleitungs-Guru | E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnen Du sollst aber den ENTFERNEN-Button bei FRST drücken und nicht die Tastatur! Sind doch sogar Bilder über Schritt 1... Und die Fixlist-Datei soll auch nicht geöffnet sein.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
28.05.2016, 10:21
| #14 |
| | E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnenCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:22-05-2016 01
durchgeführt von Lisa (2016-05-28 10:33:32) Run:1
Gestartet von C:\Users\Lisa\Desktop
Geladene Profile: Lisa (Verfügbare Profile: Lisa & DefaultAppPool)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Metropolis
AlternateDataStreams: C:\Users\Lisa:zylomtest [0]
AlternateDataStreams: C:\Users\Lisa:zylomtr{000HQ7FF-AD7A-3FG7-5P29-2A14KFREQVPH} [38]
AlternateDataStreams: C:\ProgramData\TEMP:27F44544 [143]
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [144]
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (1).zip
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (2).zip
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (3).zip
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016.zip
C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer (1).exe
C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer.exe
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\...\Firefox\Extensions: [{F3BCF7EE-E099-4F03-BE86-F30DBE55098C}] - C:\Users\Lisa\AppData\Local\{F3BCF7EE-E099-4F03-BE86-F30DBE55098C}
FF Extension: XULRunner - C:\Users\Lisa\AppData\Local\{F3BCF7EE-E099-4F03-BE86-F30DBE55098C} [2010-10-07] [ist nicht signiert]
2010-10-07 20:45 - 2010-10-07 20:46 - 0000020 _____ () C:\Users\Lisa\AppData\Roaming\cnmkat.dat
2010-10-07 20:48 - 2010-10-08 21:36 - 0000120 _____ () C:\Users\Lisa\AppData\Local\Mxupawev.dat
2010-10-07 20:48 - 2010-10-08 05:39 - 0000000 _____ () C:\Users\Lisa\AppData\Local\Swukupecejoxodok.bin
CreateRestorePoint:
EmptyTemp:
*****************
Prozess erfolgreich geschlossen.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Metropolis => Schlüssel erfolgreich entfernt
C:\Users\Lisa => ":zylomtest" ADS erfolgreich entfernt.
C:\Users\Lisa => ":zylomtr{000HQ7FF-AD7A-3FG7-5P29-2A14KFREQVPH}" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":27F44544" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":CB0AACC9" ADS erfolgreich entfernt.
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (1).zip => erfolgreich verschoben
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (2).zip => erfolgreich verschoben
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016 (3).zip => erfolgreich verschoben
C:\Users\Lisa\Downloads\Rita Weiler Stellvertretender Rechtsanwalt DirectPay AG 19.05.2016.zip => erfolgreich verschoben
C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer (1).exe => erfolgreich verschoben
C:\Users\Lisa\Downloads\Trojan Remover - CHIP-Installer.exe => erfolgreich verschoben
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Schlüssel nicht gefunden.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Schlüssel nicht gefunden.
HKU\S-1-5-21-2847114485-2203063503-2096561936-1000\Software\Mozilla\Firefox\Extensions\\{F3BCF7EE-E099-4F03-BE86-F30DBE55098C} => Wert erfolgreich entfernt
C:\Users\Lisa\AppData\Local\{F3BCF7EE-E099-4F03-BE86-F30DBE55098C} => erfolgreich verschoben
C:\Users\Lisa\AppData\Roaming\cnmkat.dat => erfolgreich verschoben
C:\Users\Lisa\AppData\Local\Mxupawev.dat => erfolgreich verschoben
C:\Users\Lisa\AppData\Local\Swukupecejoxodok.bin => erfolgreich verschoben
Wiederherstellungspunkt wurde erfolgreich erstellt.
EmptyTemp: => 1.2 GB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 10:35:10 ====
Wäre echt dankbar, wenn Du mir ein paar Alternativen für bessere Antivirenprogramme geben könntest. LG Rita |
|
28.05.2016, 10:46
| #15 |
| /// TB-Ausbilder /// Anleitungs-Guru | E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnen Ja, passt. Meine Empfehlung steht doch weiter oben?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu E-Mail von direct pay ag erhalten und versucht den zip Anhang zu öffnen |
| angeblich, anhang, anhang geöffnet win zip datei, bereits, compu, datei, direct, e-mail, ebanking, erhalte, erhalten, fehler, gecheckt, genutzt, hinweis, installier, installiert, kostenpflichtig, mails, malware, onlinebanking, paypal, versendet, versucht, winrar, winzip, öffnen |
Linear-Darstellung
