Malware + Startseitenänderung + Werbetab-Popups

Danyelz · 14.06.2016, 15:21

Guten Tag, ich habe letztens wohl eine falsche Datei erwischt und erst bei der Hälfte der Installation auf abbrechen geklickt und jetzt hab ich den Salat

Was ist passiert bzw. passiert?

1) Die Startseite hat sich geändert zu -> safebrowse.biz
1.1) Es öffnet sich PopUp-Werbung in den Tabs

Was habe ich selber unternommen?

2) ZoneAlarm hat bei einem Komplettscan nichts entdeckt.
2.1) MalwareByte hat auch nichts erkannt. Jetzt nach 3 Tagen, hat es etwas gefunden.

Sonstiges
3) Habe mir Tipps zu Safebrowse aus dem Internet geholt. Da nichts zum Deinstallieren da war, und auch nichts bei den Google Chrome Diensten, wurde ich später in der Verknüpfung selber fündig.
3.1) Nach dem "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe", gab es einen Anhängsel den ich gelöscht habe. Das Problem mit der Startseite war behoben für einen Tag, kam dann doch wieder, bis Malwarebyte heute etwas gefunden und bereinigt hat.
3.2) Das Letzte was nun noch über ist, ist die Popup-Werbung

Hier die Logs von MalwareByte

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 14.06.2016
Suchlaufzeit: 15:04
Protokolldatei: Pro1.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.06.14.02
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: DaUra

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 294395
Abgelaufene Zeit: 7 Min., 36 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 3
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{270E2D0E-8C28-46AC-9F21-5690F550B087}|AutoConfigUrl, hxxp://un-stop.info/wpad.dat?9220ab4c300d39419c6dfbac0076222f11320041, In Quarantäne, [f4e6f20a1a7fe05642ac1f9deb1724dc]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0hxxp://un-stop.info/wpad.dat?9220ab4c300d39419c6dfbac0076222f11320041, In Quarantäne, [fae09a62cdcc053128c76953f70bb14f]
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-3833861499-410864776-4231530817-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, hxxp://un-stop.info/wpad.dat?9220ab4c300d39419c6dfbac0076222f11320041, In Quarantäne, [ab2f01fb1b7e5adcf7f511abf70b3cc4]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Detection, 14.06.2016 01:23, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, IP, 92.241.162.3, giraffetraffic.com, 64360, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 14.06.2016 01:23, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, IP, 92.241.162.3, giraffetraffic.com, 64360, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 14.06.2016 01:23, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, IP, 92.241.162.3, giraffetraffic.com, 64361, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 14.06.2016 15:04, SYSTEM, DESKTOP-FASB6LE, Scheduler, IP Database, 2016.6.13.3, 2016.6.14.2, 
Update, 14.06.2016 15:04, SYSTEM, DESKTOP-FASB6LE, Scheduler, Domain Database, 2016.6.13.3, 2016.6.14.2, 
Update, 14.06.2016 15:04, SYSTEM, DESKTOP-FASB6LE, Scheduler, Malware Database, 2016.6.13.5, 2016.6.14.2, 
Protection, 14.06.2016 15:04, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 14.06.2016 15:04, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 14.06.2016 15:04, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 14.06.2016 15:04, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 14.06.2016 15:04, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 14.06.2016 15:04, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Scan, 14.06.2016 15:49, SYSTEM, DESKTOP-FASB6LE, Context, Start: 14.06.2016 15:04, Dauer: 7 Min. 36 Sek., Bedrohungssuchlauf, Abgeschlossen, 3 Malware-Erkennung, 0 Nicht-Malware-Erkennungen, 
Protection, 14.06.2016 15:51, SYSTEM, DESKTOP-FASB6LE, Protection, Malware Protection, Starting, 
Protection, 14.06.2016 15:51, SYSTEM, DESKTOP-FASB6LE, Protection, Malware Protection, Started, 
Protection, 14.06.2016 15:51, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 14.06.2016 15:51, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 

(end)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Detection, 13.06.2016 01:09, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 54.208.53.86, zo1.november-lax.com, 65064, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 13.06.2016 01:09, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 54.208.53.86, zo1.november-lax.com, 65064, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 13.06.2016 01:16, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 52.20.36.222, zs1.november-lax.com, 49609, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 13.06.2016 01:16, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 52.20.36.222, zs1.november-lax.com, 49609, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 13.06.2016 02:39, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 146.148.46.20, www.liveadexchanger.com, 52748, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 13.06.2016 02:39, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 146.148.46.20, www.liveadexchanger.com, 52748, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 13.06.2016 02:39, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 146.148.46.20, www.liveadexchanger.com, 52749, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 13.06.2016 10:34, SYSTEM, DESKTOP-FASB6LE, Scheduler, Malware Database, 2016.6.12.4, 2016.6.13.2, 
Protection, 13.06.2016 10:34, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 13.06.2016 10:34, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 13.06.2016 10:34, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 13.06.2016 10:34, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 13.06.2016 10:34, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 13.06.2016 10:34, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 13.06.2016 16:13, SYSTEM, DESKTOP-FASB6LE, Scheduler, Domain Database, 2016.6.12.6, 2016.6.13.2, 
Update, 13.06.2016 16:13, SYSTEM, DESKTOP-FASB6LE, Scheduler, Malware Database, 2016.6.13.2, 2016.6.13.3, 
Protection, 13.06.2016 16:13, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 13.06.2016 16:13, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 13.06.2016 16:13, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 13.06.2016 16:13, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 13.06.2016 16:13, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 13.06.2016 16:13, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 13.06.2016 16:54, SYSTEM, DESKTOP-FASB6LE, Scheduler, IP Database, 2016.6.12.2, 2016.6.13.1, 
Update, 13.06.2016 16:54, SYSTEM, DESKTOP-FASB6LE, Scheduler, Domain Database, 2016.6.13.2, 2016.6.13.3, 
Protection, 13.06.2016 16:54, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 13.06.2016 16:54, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 13.06.2016 16:54, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 13.06.2016 16:54, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 13.06.2016 16:54, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 13.06.2016 16:54, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 13.06.2016 20:38, SYSTEM, DESKTOP-FASB6LE, Scheduler, IP Database, 2016.6.13.1, 2016.6.13.3, 
Update, 13.06.2016 20:38, SYSTEM, DESKTOP-FASB6LE, Scheduler, Malware Database, 2016.6.13.3, 2016.6.13.4, 
Protection, 13.06.2016 20:38, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 13.06.2016 20:38, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 13.06.2016 20:38, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 13.06.2016 20:38, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 13.06.2016 20:38, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 13.06.2016 20:38, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Detection, 13.06.2016 21:56, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 52.204.54.103, zl1.november-lax.com, 53560, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 13.06.2016 21:56, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 52.204.54.103, zl1.november-lax.com, 53560, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 13.06.2016 21:56, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 52.204.54.103, zl1.november-lax.com, 53561, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 13.06.2016 22:52, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 23.21.252.84, sportsaddict.thewhizproducts.com, 56355, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 13.06.2016 22:52, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 23.21.252.84, sportsaddict.thewhizproducts.com, 56355, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 13.06.2016 22:52, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 23.21.252.84, sportsaddict.thewhizproducts.com, 56356, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 13.06.2016 23:56, SYSTEM, DESKTOP-FASB6LE, Scheduler, Malware Database, 2016.6.13.4, 2016.6.13.5, 
Protection, 13.06.2016 23:56, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 13.06.2016 23:56, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 13.06.2016 23:56, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 13.06.2016 23:56, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 13.06.2016 23:56, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 13.06.2016 23:56, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 

(end)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 12.06.2016 13:07, SYSTEM, DESKTOP-FASB6LE, Protection, Malware Protection, Starting, 
Protection, 12.06.2016 13:07, SYSTEM, DESKTOP-FASB6LE, Protection, Malware Protection, Started, 
Protection, 12.06.2016 13:07, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 12.06.2016 13:07, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 12.06.2016 13:07, SYSTEM, DESKTOP-FASB6LE, Scheduler, Domain Database, 2016.6.11.3, 2016.6.12.1, 
Update, 12.06.2016 13:08, SYSTEM, DESKTOP-FASB6LE, Scheduler, Malware Database, 2016.6.11.4, 2016.6.12.2, 
Protection, 12.06.2016 13:08, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 12.06.2016 13:08, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 12.06.2016 13:08, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 12.06.2016 13:08, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 12.06.2016 13:08, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 12.06.2016 13:08, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Scan, 12.06.2016 13:19, SYSTEM, DESKTOP-FASB6LE, Context, Start: 12.06.2016 13:08, Dauer: 10 Min. 55 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen, 
Update, 12.06.2016 15:00, SYSTEM, DESKTOP-FASB6LE, Scheduler, IP Database, 2016.6.10.1, 2016.6.12.1, 
Update, 12.06.2016 15:00, SYSTEM, DESKTOP-FASB6LE, Scheduler, Domain Database, 2016.6.12.1, 2016.6.12.2, 
Protection, 12.06.2016 15:00, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 12.06.2016 15:00, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 12.06.2016 15:00, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 12.06.2016 15:00, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 12.06.2016 15:00, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 12.06.2016 15:00, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 12.06.2016 15:50, SYSTEM, DESKTOP-FASB6LE, Scheduler, IP Database, 2016.6.12.1, 2016.6.12.2, 
Update, 12.06.2016 15:50, SYSTEM, DESKTOP-FASB6LE, Scheduler, Domain Database, 2016.6.12.2, 2016.6.12.3, 
Protection, 12.06.2016 15:50, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 12.06.2016 15:50, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 12.06.2016 15:50, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 12.06.2016 15:51, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 12.06.2016 15:51, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 12.06.2016 15:51, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 12.06.2016 17:37, SYSTEM, DESKTOP-FASB6LE, Scheduler, Malware Database, 2016.6.12.2, 2016.6.12.3, 
Protection, 12.06.2016 17:37, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 12.06.2016 17:37, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 12.06.2016 17:37, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 12.06.2016 17:37, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 12.06.2016 17:37, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 12.06.2016 17:37, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 12.06.2016 19:41, SYSTEM, DESKTOP-FASB6LE, Scheduler, Domain Database, 2016.6.12.3, 2016.6.12.4, 
Protection, 12.06.2016 19:41, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 12.06.2016 19:41, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 12.06.2016 19:41, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 12.06.2016 19:41, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 12.06.2016 19:41, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 12.06.2016 19:41, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Protection, 12.06.2016 19:42, SYSTEM, DESKTOP-FASB6LE, Protection, Malware Protection, Starting, 
Protection, 12.06.2016 19:42, SYSTEM, DESKTOP-FASB6LE, Protection, Malware Protection, Started, 
Protection, 12.06.2016 19:42, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 12.06.2016 19:42, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 12.06.2016 19:56, SYSTEM, DESKTOP-FASB6LE, Scheduler, Domain Database, 2016.6.12.4, 2016.6.12.5, 
Protection, 12.06.2016 19:56, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 12.06.2016 19:56, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 12.06.2016 19:56, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 12.06.2016 19:56, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 12.06.2016 19:56, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 12.06.2016 19:56, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 12.06.2016 23:27, SYSTEM, DESKTOP-FASB6LE, Scheduler, Domain Database, 2016.6.12.5, 2016.6.12.6, 
Update, 12.06.2016 23:27, SYSTEM, DESKTOP-FASB6LE, Scheduler, Malware Database, 2016.6.12.3, 2016.6.12.4, 
Protection, 12.06.2016 23:27, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 12.06.2016 23:27, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 12.06.2016 23:27, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 12.06.2016 23:27, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 12.06.2016 23:27, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 12.06.2016 23:28, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Detection, 12.06.2016 23:31, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 65.52.144.16, feed.helperbar.com, 56626, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 12.06.2016 23:31, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 65.52.144.16, feed.helperbar.com, 56626, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 12.06.2016 23:31, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Domain, 65.52.144.16, feed.helperbar.com, 56627, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

(end)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 12.06.2016
Suchlaufzeit: 13:08
Protokolldatei: Pro5.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.06.12.02
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: DaUra

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 294123
Abgelaufene Zeit: 10 Min., 55 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Protection, Malware Protection, Starting, 
Protection, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Protection, Malware Protection, Started, 
Protection, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Manual, Rootkit Database, 2016.2.8.1, 2016.5.27.1, 
Update, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Manual, IP Database, 2016.2.8.1, 2016.6.10.1, 
Update, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Manual, Remediation Database, 2016.2.12.1, 2016.5.25.1, 
Update, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Manual, Domain Database, 2016.2.16.8, 2016.6.10.3, 
Update, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Manual, Malware Database, 2016.2.16.6, 2016.6.11.1, 
Protection, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 11.06.2016 04:23, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Scan, 11.06.2016 04:31, SYSTEM, DESKTOP-FASB6LE, Manual, Start: 11.06.2016 04:23, Dauer: 8 Min. 7 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 2 Nicht-Malware-Erkennungen, 
Update, 11.06.2016 13:15, SYSTEM, DESKTOP-FASB6LE, Scheduler, Malware Database, 2016.6.11.1, 2016.6.11.2, 
Protection, 11.06.2016 13:15, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 11.06.2016 13:15, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 11.06.2016 13:15, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 11.06.2016 13:15, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 11.06.2016 13:16, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 11.06.2016 13:16, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 11.06.2016 14:49, SYSTEM, DESKTOP-FASB6LE, Scheduler, Domain Database, 2016.6.10.3, 2016.6.11.1, 
Update, 11.06.2016 14:49, SYSTEM, DESKTOP-FASB6LE, Scheduler, Malware Database, 2016.6.11.2, 2016.6.11.3, 
Protection, 11.06.2016 14:49, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 11.06.2016 14:49, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 11.06.2016 14:49, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 11.06.2016 14:49, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 11.06.2016 14:49, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 11.06.2016 14:49, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 11.06.2016 17:04, SYSTEM, DESKTOP-FASB6LE, Scheduler, Domain Database, 2016.6.11.1, 2016.6.11.2, 
Protection, 11.06.2016 17:04, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 11.06.2016 17:04, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 11.06.2016 17:04, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 11.06.2016 17:04, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 11.06.2016 17:04, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 11.06.2016 17:04, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 11.06.2016 17:52, SYSTEM, DESKTOP-FASB6LE, Scheduler, Domain Database, 2016.6.11.2, 2016.6.11.3, 
Protection, 11.06.2016 17:52, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 11.06.2016 17:52, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 11.06.2016 17:52, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 11.06.2016 17:52, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 11.06.2016 17:52, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 11.06.2016 17:53, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Update, 11.06.2016 19:55, SYSTEM, DESKTOP-FASB6LE, Scheduler, Malware Database, 2016.6.11.3, 2016.6.11.4, 
Protection, 11.06.2016 19:55, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Starting, 
Protection, 11.06.2016 19:55, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 11.06.2016 19:55, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 11.06.2016 19:55, SYSTEM, DESKTOP-FASB6LE, Protection, Refresh, Success, 
Protection, 11.06.2016 19:55, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Starting, 
Protection, 11.06.2016 19:55, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Started, 
Protection, 11.06.2016 21:13, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopping, 
Protection, 11.06.2016 21:13, SYSTEM, DESKTOP-FASB6LE, Protection, Malicious Website Protection, Stopped, 
Protection, 11.06.2016 21:13, SYSTEM, DESKTOP-FASB6LE, Protection, Malware Protection, Stopping, 
Protection, 11.06.2016 21:13, SYSTEM, DESKTOP-FASB6LE, Protection, Malware Protection, Stopped, 

(end)

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 11.06.2016
Suchlaufzeit: 04:23
Protokolldatei: Pro7.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.06.11.01
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: DaUra

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 293949
Abgelaufene Zeit: 8 Min., 7 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 1
PUP.Optional.SpringFiles, C:\Users\DaUra\AppData\Roaming\SpringFiles, In Quarantäne, [97163bc0cecbe4521eeb4e67c14135cb], 

Dateien: 1
PUP.Optional.ExpressFiles, C:\Users\DaUra\AppData\Local\Temp\BOpZGtX7FY.tmp, In Quarantäne, [14997f7c1386e650264863765aa731cf], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

M-K-D-B · 14.06.2016, 16:51

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

Danyelz · 14.06.2016, 17:08

FRST

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
durchgeführt von DaUra (Administrator) auf DESKTOP-FASB6LE (14-06-2016 17:54:32)
Gestartet von C:\Users\DaUra\Downloads
Geladene Profile: DaUra (Verfügbare Profile: DaUra)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4949\Agent.exe
() C:\Program Files (x86)\FeedReader30\feedreader.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.7505\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7505\Battle.net Helper.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7505\Battle.net Helper.exe
(AppWork GmbH) C:\Users\DaUra\JDownloader v2.0\JDownloader2.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Spotify Ltd) C:\Users\DaUra\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134792 2015-11-07] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [Spotify Web Helper] => C:\Users\DaUra\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1552496 2016-06-14] (Spotify Ltd)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [Spotify] => C:\Users\DaUra\AppData\Roaming\Spotify\Spotify.exe [6916208 2016-06-14] (Spotify Ltd)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-05-30] ()
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-10] (Valve Corporation)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [3006952 2016-03-08] (Blizzard Entertainment)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [CCleaner Monitoring] => E:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
Startup: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-01-22] ()
Startup: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader 2.lnk [2016-05-15]
ShortcutTarget: JDownloader 2.lnk ->  (Keine Datei)
GroupPolicyScripts: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{382cd532-40e2-47aa-b9f1-aa0b77315726}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{7ef27578-732e-4352-9e9a-420138f5219e}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7ef27578-732e-4352-9e9a-420138f5219e}: [DhcpNameServer] 192.168.178.1
ManualProxies: 

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-15] (Microsoft Corporation)

Chrome: 
=======
CHR StartupUrls: Default -> ""
CHR Profile: C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-22]
CHR Extension: (Google Docs) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-22]
CHR Extension: (Google Drive) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-22]
CHR Extension: (YouTube) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-22]
CHR Extension: (Adblock Plus) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-01]
CHR Extension: (Google-Suche) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-22]
CHR Extension: (Google Tabellen) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-22]
CHR Extension: (Google Docs Offline) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Google Mail) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-22]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3722912 2015-11-07] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-22] (REALiX(tm))
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-11-03] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-11-03] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2016-01-22] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [40568 2015-12-04] (Tunngle.net)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [462304 2016-01-22] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-14 17:54 - 2016-06-14 17:55 - 00018582 _____ C:\Users\DaUra\Downloads\FRST.txt
2016-06-14 17:54 - 2016-06-14 17:54 - 02385920 _____ (Farbar) C:\Users\DaUra\Downloads\FRST64.exe
2016-06-14 17:54 - 2016-06-14 17:54 - 00000000 ____D C:\FRST
2016-06-14 16:17 - 2016-06-14 16:17 - 00005899 _____ C:\Users\DaUra\Desktop\Pro6.txt
2016-06-14 16:17 - 2016-06-14 16:17 - 00001362 _____ C:\Users\DaUra\Desktop\Pro7.txt
2016-06-14 16:16 - 2016-06-14 16:16 - 00007171 _____ C:\Users\DaUra\Desktop\Pro4.txt
2016-06-14 16:16 - 2016-06-14 16:16 - 00006868 _____ C:\Users\DaUra\Desktop\Pro3.txt
2016-06-14 16:16 - 2016-06-14 16:16 - 00002236 _____ C:\Users\DaUra\Desktop\Pro2.txt
2016-06-14 16:16 - 2016-06-14 16:16 - 00001941 _____ C:\Users\DaUra\Desktop\Pro1.txt
2016-06-14 16:16 - 2016-06-14 16:16 - 00001185 _____ C:\Users\DaUra\Desktop\Pro5.txt
2016-06-12 15:33 - 2016-06-12 15:33 - 00673528 _____ C:\Users\DaUra\Downloads\MAX-OT.pdf
2016-06-12 15:31 - 2016-06-12 15:31 - 00031672 _____ C:\Users\DaUra\Downloads\Markus Rühl_Wettkampf.pdf
2016-06-12 15:31 - 2016-06-12 15:31 - 00030583 _____ C:\Users\DaUra\Downloads\Markus Rühl_Masse.pdf
2016-06-12 15:23 - 2016-06-12 15:23 - 00069628 _____ C:\Users\DaUra\Downloads\KAI GREENE WORKOUT ROUTINE.pdf
2016-06-12 15:19 - 2016-06-12 15:19 - 00034931 _____ C:\Users\DaUra\Downloads\Arnold Schwarzenegger nach Mr. Olympia.pdf
2016-06-12 15:19 - 2016-06-12 15:19 - 00033301 _____ C:\Users\DaUra\Downloads\Arnold Schwarzenegger_Mr Olympia Zeit.pdf
2016-06-11 04:22 - 2016-06-14 16:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-11 04:22 - 2016-06-11 04:22 - 22851472 _____ (Malwarebytes ) C:\Users\DaUra\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-11 04:22 - 2016-06-11 04:22 - 00001171 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-06-11 04:22 - 2016-06-11 04:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-06-11 04:22 - 2016-06-11 04:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-11 04:22 - 2016-06-11 04:22 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-06-11 04:22 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-11 04:22 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-11 04:22 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-11 04:13 - 2016-06-11 04:13 - 02585498 _____ (Macromedia, Inc.) C:\Users\DaUra\Downloads\Ganguro Girl Deluxe.exe
2016-06-05 18:11 - 2016-06-05 18:11 - 00001045 _____ C:\Users\DaUra\Desktop\Wow.exe - Verknüpfung.lnk
2016-06-05 15:22 - 2016-06-05 18:11 - 00000000 ____D C:\World of Warcraft 3.3.5a
2016-06-05 00:06 - 2016-06-05 00:06 - 00008731 _____ C:\Users\DaUra\Documents\hamadin.xlsx
2016-06-02 21:06 - 2016-06-02 21:06 - 00001596 _____ C:\Users\DaUra\Desktop\Game.exe - Verknüpfung.lnk
2016-06-02 19:18 - 2016-06-04 19:05 - 00000000 ____D C:\Program Files (x86)\Diablo II
2016-06-02 19:18 - 2016-06-02 19:18 - 00001194 _____ C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
2016-06-02 19:18 - 2016-06-02 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-06-02 19:12 - 2015-02-01 08:26 - 00000000 ____D C:\Users\DaUra\Desktop\d2bot-with-kolbot-master
2016-06-01 01:20 - 2016-06-01 01:20 - 00002724 _____ C:\Users\DaUra\Desktop\BitTorrent.lnk
2016-06-01 01:20 - 2016-06-01 01:20 - 00002724 _____ C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-06-01 01:19 - 2016-06-05 18:10 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\BitTorrent
2016-06-01 01:16 - 2016-06-01 01:16 - 00000000 ____D C:\Program Files (x86)\D2alt
2016-05-29 15:35 - 2016-05-29 15:35 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-05-24 21:46 - 2016-06-14 15:51 - 00000000 ____D C:\Users\DaUra\AppData\Local\TSVNCache
2016-05-24 17:39 - 2016-05-24 17:39 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Subversion
2016-05-24 17:39 - 2016-05-24 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2016-05-24 17:39 - 2016-05-24 17:39 - 00000000 ____D C:\Program Files\TortoiseSVN
2016-05-24 17:39 - 2016-05-24 17:39 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2016-05-24 17:20 - 2016-06-02 19:23 - 00000000 ____D C:\Users\DaUra\AppData\Local\noah~
2016-05-24 17:16 - 2016-06-02 19:36 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Notepad++
2016-05-24 17:16 - 2016-05-24 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-05-24 17:16 - 2016-05-24 17:16 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-05-22 18:48 - 2016-05-22 19:24 - 00009707 _____ C:\Users\DaUra\Documents\Runen.xlsx
2016-05-21 00:18 - 2016-05-21 00:18 - 00003334 _____ C:\Windows\System32\Tasks\{599228F7-C600-444E-ABC6-AC5B00AD05EC}
2016-05-20 13:15 - 2016-05-20 13:16 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Feedreader
2016-05-20 13:15 - 2016-05-20 13:15 - 00001042 _____ C:\Users\DaUra\Desktop\FeedReader.lnk
2016-05-20 13:15 - 2016-05-20 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader
2016-05-20 13:15 - 2016-05-20 13:15 - 00000000 ____D C:\Program Files (x86)\FeedReader30
2016-05-19 21:57 - 2016-05-19 21:57 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\java
2016-05-19 21:53 - 2016-05-30 23:32 - 00000000 ____D C:\Users\DaUra\Knuddels-Stapp
2016-05-18 18:45 - 2016-05-18 18:45 - 00000000 ____D C:\AdwCleaner
2016-05-17 20:33 - 2016-05-17 21:42 - 00009747 _____ C:\Users\DaUra\Documents\Mappe1.xlsx

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-14 17:54 - 2016-01-22 18:33 - 00000000 ____D C:\Users\DaUra\AppData\Local\Battle.net
2016-06-14 17:51 - 2016-01-31 20:23 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-06-14 17:23 - 2016-01-22 18:28 - 00000000 ____D C:\Users\DaUra\JDownloader v2.0
2016-06-14 17:15 - 2016-01-22 18:00 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-14 17:11 - 2016-01-24 19:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-14 16:28 - 2016-02-24 00:40 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-14 16:28 - 2016-01-22 18:31 - 00000000 ____D C:\Users\DaUra\AppData\Local\Spotify
2016-06-14 15:57 - 2016-01-22 17:40 - 01799166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-14 15:57 - 2015-10-30 20:35 - 00775524 _____ C:\Windows\system32\perfh007.dat
2016-06-14 15:57 - 2015-10-30 20:35 - 00155338 _____ C:\Windows\system32\perfc007.dat
2016-06-14 15:57 - 2015-10-30 09:21 - 00000000 ____D C:\Windows\INF
2016-06-14 15:54 - 2016-01-22 18:31 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Spotify
2016-06-14 15:51 - 2016-01-22 18:33 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-14 15:51 - 2016-01-22 18:00 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-14 15:51 - 2016-01-22 17:32 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-14 15:50 - 2015-10-30 08:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-06-14 15:13 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\AppReadiness
2016-06-14 15:07 - 2016-01-28 20:27 - 00004170 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4C3E66F1-1712-448E-9AAC-85DA865B7FB6}
2016-06-14 01:09 - 2016-02-12 00:10 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\vlc
2016-06-13 23:38 - 2016-03-07 15:27 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-06-13 21:31 - 2016-04-13 17:28 - 00010886 _____ C:\Users\DaUra\Documents\Serien.xlsx
2016-06-13 21:29 - 2016-01-22 18:29 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\TS3Client
2016-06-13 01:47 - 2016-02-12 00:10 - 00000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-06-12 23:39 - 2016-03-15 17:52 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2016-06-12 20:43 - 2016-01-22 17:34 - 00000000 ____D C:\Users\DaUra
2016-06-12 19:42 - 2015-10-30 09:24 - 00000000 ___RD C:\Windows\DevicesFlow
2016-06-11 18:00 - 2016-01-22 18:01 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-11 14:47 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-11 14:16 - 2016-01-22 18:39 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-06-11 04:12 - 2016-01-22 18:01 - 00002468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-01 20:05 - 2016-01-22 18:34 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-05-30 22:31 - 2016-01-22 18:37 - 00000000 ____D C:\Program Files (x86)\TradeSkillMaster Application
2016-05-21 00:18 - 2016-01-22 17:35 - 00000000 ____D C:\Users\DaUra\AppData\Local\VirtualStore
2016-05-19 21:53 - 2016-03-19 22:58 - 00002199 _____ C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Knuddels.lnk
2016-05-19 21:53 - 2016-03-19 22:58 - 00002169 _____ C:\Users\DaUra\Desktop\Knuddels.lnk
2016-05-19 15:33 - 2016-01-22 18:38 - 00000000 ____D C:\Users\DaUra\AppData\Local\Deployment
2016-05-18 18:31 - 2016-03-15 17:43 - 00000735 _____ C:\Users\DaUra\Desktop\CCleaner.lnk
2016-05-15 15:28 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\rescache
2016-05-15 14:51 - 2015-10-30 09:11 - 00000000 ____D C:\Windows\CbsTemp

Einige Dateien in TEMP:
====================
C:\Users\DaUra\AppData\Local\Temp\proxy_vole1889709552150373517.dll
C:\Users\DaUra\AppData\Local\Temp\proxy_vole2503265577649061075.dll
C:\Users\DaUra\AppData\Local\Temp\proxy_vole4513768383092971852.dll
C:\Users\DaUra\AppData\Local\Temp\vlc-2.2.4-win64.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-13 23:18

==================== Ende von FRST.txt ============================

Addition

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-06-2016
durchgeführt von DaUra (2016-06-14 17:55:16)
Gestartet von C:\Users\DaUra\Downloads
Windows 10 Pro Version 1511 (X64) (2016-01-22 15:33:52)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3833861499-410864776-4231530817-500 - Administrator - Disabled)
DaUra (S-1-5-21-3833861499-410864776-4231530817-1001 - Administrator - Enabled) => C:\Users\DaUra
DefaultAccount (S-1-5-21-3833861499-410864776-4231530817-503 - Limited - Disabled)
Gast (S-1-5-21-3833861499-410864776-4231530817-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Anno 1404 Gold Edition Version 1.03 (HKLM-x32\...\{52057027-985F-4455-9D84-46D3D99AB138}_is1) (Version: 1.03 - UBISoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse Client (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FeedReader (HKLM-x32\...\FeedReader_is1) (Version:  - i-Systems Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HOTSLogsUploader (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\99a83d131490dc73) (Version: 1.0.0.12 - HOTSLogsUploader)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Knuddels Desktop App (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Knuddels Desktop App ) (Version: "2014.12.13.0" - "Knuddels Desktop App")
Knuddels Standalone App (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Knuddels App ) (Version: "2015.12.6.0" - "Knuddels App")
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.7.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2016 de Microsoft Office*- Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotify (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Spotify) (Version: 1.0.31.56.g526cfefe - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strumenti di correzione di Microsoft Office 2016 - Italiano (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TortoiseSVN 1.9.4.27285 (64 bit) (HKLM\...\{62C19AB2-8485-4E18-A9D3-EFA612B8AE74}) (Version: 1.9.27285 - TortoiseSVN)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: 0.0.0.0 - Blizzard Entertainment)
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
ZoneAlarm Antivirus (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 14.1.011.000 - Check Point)
ZoneAlarm Security (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3833861499-410864776-4231530817-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\DaUra\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0CC2D585-441C-4857-9EAA-C34513FF706E} - System32\Tasks\CCleanerSkipUAC => E:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {18D85DB1-F625-4973-B160-1B0C6FFF9F32} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {334EDD7E-FBB4-44E4-B641-B32207EFA893} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {60F65E37-71BE-4989-804A-484CB383EABF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
Task: {6905A366-707E-4980-A863-341508058885} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {73B25E31-F6CE-4376-B3A3-2C4EF6D8B437} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {75A90B20-459F-4D48-8ACB-3DF461595D9D} - System32\Tasks\Driver Booster SkipUAC (DaUra) => E:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {7B2976A6-5B88-47E5-8DF1-1B7A93E6C8CD} - System32\Tasks\{599228F7-C600-444E-ABC6-AC5B00AD05EC} => pcalua.exe -a "C:\Program Files (x86)\Diablo II\Diablo II.exe" -d "C:\Program Files (x86)\Diablo II\"
Task: {ABB6FB1C-D485-42F7-8CE8-42FE98275257} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
Task: {CD755F95-D127-468F-9967-16CEAA0CEC63} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {DF6A9EDC-ADC4-44B3-BC19-4E449AFCE740} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {E6CF368E-CCD9-4823-99A6-7B8F57724E71} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\DaUra\Knuddels\Knuddels.lnk -> C:\Users\DaUra\Knuddels\FirefoxPortable\KnuddelsApp.exe (PortableApps.com) -> hxxp://www.knuddels.de/?kgx=&utm_medium=knu-windowsapp&utm_campaign=chromeproj-2015-q1&utm_source=knuddels&utm_content=foldericon-app-start
ShortcutWithArgument: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1465611136&a=1003081&src=sh&uuid=6132599c-e137-47dd-bd52-ad420357d414"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safebrowsing.biz/?ssid=1465611136&a=1003081&src=sh&uuid=6132599c-e137-47dd-bd52-ad420357d414"

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-13 18:18 - 2016-03-29 12:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-13 18:18 - 2016-03-29 12:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-04-24 16:07 - 2016-04-24 16:07 - 00094672 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2016-05-18 00:42 - 2016-05-18 00:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-04-19 18:52 - 2016-04-19 18:52 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-22 17:40 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 02:06 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 02:06 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 02:06 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 02:07 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 02:07 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-20 13:15 - 2009-03-29 11:30 - 02058240 _____ () C:\Program Files (x86)\FeedReader30\feedreader.exe
2016-06-10 17:53 - 2016-06-10 17:53 - 01371624 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\Battle.net Helper.exe
2012-09-13 01:38 - 2012-09-13 01:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-06-14 15:52 - 2016-06-14 15:52 - 00040448 _____ () C:\Users\DaUra\AppData\Local\Temp\proxy_vole4513768383092971852.dll
2016-06-14 15:52 - 2016-06-14 15:52 - 00566439 _____ () C:\Users\DaUra\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2016-06-14 15:52 - 2016-06-14 15:52 - 04078962 _____ () C:\Users\DaUra\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2015-11-03 07:42 - 2015-11-03 07:42 - 00794920 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
2016-04-19 18:52 - 2016-04-19 18:52 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 18:52 - 2016-04-19 18:52 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-24 00:41 - 2016-04-29 22:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-02-24 00:41 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-02-24 00:41 - 2016-06-10 00:24 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2016-02-24 00:41 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-02-24 00:41 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-02-24 00:41 - 2016-02-09 01:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-02-24 00:41 - 2016-02-09 01:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-02-24 00:41 - 2016-02-09 01:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-02-24 00:41 - 2016-02-09 01:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-02-24 00:41 - 2016-02-09 01:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-02-24 00:41 - 2016-06-10 00:24 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-10 02:57 - 2016-02-18 00:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-02-24 00:41 - 2016-06-01 02:21 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 37241856 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\libcef.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 00293040 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\ortp.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\libEGL.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\libGLESv2.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\libglesv2.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\libegl.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 01:39 - 2012-09-13 01:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 00984576 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\ffmpegsumo.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 09:24 - 2015-10-30 09:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3833861499-410864776-4231530817-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DaUra\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{05923A5F-7836-449A-9979-62B10BE40D5D}C:\users\daura\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daura\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{CAE5DB22-CBA5-4E7B-BFFC-DAE7C385519F}C:\users\daura\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daura\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D50AE756-AC3C-46B8-BAAA-9DCA6123B494}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{C3E62EEA-8168-4A4F-9C29-43707D745966}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{6C7435BC-D675-4B6B-9E32-957023C9C243}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C172DA42-C74B-42E9-A4A4-063647DA3266}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A0CFC56-F4D9-419B-B673-278C03BA8882}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D935A0D-020F-4573-893A-86717E636426}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F216EF38-9E59-4E2A-8217-7FD6F55309EE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F02E1F8F-20CD-4431-8CAB-65073DA9AE74}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{58AC2EF9-9F36-428B-A2A5-B00F7EA75231}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CEBE63D5-0BB6-427F-94F8-60C2558A566A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E36128C2-FEE5-4086-A85E-0BADA00C8538}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BFE6F5CA-C8FA-4A05-BE2E-47FF61C72513}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6C772914-A160-4DAB-8C36-E27E749E29CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4214CA99-6595-497D-9BD5-8B5772A5252A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{C206BA72-5071-4DE4-A7DC-4931AABD2507}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{5E54755F-0C02-43ED-9845-D73923570A6F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{FB84C192-840F-47D1-BCA7-13DEF346ACAE}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [TCP Query User{E564A686-8D4C-4152-9999-191CA27D5FDF}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{D3A03447-8D65-42FD-BD7E-BD9D27990563}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{712EF737-CB22-4C82-B312-6AE95BCD85A8}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{2517CAEB-BD1C-440F-A834-5E05D1FBA365}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{DE6A4976-7110-4775-8973-D7EE8D2A7E56}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{4A5428EA-25B7-4ECC-9294-21E8EE5DDDE2}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{11831A31-9F14-4D86-84A4-E71EBEF3BC5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{B8039524-A977-4B20-9467-BF164B58E01E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8470AFCE-464D-4D25-A870-C20EFE53E52A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D1565DBA-DF16-4443-BAEC-B1C4A65284E0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{92DEE86A-5FCE-41F5-A860-E24323F4C536}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{4D055F58-CF56-49C2-8F23-555057622DEA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{7E6877DB-2473-421E-B01F-FAA96BEF21A1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{1D07CBAB-A33F-48E2-94E7-DB2E9DDE1BB0}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{271033F8-6B73-421C-9F42-D17257DCAA8A}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{A9410D6C-0710-4F66-AEBC-A3EDAA10D02B}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{6C624B5A-E248-4936-A841-7966BA413C59}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{D21711BA-2DC6-44BF-8FF7-1BACBDDA4BE6}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{64E30B58-4927-44B3-BBB1-56E24F4DC2FA}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{75AD3178-3A90-4D63-BB09-4F1F380E9952}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{72FCF239-9821-4D38-B177-3B08A850EE25}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{12DF495F-A81F-4021-B50B-112003405A98}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{970B9B86-D9B6-481D-894E-D67657B50BFB}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{53DCEA20-76A1-4607-8EB9-51327491209A}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{589D5CB7-46E5-44D4-959C-EFA94E7111C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{27F588BB-A753-4A8B-B40F-23EF394C88CB}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{994B2B6B-441A-4F3B-A281-F510FDB188AD}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{525B2FFD-D3C6-423F-8126-A59B565944B0}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{492227D0-4B61-4BFC-A317-379BBDA574C0}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe

==================== Wiederherstellungspunkte =========================

24-05-2016 17:38:34 Installed TortoiseSVN 1.9.4.27285 (64 bit)
02-06-2016 22:07:23 Geplanter Prüfpunkt
13-06-2016 23:29:49 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/13/2016 11:29:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (06/13/2016 11:18:45 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/13/2016 12:11:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10586.306, Zeitstempel: 0x571afaa5
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af976
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000320ae1
ID des fehlerhaften Prozesses: 0x1dc8
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5

Error: (06/13/2016 01:12:48 AM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}

Error: (06/13/2016 01:12:48 AM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}

Error: (06/12/2016 12:46:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FASB6LE)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (06/12/2016 12:44:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FASB6LE)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147022986. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (06/12/2016 12:44:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FASB6LE)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (06/12/2016 12:44:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FASB6LE)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147022986. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (06/12/2016 12:44:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FASB6LE)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (06/14/2016 03:49:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_1e626cd" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/14/2016 03:49:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _1e626cd" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/14/2016 03:49:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_1e626cd" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/14/2016 03:49:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_1e626cd" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/14/2016 03:49:31 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/14/2016 01:33:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_13002f9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/14/2016 01:33:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _13002f9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/14/2016 01:33:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_13002f9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/14/2016 01:33:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_13002f9" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/14/2016 01:33:52 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


CodeIntegrity:
===================================
  Date: 2016-05-15 23:16:54.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 15:36:56.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 18:28:52.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-22 19:14:49.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-17 18:21:11.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-17 01:33:54.583
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-17 00:06:41.688
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 14:16:07.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 14:16:06.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 16:41:28.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: AMD Athlon(tm) II X4 640 Processor
Prozentuale Nutzung des RAM: 38%
Installierter physikalischer RAM: 8189.16 MB
Verfügbarer physikalischer RAM: 5060.08 MB
Summe virtueller Speicher: 9469.16 MB
Verfügbarer virtueller Speicher: 5817.88 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.4 GB) (Free:38.42 GB) NTFS
Drive e: () (Fixed) (Total:596.17 GB) (Free:478.59 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 39D295D9)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: F98D6E74)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

Danyelz · 14.06.2016, 17:09

Code:

ATTFilter

17:57:40.0894 0x06f0  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
17:57:47.0997 0x06f0  ============================================================
17:57:47.0997 0x06f0  Current date / time: 2016/06/14 17:57:47.0997
17:57:47.0997 0x06f0  SystemInfo:
17:57:47.0997 0x06f0  
17:57:47.0997 0x06f0  OS Version: 10.0.10586 ServicePack: 0.0
17:57:47.0997 0x06f0  Product type: Workstation
17:57:47.0997 0x06f0  ComputerName: DESKTOP-FASB6LE
17:57:47.0998 0x06f0  UserName: DaUra
17:57:47.0998 0x06f0  Windows directory: C:\Windows
17:57:47.0998 0x06f0  System windows directory: C:\Windows
17:57:47.0998 0x06f0  Running under WOW64
17:57:47.0998 0x06f0  Processor architecture: Intel x64
17:57:47.0998 0x06f0  Number of processors: 4
17:57:47.0998 0x06f0  Page size: 0x1000
17:57:47.0998 0x06f0  Boot type: Normal boot
17:57:47.0998 0x06f0  ============================================================
17:57:48.0143 0x06f0  KLMD registered as C:\Windows\system32\drivers\38145087.sys
17:57:48.0365 0x06f0  System UUID: {2346D614-5119-CCDC-4B78-9945C46F5FF7}
17:57:49.0104 0x06f0  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:57:49.0104 0x06f0  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:57:49.0191 0x06f0  ============================================================
17:57:49.0191 0x06f0  \Device\Harddisk0\DR0:
17:57:49.0191 0x06f0  MBR partitions:
17:57:49.0191 0x06f0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000
17:57:49.0191 0x06f0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFA800, BlocksNum 0x1D0CA800
17:57:49.0191 0x06f0  \Device\Harddisk1\DR1:
17:57:49.0192 0x06f0  MBR partitions:
17:57:49.0192 0x06f0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
17:57:49.0192 0x06f0  ============================================================
17:57:49.0193 0x06f0  C: <-> \Device\Harddisk0\DR0\Partition2
17:57:49.0216 0x06f0  E: <-> \Device\Harddisk1\DR1\Partition1
17:57:49.0216 0x06f0  ============================================================
17:57:49.0216 0x06f0  Initialize success
17:57:49.0216 0x06f0  ============================================================
17:58:10.0622 0x0dbc  ============================================================
17:58:10.0622 0x0dbc  Scan started
17:58:10.0622 0x0dbc  Mode: Manual; SigCheck; TDLFS; 
17:58:10.0622 0x0dbc  ============================================================
17:58:10.0622 0x0dbc  KSN ping started
17:58:12.0992 0x0dbc  KSN ping finished: true
17:58:13.0542 0x0dbc  ================ Scan system memory ========================
17:58:13.0542 0x0dbc  System memory - ok
17:58:13.0542 0x0dbc  ================ Scan services =============================
17:58:13.0600 0x0dbc  [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
17:58:13.0665 0x0dbc  1394ohci - ok
17:58:13.0682 0x0dbc  [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware           C:\Windows\system32\drivers\3ware.sys
17:58:13.0696 0x0dbc  3ware - ok
17:58:13.0713 0x0dbc  [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:58:13.0740 0x0dbc  ACPI - ok
17:58:13.0749 0x0dbc  [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
17:58:13.0764 0x0dbc  acpiex - ok
17:58:13.0770 0x0dbc  [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
17:58:13.0785 0x0dbc  acpipagr - ok
17:58:13.0790 0x0dbc  [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
17:58:13.0806 0x0dbc  AcpiPmi - ok
17:58:13.0812 0x0dbc  [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime        C:\Windows\System32\drivers\acpitime.sys
17:58:13.0827 0x0dbc  acpitime - ok
17:58:13.0855 0x0dbc  [ 6A050671F2C76FB48131F12786802807, 71B37A9CEAE5AB1B069FB010BC547E14445461885B74FA879E63F9F2DAF644A5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:58:13.0869 0x0dbc  AdobeFlashPlayerUpdateSvc - ok
17:58:13.0901 0x0dbc  [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
17:58:13.0944 0x0dbc  ADP80XX - ok
17:58:13.0966 0x0dbc  [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD             C:\Windows\system32\drivers\afd.sys
17:58:13.0993 0x0dbc  AFD - ok
17:58:14.0000 0x0dbc  [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:58:14.0014 0x0dbc  agp440 - ok
17:58:14.0024 0x0dbc  [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
17:58:14.0048 0x0dbc  ahcache - ok
17:58:14.0054 0x0dbc  [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter        C:\Windows\System32\AJRouter.dll
17:58:14.0070 0x0dbc  AJRouter - ok
17:58:14.0077 0x0dbc  [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG             C:\Windows\System32\alg.exe
17:58:14.0096 0x0dbc  ALG - ok
17:58:14.0107 0x0dbc  [ E8F80A10FD97B19F7D940A481BDADF03, AFB15BD8D4EDCBB7BB85282A5082785BECC912BEA3DCF2F0952383CE5B993A70 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:58:14.0125 0x0dbc  AMD External Events Utility - ok
17:58:14.0133 0x0dbc  [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
17:58:14.0154 0x0dbc  AmdK8 - ok
17:58:14.0160 0x0dbc  [ 66CD2F9A6AD1B720E448053B5CE6F3A4, D9156F311E36297BE63A5BE8E41AA2E6C32AA5A9BD188C4BC6D804BA39F71E15 ] amdkmafd        C:\Windows\system32\drivers\amdkmafd.sys
17:58:14.0181 0x0dbc  amdkmafd - ok
17:58:14.0186 0x0dbc  amdkmdag - ok
17:58:14.0207 0x0dbc  [ B165D9E6CE1EA2B2D5276E9C96AA78A3, 2B5E5DEC056CB94825D64799166C6E377983518D42A24CB1B8F06AE702544C0C ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:58:14.0236 0x0dbc  amdkmdap - ok
17:58:14.0245 0x0dbc  [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
17:58:14.0264 0x0dbc  AmdPPM - ok
17:58:14.0271 0x0dbc  [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:58:14.0284 0x0dbc  amdsata - ok
17:58:14.0295 0x0dbc  [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:58:14.0313 0x0dbc  amdsbs - ok
17:58:14.0319 0x0dbc  [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:58:14.0330 0x0dbc  amdxata - ok
17:58:14.0339 0x0dbc  [ EDDB0D726DBECDFC1DBCC6DB464E5A13, 98D128D1E6FA270ED9ADBFE50078F68A794C00D4CBB86E28EC6161FFAD0CA8FF ] AppID           C:\Windows\system32\drivers\appid.sys
17:58:14.0356 0x0dbc  AppID - ok
17:58:14.0362 0x0dbc  [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:58:14.0383 0x0dbc  AppIDSvc - ok
17:58:14.0391 0x0dbc  [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo         C:\Windows\System32\appinfo.dll
17:58:14.0412 0x0dbc  Appinfo - ok
17:58:14.0422 0x0dbc  [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:58:14.0431 0x0dbc  Apple Mobile Device Service - ok
17:58:14.0441 0x0dbc  [ B4AE5296C9597F45E1CFE0B1DBE7739E, C9DCA8EF32720D68119CC23DF4BCD783FFB5F999D14EDCC7937D17C590323B4B ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:58:14.0463 0x0dbc  AppMgmt - ok
17:58:14.0479 0x0dbc  [ 610499A73DF3599608EBB6B3F9929052, A9CA49C4A39A825916AB3791090BCFC7044FDB6B2C3538E01F0CFBC2A9931152 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
17:58:14.0510 0x0dbc  AppReadiness - ok
17:58:14.0575 0x0dbc  [ 087FBBC026DCC0F693E91079B9901B7E, 544DEC1255923DBDC8351B6CE2220FBC9929F2FFE52C91062C23DE7734DA7A2F ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
17:58:14.0660 0x0dbc  AppXSvc - ok
17:58:14.0671 0x0dbc  [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:58:14.0685 0x0dbc  arcsas - ok
17:58:14.0691 0x0dbc  [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac        C:\Windows\System32\drivers\asyncmac.sys
17:58:14.0715 0x0dbc  AsyncMac - ok
17:58:14.0721 0x0dbc  [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:58:14.0732 0x0dbc  atapi - ok
17:58:14.0742 0x0dbc  [ 2A38B5218A7BE3CE0E0B3D92E3844782, 2B0799EF6E5A5EE65AC91E394F6C0EDE95067BB96567FD25DA0C003F9FB7E84E ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWT6.sys
17:58:14.0757 0x0dbc  AtiHDAudioService - ok
17:58:14.0768 0x0dbc  [ 42BF7FA295F453618104B5A50BEE105B, AB44BA2AD2FC5AF3B6BE4489C444C03FD1AB02C22109BF5F39BE459294C4CB18 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
17:58:14.0792 0x0dbc  AudioEndpointBuilder - ok
17:58:14.0820 0x0dbc  [ 2A2C0983B6FE62F02E7183335B1F5C20, 07845269FE72894D31D3FC927EECE26333AE9A2149A995DA4AE007276B05C647 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:58:14.0870 0x0dbc  Audiosrv - ok
17:58:14.0879 0x0dbc  [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:58:14.0900 0x0dbc  AxInstSV - ok
17:58:14.0917 0x0dbc  [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:58:14.0942 0x0dbc  b06bdrv - ok
17:58:14.0949 0x0dbc  [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
17:58:14.0964 0x0dbc  BasicDisplay - ok
17:58:14.0970 0x0dbc  [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
17:58:14.0986 0x0dbc  BasicRender - ok
17:58:14.0993 0x0dbc  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\Windows\System32\drivers\bcmfn.sys
17:58:15.0008 0x0dbc  bcmfn - ok
17:58:15.0013 0x0dbc  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
17:58:15.0027 0x0dbc  bcmfn2 - ok
17:58:15.0040 0x0dbc  [ F374C27099807E99A156953F8416D34A, D267B8CD837290F9FC6B4FFD2DB8F54867D808FB155698FC7713BCAB3AE475B5 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:58:15.0066 0x0dbc  BDESVC - ok
17:58:15.0072 0x0dbc  [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:58:15.0087 0x0dbc  Beep - ok
17:58:15.0110 0x0dbc  [ 37F5E2385CB4D10AB42186974B9C241A, D38FA2B8CE19AC32056060F04B04D031F1621C07528DEDCCD5A8C01AB0A35995 ] BFE             C:\Windows\System32\bfe.dll
17:58:15.0149 0x0dbc  BFE - ok
17:58:15.0179 0x0dbc  [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS            C:\Windows\System32\qmgr.dll
17:58:15.0231 0x0dbc  BITS - ok
17:58:15.0247 0x0dbc  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:58:15.0264 0x0dbc  Bonjour Service - ok
17:58:15.0272 0x0dbc  [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:58:15.0289 0x0dbc  bowser - ok
17:58:15.0308 0x0dbc  [ 492FB85E61768950CDD27C87AED6E8FA, 1BFF11D899581E406D1AB5F2C66C9D816161ECF4B81AAACCCA3663875E86C0A5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
17:58:15.0341 0x0dbc  BrokerInfrastructure - ok
17:58:15.0350 0x0dbc  [ A617BE5E429A035A1CA8217C1B16F0BB, 197EE6C6EB22FF8A626540886F5A2163CC4CB177504C5423856F54BF01EB0FF1 ] Browser         C:\Windows\System32\browser.dll
17:58:15.0368 0x0dbc  Browser - ok
17:58:15.0374 0x0dbc  [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
17:58:15.0390 0x0dbc  BthAvrcpTg - ok
17:58:15.0397 0x0dbc  [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
17:58:15.0413 0x0dbc  BthHFEnum - ok
17:58:15.0419 0x0dbc  [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
17:58:15.0433 0x0dbc  bthhfhid - ok
17:58:15.0446 0x0dbc  [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
17:58:15.0470 0x0dbc  BthHFSrv - ok
17:58:15.0477 0x0dbc  [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
17:58:15.0494 0x0dbc  BTHMODEM - ok
17:58:15.0503 0x0dbc  [ 7A177E18AA6A6A6365E6351C2BF8EDAE, A35224A20014B1215A6824AE5E17B8869A775EA272EF7F25EAFFA18733F8D09D ] bthserv         C:\Windows\system32\bthserv.dll
17:58:15.0521 0x0dbc  bthserv - ok
17:58:15.0542 0x0dbc  [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\Windows\System32\drivers\buttonconverter.sys
17:58:15.0556 0x0dbc  buttonconverter - ok
17:58:15.0564 0x0dbc  [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg          C:\Windows\System32\drivers\capimg.sys
17:58:15.0582 0x0dbc  CapImg - ok
17:58:15.0589 0x0dbc  [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:58:15.0606 0x0dbc  cdfs - ok
17:58:15.0617 0x0dbc  [ 0A92DC116CFC7F6BE8167DD25CB925CC, 50CAC7BE14FF69B10C029E049F7C441A5572540F027F95F940B185C76C689409 ] CDPSvc          C:\Windows\System32\CDPSvc.dll
17:58:15.0642 0x0dbc  CDPSvc - ok
17:58:15.0651 0x0dbc  [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
17:58:15.0670 0x0dbc  cdrom - ok
17:58:15.0680 0x0dbc  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:58:15.0703 0x0dbc  CertPropSvc - ok
17:58:15.0710 0x0dbc  [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass        C:\Windows\System32\drivers\circlass.sys
17:58:15.0726 0x0dbc  circlass - ok
17:58:15.0739 0x0dbc  [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
17:58:15.0760 0x0dbc  CLFS - ok
17:58:15.0779 0x0dbc  [ F7526C133AC265F283012E9CD751F873, 6AABDD92FD880F49F63C1CC478C3D8291AF670802CEC58B32730E7675D858D88 ] ClipSVC         C:\Windows\System32\ClipSVC.dll
17:58:15.0807 0x0dbc  ClipSVC - ok
17:58:15.0823 0x0dbc  [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
17:58:15.0838 0x0dbc  CmBatt - ok
17:58:15.0856 0x0dbc  [ 3B866F8CB10719A5AF9E410B1B149714, B0A32B526290ED8E1DD93C70AB49DD417B82CA23D6B815163131247091D61DBA ] CNG             C:\Windows\system32\Drivers\cng.sys
17:58:15.0883 0x0dbc  CNG - ok
17:58:15.0890 0x0dbc  [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist     C:\Windows\system32\DRIVERS\cnghwassist.sys
17:58:15.0902 0x0dbc  cnghwassist - ok
17:58:15.0920 0x0dbc  [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus    C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
17:58:15.0935 0x0dbc  CompositeBus - ok
17:58:15.0940 0x0dbc  COMSysApp - ok
17:58:15.0947 0x0dbc  [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv          C:\Windows\system32\drivers\condrv.sys
17:58:15.0959 0x0dbc  condrv - ok
17:58:15.0980 0x0dbc  [ 86BE19C6A177AEB93302EA5C4FBE2D11, 5404AB84D270549B1A46574EBDC857525F71B117BE3BA0098FA0A696E56D5C39 ] CoreMessagingRegistrar C:\Windows\system32\coremessaging.dll
17:58:16.0013 0x0dbc  CoreMessagingRegistrar - ok
17:58:16.0026 0x0dbc  [ 2CE0D74AED86A372997E9D77AE10B9F5, 1AFAA22C68FD0B81F73CE0EB763AD77AB97E78916752843A5056E1352F0FEA82 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:58:16.0047 0x0dbc  CryptSvc - ok
17:58:16.0065 0x0dbc  [ 5D578EAAFB6FD4F59523E5878B541296, 73573124787B79179880AFAF9CB8427237A1605A9F13D7783228DE24D18963C0 ] CSC             C:\Windows\system32\drivers\csc.sys
17:58:16.0097 0x0dbc  CSC - ok
17:58:16.0119 0x0dbc  [ 5F07CCEE514894C9474AEDCA50B6C2C7, 38F54897C91A2E7D80D00852CEB173B26E822D7C68F35D31228245F811E028A8 ] CscService      C:\Windows\System32\cscsvc.dll
17:58:16.0157 0x0dbc  CscService - ok
17:58:16.0165 0x0dbc  [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam             C:\Windows\system32\drivers\dam.sys
17:58:16.0178 0x0dbc  dam - ok
17:58:16.0205 0x0dbc  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:58:16.0250 0x0dbc  DcomLaunch - ok
17:58:16.0260 0x0dbc  [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc          C:\Windows\system32\dcpsvc.dll
17:58:16.0286 0x0dbc  DcpSvc - ok
17:58:16.0303 0x0dbc  [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:58:16.0339 0x0dbc  defragsvc - ok
17:58:16.0354 0x0dbc  [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\Windows\system32\das.dll
17:58:16.0383 0x0dbc  DeviceAssociationService - ok
17:58:16.0392 0x0dbc  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
17:58:16.0416 0x0dbc  DeviceInstall - ok
17:58:16.0422 0x0dbc  [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker  C:\Windows\system32\DevQueryBroker.dll
17:58:16.0437 0x0dbc  DevQueryBroker - ok
17:58:16.0445 0x0dbc  [ 935823F79CBEDB91637B63D37E3A5A36, BE9A46F1CA631B9252C71758901D55456DC3C143053003D9FA7D67811A1E5026 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
17:58:16.0463 0x0dbc  Dfsc - ok
17:58:16.0471 0x0dbc  [ D722BC26F7431A4DA9A183E56CA9FEE3, 86AB717431CB3DDAF6213A1CFE8DF3684080BAAD569731A90AA1AA198E97506D ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
17:58:16.0483 0x0dbc  dg_ssudbus - ok
17:58:16.0512 0x0dbc  [ 5841A361D28069DFC82E1E98040FDC3F, 3A48DB7ADE90654242CB54DAD07F5FF0CD5CABF372C50D5B2C4D7AED068986E1 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:58:16.0537 0x0dbc  Dhcp - ok
17:58:16.0544 0x0dbc  [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
17:58:16.0560 0x0dbc  diagnosticshub.standardcollector.service - ok
17:58:16.0598 0x0dbc  [ 15D174719872A30F2FDD6B5B1B8BA5D9, B0E6FF6FC47B731C204F110D4B768231906B144B31F602ECE8EAC24D70BA880D ] DiagTrack       C:\Windows\system32\diagtrack.dll
17:58:16.0652 0x0dbc  DiagTrack - ok
17:58:16.0662 0x0dbc  [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk            C:\Windows\system32\drivers\disk.sys
17:58:16.0676 0x0dbc  disk - ok
17:58:16.0687 0x0dbc  [ 49F069E2D22F33955A69D44DFD1B5179, 739C52C7B961BA683E8C7CCDB0E95423C17561B2F1F506BAE923DC53DB96B067 ] DmEnrollmentSvc C:\Windows\system32\Windows.Internal.Management.dll
17:58:16.0714 0x0dbc  DmEnrollmentSvc - ok
17:58:16.0721 0x0dbc  [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
17:58:16.0736 0x0dbc  dmvsc - ok
17:58:16.0742 0x0dbc  [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\Windows\system32\dmwappushsvc.dll
17:58:16.0761 0x0dbc  dmwappushservice - ok
17:58:16.0773 0x0dbc  [ 5839A317C25F70979433E0905DFABB1B, 7F1CD50C77A33A10259D8A208A355BE7ECAFEA69F810AD908EF8878A792741AF ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:58:16.0797 0x0dbc  Dnscache - ok
17:58:16.0810 0x0dbc  [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc         C:\Windows\System32\dot3svc.dll
17:58:16.0835 0x0dbc  dot3svc - ok
17:58:16.0844 0x0dbc  [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS             C:\Windows\system32\dps.dll
17:58:16.0864 0x0dbc  DPS - ok
17:58:16.0871 0x0dbc  [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud         C:\Windows\System32\drivers\drmkaud.sys
17:58:16.0882 0x0dbc  drmkaud - ok
17:58:16.0892 0x0dbc  [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
17:58:16.0913 0x0dbc  DsmSvc - ok
17:58:16.0921 0x0dbc  [ FBC8C56814642A7CA88ACBCA8DD1121F, 108690704A359991C3D6577477E232F5F2F46B36DF6B4B0738A893EF05D7D4EB ] DsSvc           C:\Windows\System32\DsSvc.dll
17:58:16.0940 0x0dbc  DsSvc - ok
17:58:16.0987 0x0dbc  [ 48D8729FACC784900B831212AE56F824, 6AAE1E78B84D0C12B99BE050B787AA167E6BA0B5AA621BEE0DB5312A4771DA63 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:58:17.0050 0x0dbc  DXGKrnl - ok
17:58:17.0060 0x0dbc  [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost         C:\Windows\System32\eapsvc.dll
17:58:17.0082 0x0dbc  Eaphost - ok
17:58:17.0158 0x0dbc  [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:58:17.0257 0x0dbc  ebdrv - ok
17:58:17.0269 0x0dbc  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS             C:\Windows\System32\lsass.exe
17:58:17.0283 0x0dbc  EFS - ok
17:58:17.0290 0x0dbc  [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
17:58:17.0303 0x0dbc  EhStorClass - ok
17:58:17.0311 0x0dbc  [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
17:58:17.0326 0x0dbc  EhStorTcgDrv - ok
17:58:17.0333 0x0dbc  [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode    C:\Windows\System32\embeddedmodesvc.dll
17:58:17.0353 0x0dbc  embeddedmode - ok
17:58:17.0365 0x0dbc  [ 062152DD5B225518A991DFCD8536770C, 5C8EF4E0C7DE3B24387FF239A8D0CDA39C2376826F16EAFF09739A6C7EDA01E0 ] EntAppSvc       C:\Windows\system32\EnterpriseAppMgmtSvc.dll
17:58:17.0390 0x0dbc  EntAppSvc - ok
17:58:17.0395 0x0dbc  [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev          C:\Windows\System32\drivers\errdev.sys
17:58:17.0411 0x0dbc  ErrDev - ok
17:58:17.0431 0x0dbc  [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem     C:\Windows\system32\es.dll
17:58:17.0462 0x0dbc  EventSystem - ok
17:58:17.0475 0x0dbc  [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:58:17.0499 0x0dbc  exfat - ok
17:58:17.0512 0x0dbc  [ C330883C06E2D4CE4F6982F048265D37, 26044DE176056B7F5BF2A50A659243CFD7F25CFEE035B3A3C3165B3699872926 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:58:17.0532 0x0dbc  fastfat - ok
17:58:17.0553 0x0dbc  [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax             C:\Windows\system32\fxssvc.exe
17:58:17.0588 0x0dbc  Fax - ok
17:58:17.0595 0x0dbc  [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc             C:\Windows\System32\drivers\fdc.sys
17:58:17.0611 0x0dbc  fdc - ok
17:58:17.0617 0x0dbc  [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:58:17.0636 0x0dbc  fdPHost - ok
17:58:17.0641 0x0dbc  [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub        C:\Windows\system32\fdrespub.dll
17:58:17.0661 0x0dbc  FDResPub - ok
17:58:17.0668 0x0dbc  [ 3E78BEC276DA5A062E4D55F3291B3463, 62983457F506C70D1F89F527AB61C1C0F4D1B002631256A2708F9AF092A8C95E ] fhsvc           C:\Windows\system32\fhsvc.dll
17:58:17.0691 0x0dbc  fhsvc - ok
17:58:17.0699 0x0dbc  [ 8F2523C9D8F1448FF2156452AF60FA00, 1D39CA54F5F1E62385D9EC041F9445BDDCB63740859B9418AE904FDF3D8388ED ] FileCrypt       C:\Windows\system32\drivers\filecrypt.sys
17:58:17.0715 0x0dbc  FileCrypt - ok
17:58:17.0722 0x0dbc  [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:58:17.0735 0x0dbc  FileInfo - ok
17:58:17.0740 0x0dbc  [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:58:17.0760 0x0dbc  Filetrace - ok
17:58:17.0766 0x0dbc  [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
17:58:17.0781 0x0dbc  flpydisk - ok
17:58:17.0795 0x0dbc  [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:58:17.0816 0x0dbc  FltMgr - ok
17:58:17.0856 0x0dbc  [ 4387DE200BF8DD0E2EE828E655434B9A, 9148D65E54663EEC139E754091F47ABF439A637BEA83F600D30736522DAA845D ] FontCache       C:\Windows\system32\FntCache.dll
17:58:17.0927 0x0dbc  FontCache - ok
17:58:17.0936 0x0dbc  [ E79DAC43A5E191FC4DDB04197A704BFA, 2FA6C8B5B2DFE66C05828E3F55DFD6268A8210E9BD083F2D09367AD59AF1C6C1 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:58:17.0948 0x0dbc  FontCache3.0.0.0 - ok
17:58:17.0954 0x0dbc  [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:58:17.0968 0x0dbc  FsDepends - ok
17:58:17.0975 0x0dbc  [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:58:17.0987 0x0dbc  Fs_Rec - ok
17:58:18.0005 0x0dbc  [ 50DFE05C698E9B0A63D95E3D669A105C, 3A7D5AE4A01B90C2ECF22AD2783A84C2329EAB9BACFA5237A7DCC3DC5995A864 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:58:18.0033 0x0dbc  fvevol - ok
17:58:18.0042 0x0dbc  [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:58:18.0054 0x0dbc  gagp30kx - ok
17:58:18.0060 0x0dbc  [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
17:58:18.0075 0x0dbc  gencounter - ok
17:58:18.0080 0x0dbc  [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn    C:\Windows\System32\drivers\genericusbfn.sys
17:58:18.0094 0x0dbc  genericusbfn - ok
17:58:18.0103 0x0dbc  [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
17:58:18.0119 0x0dbc  GPIOClx0101 - ok
17:58:18.0153 0x0dbc  [ B55458A83395A2CFD4E745E9EC4AB5F2, EAB06B089D8A7DBC9AE2A1C919B489911690D341013A5F8F906819C68431CA85 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:58:18.0215 0x0dbc  gpsvc - ok
17:58:18.0223 0x0dbc  [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv    C:\Windows\system32\drivers\gpuenergydrv.sys
17:58:18.0241 0x0dbc  GpuEnergyDrv - ok
17:58:18.0249 0x0dbc  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:58:18.0260 0x0dbc  gupdate - ok
17:58:18.0267 0x0dbc  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:58:18.0276 0x0dbc  gupdatem - ok
17:58:18.0290 0x0dbc  [ 0F93EBE9071A6BB1548BF0F816EEA24B, 79A99544C00F59996980D299BFACA0463D86158BFA51C8045CE4FF4951779A44 ] HdAudAddService C:\Windows\system32\DRIVERS\HdAudio.sys
17:58:18.0318 0x0dbc  HdAudAddService - ok
17:58:18.0324 0x0dbc  [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
17:58:18.0342 0x0dbc  HDAudBus - ok
17:58:18.0347 0x0dbc  [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
17:58:18.0361 0x0dbc  HidBatt - ok
17:58:18.0368 0x0dbc  [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
17:58:18.0386 0x0dbc  HidBth - ok
17:58:18.0392 0x0dbc  [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
17:58:18.0407 0x0dbc  hidi2c - ok
17:58:18.0414 0x0dbc  [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt    C:\Windows\System32\drivers\hidinterrupt.sys
17:58:18.0426 0x0dbc  hidinterrupt - ok
17:58:18.0432 0x0dbc  [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr           C:\Windows\System32\drivers\hidir.sys
17:58:18.0450 0x0dbc  HidIr - ok
17:58:18.0456 0x0dbc  [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv         C:\Windows\system32\hidserv.dll
17:58:18.0471 0x0dbc  hidserv - ok
17:58:18.0477 0x0dbc  [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
17:58:18.0493 0x0dbc  HidUsb - ok
17:58:18.0505 0x0dbc  [ 7CEC266216126BC9A0E1072E1A7E5702, 6B2C0768C8F2590E65B9520D266C07D1A9D89B9E185CC359B0453F399836759F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:58:18.0528 0x0dbc  HomeGroupListener - ok
17:58:18.0543 0x0dbc  [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:58:18.0574 0x0dbc  HomeGroupProvider - ok
17:58:18.0581 0x0dbc  [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:58:18.0594 0x0dbc  HpSAMD - ok
17:58:18.0623 0x0dbc  [ 63C3F74DC398A1C1A77E39DFB9C312CA, 283A13899838B4313BFBC406E832042696C549640A1AB11E23C0B9E499289836 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:58:18.0661 0x0dbc  HTTP - ok
17:58:18.0685 0x0dbc  [ E5805896A55D4166C20F216249F40FA3, F426BF60D5B916E7A778EF24C49FE1FFE1B2977C2ABD2977FD5C38C6E6CB139F ] HWiNFO32        C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
17:58:18.0693 0x0dbc  HWiNFO32 - ok
17:58:18.0698 0x0dbc  [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:58:18.0711 0x0dbc  hwpolicy - ok
17:58:18.0716 0x0dbc  [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
17:58:18.0731 0x0dbc  hyperkbd - ok
17:58:18.0738 0x0dbc  [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
17:58:18.0757 0x0dbc  i8042prt - ok
17:58:18.0765 0x0dbc  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\Windows\System32\drivers\iai2c.sys
17:58:18.0783 0x0dbc  iai2c - ok
17:58:18.0792 0x0dbc  [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C    C:\Windows\System32\drivers\iaLPSS2i_I2C.sys
17:58:18.0812 0x0dbc  iaLPSS2i_I2C - ok
17:58:18.0818 0x0dbc  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
17:58:18.0828 0x0dbc  iaLPSSi_GPIO - ok
17:58:18.0836 0x0dbc  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
17:58:18.0854 0x0dbc  iaLPSSi_I2C - ok
17:58:18.0874 0x0dbc  [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
17:58:18.0902 0x0dbc  iaStorAV - ok
17:58:18.0917 0x0dbc  [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:58:18.0939 0x0dbc  iaStorV - ok
17:58:18.0954 0x0dbc  [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus           C:\Windows\System32\drivers\ibbus.sys
17:58:18.0976 0x0dbc  ibbus - ok
17:58:18.0985 0x0dbc  [ 80BF2990E01E774D64F6E13F30661942, ADFEA2280D29F2C7B0A556C61709301D6327C288064FF5A4D29358403DF41DCE ] icssvc          C:\Windows\System32\tetheringservice.dll
17:58:19.0007 0x0dbc  icssvc - ok
17:58:19.0012 0x0dbc  IEEtwCollectorService - ok
17:58:19.0039 0x0dbc  [ 95A03F67830FDCB950E70261128D540D, D052CB703500E2871CF51E015E444F2A99FA9A7579AC422104F0E411F6107BD0 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:58:19.0088 0x0dbc  IKEEXT - ok
17:58:19.0100 0x0dbc  [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide        C:\Windows\system32\drivers\intelide.sys
17:58:19.0112 0x0dbc  intelide - ok
17:58:19.0118 0x0dbc  [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep        C:\Windows\system32\drivers\intelpep.sys
17:58:19.0132 0x0dbc  intelpep - ok
17:58:19.0141 0x0dbc  [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
17:58:19.0160 0x0dbc  intelppm - ok
17:58:19.0166 0x0dbc  [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos           C:\Windows\system32\drivers\ioqos.sys
17:58:19.0183 0x0dbc  IoQos - ok
17:58:19.0192 0x0dbc  [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:58:19.0215 0x0dbc  IpFilterDriver - ok
17:58:19.0240 0x0dbc  [ 6E75B731A8A7EFED0821327B08DAB46D, A77B746447824BD3C68B82D7329B82D62098B2409F8AEE4738FA23CB1561E629 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:58:19.0289 0x0dbc  iphlpsvc - ok
17:58:19.0298 0x0dbc  [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
17:58:19.0314 0x0dbc  IPMIDRV - ok
17:58:19.0322 0x0dbc  [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:58:19.0341 0x0dbc  IPNAT - ok
17:58:19.0359 0x0dbc  [ B066C46E4B638B849245E35A5703AF80, 738A2A76A68721DCA5004DFF381EF2F032A7E309454294E4ABDFF5141BAC9337 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:58:19.0380 0x0dbc  iPod Service - ok
17:58:19.0388 0x0dbc  [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:58:19.0406 0x0dbc  IRENUM - ok
17:58:19.0411 0x0dbc  [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:58:19.0423 0x0dbc  isapnp - ok
17:58:19.0434 0x0dbc  [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
17:58:19.0452 0x0dbc  iScsiPrt - ok
17:58:19.0459 0x0dbc  [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
17:58:19.0471 0x0dbc  kbdclass - ok
17:58:19.0477 0x0dbc  [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
17:58:19.0492 0x0dbc  kbdhid - ok
17:58:19.0497 0x0dbc  [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic           C:\Windows\System32\drivers\kdnic.sys
17:58:19.0514 0x0dbc  kdnic - ok
17:58:19.0521 0x0dbc  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] KeyIso          C:\Windows\system32\lsass.exe
17:58:19.0535 0x0dbc  KeyIso - ok
17:58:19.0551 0x0dbc  [ 62EBD4202B505ACADE2FBC56CC73E0A2, 2FCA80096B7DB5B42E76F527D9ABCF29AF7D52FC60BED6DD4C11C1BACA0D63F1 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
17:58:19.0571 0x0dbc  KL1 - ok
17:58:19.0577 0x0dbc  [ E2097C8F18F1E8E3B7D09F12B51843A3, 0506A99BD0962AAE64692BD7F080DB080F8B678DC59685CF22830A47B486430C ] klelam          C:\Windows\system32\DRIVERS\klelam.sys
17:58:19.0592 0x0dbc  klelam - ok
17:58:19.0601 0x0dbc  [ 1A473BAAD0201B701509E07F1ED4754C, 46738EFD5D6DE20838F6C061FCA69179C8C2455CF9D86FD81EF7D37D8AC3A223 ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
17:58:19.0612 0x0dbc  klflt - ok
17:58:19.0622 0x0dbc  [ 0698A6918DAF5B1710F5A5170C34FC03, 15CBA4089950812A5815D7517B6C25959A793A55A66F8AA6746618D42A849351 ] klhk            C:\Windows\system32\DRIVERS\klhk.sys
17:58:19.0636 0x0dbc  klhk - ok
17:58:19.0661 0x0dbc  [ B41C0821418B31674E28F655B115B5CE, 78DD02B1D593AC9FCA43380F3106EC697DBA1C0BCC88CE7CB6D6DDC928B17068 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
17:58:19.0689 0x0dbc  KLIF - ok
17:58:19.0698 0x0dbc  [ 982C795DE20CED7AEDD2E7899B5D9BC1, 9F4E7536DB253CD83AA2AB89E9F3311714CD70F13AFD16F9B4D4CD86A70FC164 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:58:19.0712 0x0dbc  KSecDD - ok
17:58:19.0721 0x0dbc  [ 7D8B9214692C4D0F1646215D9984E19A, DC73503A8CA67F4E167DEA69AADDEA5F2D756E1C1F4FF42B6ECEA7E637BB80AB ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:58:19.0737 0x0dbc  KSecPkg - ok
17:58:19.0742 0x0dbc  [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:58:19.0758 0x0dbc  ksthunk - ok
17:58:19.0771 0x0dbc  [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:58:19.0798 0x0dbc  KtmRm - ok
17:58:19.0810 0x0dbc  [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:58:19.0836 0x0dbc  LanmanServer - ok
17:58:19.0847 0x0dbc  [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:58:19.0874 0x0dbc  LanmanWorkstation - ok
17:58:19.0882 0x0dbc  [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc           C:\Windows\System32\lfsvc.dll
17:58:19.0899 0x0dbc  lfsvc - ok
17:58:19.0904 0x0dbc  [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager  C:\Windows\system32\LicenseManagerSvc.dll
17:58:19.0920 0x0dbc  LicenseManager - ok
17:58:19.0926 0x0dbc  [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio          C:\Windows\system32\drivers\lltdio.sys
17:58:19.0946 0x0dbc  lltdio - ok
17:58:19.0957 0x0dbc  [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:58:19.0983 0x0dbc  lltdsvc - ok
17:58:19.0989 0x0dbc  [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:58:20.0005 0x0dbc  lmhosts - ok
17:58:20.0015 0x0dbc  [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:58:20.0029 0x0dbc  LSI_SAS - ok
17:58:20.0036 0x0dbc  [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i       C:\Windows\system32\drivers\lsi_sas2i.sys
17:58:20.0051 0x0dbc  LSI_SAS2i - ok
17:58:20.0059 0x0dbc  [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i       C:\Windows\system32\drivers\lsi_sas3i.sys
17:58:20.0072 0x0dbc  LSI_SAS3i - ok
17:58:20.0079 0x0dbc  [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
17:58:20.0093 0x0dbc  LSI_SSS - ok
17:58:20.0114 0x0dbc  [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM             C:\Windows\System32\lsm.dll
17:58:20.0154 0x0dbc  LSM - ok
17:58:20.0163 0x0dbc  [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ] luafv           C:\Windows\system32\drivers\luafv.sys
17:58:20.0186 0x0dbc  luafv - ok
17:58:20.0199 0x0dbc  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
17:58:20.0214 0x0dbc  LVRS64 - ok
17:58:20.0320 0x0dbc  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
17:58:20.0430 0x0dbc  LVUVC64 - ok
17:58:20.0443 0x0dbc  [ 56B24B359838BE86B013C2CFD38BDFC4, 38EA2D320F0CD80E3654AA1A5CA1CCAB1CA5519A562EEE41DC2E5EDF47CEF3F4 ] MapsBroker      C:\Windows\System32\moshost.dll
17:58:20.0462 0x0dbc  MapsBroker - ok
17:58:20.0468 0x0dbc  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:58:20.0477 0x0dbc  MBAMProtector - ok
17:58:20.0514 0x0dbc  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
17:58:20.0554 0x0dbc  MBAMScheduler - ok
17:58:20.0584 0x0dbc  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
17:58:20.0616 0x0dbc  MBAMService - ok
17:58:20.0627 0x0dbc  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
17:58:20.0638 0x0dbc  MBAMSwissArmy - ok
17:58:20.0645 0x0dbc  [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
17:58:20.0654 0x0dbc  MBAMWebAccessControl - ok
17:58:20.0661 0x0dbc  [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:58:20.0674 0x0dbc  megasas - ok
17:58:20.0691 0x0dbc  [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr          C:\Windows\system32\drivers\megasr.sys
17:58:20.0718 0x0dbc  megasr - ok
17:58:20.0725 0x0dbc  [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\Windows\System32\MessagingService.dll
17:58:20.0745 0x0dbc  MessagingService - ok
17:58:20.0811 0x0dbc  [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus        C:\Windows\System32\drivers\mlx4_bus.sys
17:58:20.0841 0x0dbc  mlx4_bus - ok
17:58:20.0848 0x0dbc  [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS           C:\Windows\system32\drivers\mmcss.sys
17:58:20.0866 0x0dbc  MMCSS - ok
17:58:20.0871 0x0dbc  [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem           C:\Windows\system32\drivers\modem.sys
17:58:20.0892 0x0dbc  Modem - ok
17:58:20.0898 0x0dbc  [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor         C:\Windows\System32\drivers\monitor.sys
17:58:20.0914 0x0dbc  monitor - ok
17:58:20.0921 0x0dbc  [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass        C:\Windows\System32\drivers\mouclass.sys
17:58:20.0933 0x0dbc  mouclass - ok
17:58:20.0939 0x0dbc  [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid          C:\Windows\System32\drivers\mouhid.sys
17:58:20.0954 0x0dbc  mouhid - ok
17:58:20.0961 0x0dbc  [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:58:20.0975 0x0dbc  mountmgr - ok
17:58:20.0983 0x0dbc  [ 3FAF0470FC089B8D0A7F5C1C46CE1E75, 15AE50F0641959AA548A3B648B7151634BC499A9A34125C3E2C8161A08A0CBC4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:58:20.0994 0x0dbc  MozillaMaintenance - ok
17:58:21.0001 0x0dbc  [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:58:21.0018 0x0dbc  mpsdrv - ok
17:58:21.0041 0x0dbc  [ 0B28F2ACE5103586D322AD98FAA01309, CE3053DEB6E452C6DCDFD371CF113EB0D740DED6C1C537CB749D1BE5E97FAB09 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:58:21.0086 0x0dbc  MpsSvc - ok
17:58:21.0095 0x0dbc  [ BF6CA7EA5ECD6CF72D3D76652A9B8280, 8EC031D0D8E75CB583B129CBA518701097697498621307108388FA05FBF604BB ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:58:21.0115 0x0dbc  MRxDAV - ok
17:58:21.0129 0x0dbc  [ 0B3B0C1D86050355676640488FA897D3, DBED9D6F7AAFB11F4C00C1F69DB7A887A3058E5FA66615A1640242439822B60C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:58:21.0151 0x0dbc  mrxsmb - ok
17:58:21.0163 0x0dbc  [ 1A490555FD330CA2764D89191177C867, 1004AE2F80BEA9A6DBA3E6B5D2DDFA44FBA253F7137D60B000B094699DE1CB12 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:58:21.0186 0x0dbc  mrxsmb10 - ok
17:58:21.0196 0x0dbc  [ 0F47A6C09F0A7FB5513D322A2B9BE4EC, 00A17CB55D232E11F3D24D0B43FE4FA9E55F7EF5E5607B26ED84C13108AAC4FA ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:58:21.0214 0x0dbc  mrxsmb20 - ok
17:58:21.0221 0x0dbc  [ A4411C522D41707D5BCA817A5BB9E30B, EF7505BE475ECAB2B5E66A7419EDAF42A7E7A65BAD3BBE346A8CEE5DD69782CC ] MsBridge        C:\Windows\system32\drivers\bridge.sys
17:58:21.0239 0x0dbc  MsBridge - ok
17:58:21.0247 0x0dbc  [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC           C:\Windows\System32\msdtc.exe
17:58:21.0267 0x0dbc  MSDTC - ok
17:58:21.0278 0x0dbc  [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:58:21.0294 0x0dbc  Msfs - ok
17:58:21.0300 0x0dbc  [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
17:58:21.0312 0x0dbc  msgpiowin32 - ok
17:58:21.0318 0x0dbc  [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:58:21.0331 0x0dbc  mshidkmdf - ok
17:58:21.0337 0x0dbc  [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
17:58:21.0352 0x0dbc  mshidumdf - ok
17:58:21.0358 0x0dbc  [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:58:21.0370 0x0dbc  msisadrv - ok
17:58:21.0378 0x0dbc  [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:58:21.0399 0x0dbc  MSiSCSI - ok
17:58:21.0405 0x0dbc  msiserver - ok
17:58:21.0411 0x0dbc  [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV         C:\Windows\system32\DRIVERS\MSKSSRV.sys
17:58:21.0426 0x0dbc  MSKSSRV - ok
17:58:21.0432 0x0dbc  [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp          C:\Windows\system32\drivers\mslldp.sys
17:58:21.0452 0x0dbc  MsLldp - ok
17:58:21.0457 0x0dbc  [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK        C:\Windows\system32\DRIVERS\MSPCLOCK.sys
17:58:21.0474 0x0dbc  MSPCLOCK - ok
17:58:21.0479 0x0dbc  [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM           C:\Windows\system32\DRIVERS\MSPQM.sys
17:58:21.0495 0x0dbc  MSPQM - ok
17:58:21.0507 0x0dbc  [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:58:21.0528 0x0dbc  MsRPC - ok
17:58:21.0538 0x0dbc  [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
17:58:21.0550 0x0dbc  mssmbios - ok
17:58:21.0556 0x0dbc  [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE           C:\Windows\system32\DRIVERS\MSTEE.sys

Danyelz · 14.06.2016, 22:19

Code:

ATTFilter

17:58:21.0571 0x0dbc  MSTEE - ok
17:58:21.0577 0x0dbc  [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
17:58:21.0594 0x0dbc  MTConfig - ok
17:58:21.0598 0x0dbc  [ 640617B6E682A150C36BE39D78547F6C, 784F712E9DC3EEE81F07946BBA08AA2BEAC7B3961E430B75043645EF7ECA715C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
17:58:21.0607 0x0dbc  MTsensor - ok
17:58:21.0615 0x0dbc  [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:58:21.0629 0x0dbc  Mup - ok
17:58:21.0636 0x0dbc  [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
17:58:21.0649 0x0dbc  mvumis - ok
17:58:21.0667 0x0dbc  [ AA4CD20708B7E0412A5316D7E2875103, 4E60A0865B7656735F3AB34AF5FE48304138F47DE961D4D16661617D711DEBC0 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:58:21.0700 0x0dbc  NativeWifiP - ok
17:58:21.0709 0x0dbc  [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc          C:\Windows\System32\ncasvc.dll
17:58:21.0730 0x0dbc  NcaSvc - ok
17:58:21.0743 0x0dbc  [ 24146738C422814EEB2A98FF1FC5C6E1, 3C70C6768681CE63DED339822EFB36194037B987D92456B9E955061A3A3C63BC ] NcbService      C:\Windows\System32\ncbservice.dll
17:58:21.0769 0x0dbc  NcbService - ok
17:58:21.0776 0x0dbc  [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
17:58:21.0804 0x0dbc  NcdAutoSetup - ok
17:58:21.0810 0x0dbc  [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr          C:\Windows\System32\drivers\ndfltr.sys
17:58:21.0823 0x0dbc  ndfltr - ok
17:58:21.0852 0x0dbc  [ E582DA849A58524E645545FB68B6625D, B74E2CF078F6C575EFC4A2E4293D03FE6BA933307D656E0E57FFA17EF324948D ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:58:21.0893 0x0dbc  NDIS - ok
17:58:21.0901 0x0dbc  [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap         C:\Windows\system32\drivers\ndiscap.sys
17:58:21.0918 0x0dbc  NdisCap - ok
17:58:21.0925 0x0dbc  [ A1D473D0CF10561F29B58EA7C5412A92, 3DBFC1D769E03E30C87FF4F30A9B523A69A7E0CD4EB87F8A9ECE190FEB84C569 ] NdisImPlatform  C:\Windows\system32\drivers\NdisImPlatform.sys
17:58:21.0946 0x0dbc  NdisImPlatform - ok
17:58:21.0951 0x0dbc  [ 1A0AE283B8DE6BB76412A0F8213D45AC, 91AFFDC7A9277EB59CD54021049BEA715078F90470B8A12F3E9F1386DF068D2D ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:58:21.0970 0x0dbc  NdisTapi - ok
17:58:21.0976 0x0dbc  [ A74EE2D2C0BFF5EC3A6185791868C4CA, A346320DEBEAE890575B4C6594FB3A3A9890A0E86881ADD8376E442282C88D38 ] Ndisuio         C:\Windows\system32\drivers\ndisuio.sys
17:58:21.0992 0x0dbc  Ndisuio - ok
17:58:21.0998 0x0dbc  [ 32A9BD1342640D48AD85C8B3E812B984, B702B05A0180472139B35B105DD3B6B6F75AEDC9DD1EE342FB576259076455AE ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
17:58:22.0016 0x0dbc  NdisVirtualBus - ok
17:58:22.0025 0x0dbc  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] NdisWan         C:\Windows\System32\drivers\ndiswan.sys
17:58:22.0049 0x0dbc  NdisWan - ok
17:58:22.0058 0x0dbc  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] ndiswanlegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
17:58:22.0081 0x0dbc  ndiswanlegacy - ok
17:58:22.0088 0x0dbc  [ 50AEF8EF0064A91ABB08D858D039C9DE, 16F1CBE1EC3778D157CC054261068C8D7F8A72D85853CB70178F8DF81D238C8F ] ndproxy         C:\Windows\system32\DRIVERS\NDProxy.sys
17:58:22.0107 0x0dbc  ndproxy - ok
17:58:22.0114 0x0dbc  [ D358DF634F52247CB43F0781218F4D6E, D375E9E681551467FC5F7AB2AC053C9F22AAC541C0BCBA57090211F45009342C ] Ndu             C:\Windows\system32\drivers\Ndu.sys
17:58:22.0132 0x0dbc  Ndu - ok
17:58:22.0138 0x0dbc  [ 026618ECF6C4BEBDCB7885D42EC0DBE4, 8E7E13361DCF8748FA3AD518B3DE0A3DCE932316EE32E5529E75785BC5395AD1 ] NetBIOS         C:\Windows\system32\drivers\netbios.sys
17:58:22.0151 0x0dbc  NetBIOS - ok
17:58:22.0164 0x0dbc  [ F51C02D992A8D6BC5EC4D990F227D4C7, DBBDA422BFA82219403689637BE8D6B0D0A893895143E807FA5A007C166454CB ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:58:22.0188 0x0dbc  NetBT - ok
17:58:22.0194 0x0dbc  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] Netlogon        C:\Windows\system32\lsass.exe
17:58:22.0207 0x0dbc  Netlogon - ok
17:58:22.0217 0x0dbc  [ 7FD4C3D32DAE890608F44074A3437CD8, 5B7D9E9AEE26896B818F3C5DBE4C96A33D43CE2CF7716B95AAB7203611C03BFE ] Netman          C:\Windows\System32\netman.dll
17:58:22.0244 0x0dbc  Netman - ok
17:58:22.0264 0x0dbc  [ A059F75402710535A90A8D043674A514, E98536DF74A2B75FDBA6B866DC1909544292DFE5E14F984941470FBA6E8D810C ] netprofm        C:\Windows\System32\netprofmsvc.dll
17:58:22.0300 0x0dbc  netprofm - ok
17:58:22.0310 0x0dbc  [ 9C6EE1DE9CF7B77FF550A737816EB6DB, 586D561E1A318778668D148B8367D1F7452E770D1743ED5F8EE6EAB03DB31916 ] NetSetupSvc     C:\Windows\System32\NetSetupSvc.dll
17:58:22.0332 0x0dbc  NetSetupSvc - ok
17:58:22.0344 0x0dbc  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:58:22.0360 0x0dbc  NetTcpPortSharing - ok
17:58:22.0374 0x0dbc  [ 0FB83658FBB2C5A18AB98C5C94DB9FAF, 2D15A49F47D8185D7914D26916D1237FCBE2F8351A64877CDDDDE26E766C3D2F ] NgcCtnrSvc      C:\Windows\System32\NgcCtnrSvc.dll
17:58:22.0399 0x0dbc  NgcCtnrSvc - ok
17:58:22.0419 0x0dbc  [ 7AAA9916AA10F4B0E9743798A5BA6549, 2E38EEF3F487A7DD0B719A048FFA0EB36B2487A1068BB322553E9DD2FCE46711 ] NgcSvc          C:\Windows\system32\ngcsvc.dll
17:58:22.0455 0x0dbc  NgcSvc - ok
17:58:22.0469 0x0dbc  [ 1B8F07B59F7DAE02264FB8A16088C467, 1795DA9F72C34A9F47D9AAF5E95D40C3296948EB89D9600679AB4660671A5C65 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:58:22.0500 0x0dbc  NlaSvc - ok
17:58:22.0507 0x0dbc  [ 465DC580170CD844206D7E3EF1DBF2A1, 5A14001029BE154C708CCA34449B280905DB79978FC7F0BE0CF20B20E47752CF ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:58:22.0525 0x0dbc  Npfs - ok
17:58:22.0530 0x0dbc  [ 29395C214D2CD4C81F73166AB988A797, 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
17:58:22.0545 0x0dbc  npsvctrig - ok
17:58:22.0551 0x0dbc  [ AF8B7848E102A83AAECCD24B181CEBE5, B2AAE3567EE3A7975CDFCB3FE41D33C74D4486BFF35FF56E0516A01C744BA52B ] nsi             C:\Windows\system32\nsisvc.dll
17:58:22.0568 0x0dbc  nsi - ok
17:58:22.0573 0x0dbc  [ 2871225495F832A8C8A7DD1A17EDB3DC, 2F6664C7F5FB2341B2AAF3C5A258FA0D7AEEE447562D7F39FD5A4EE905C18C6D ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:58:22.0589 0x0dbc  nsiproxy - ok
17:58:22.0642 0x0dbc  [ 19BD8A88AAC580592668B070AC0727D9, 60DB84895C40E6412BEB2D0E4D7F05891446B9DE992D70579CC90BA3FB27FC01 ] NTFS            C:\Windows\system32\drivers\NTFS.sys
17:58:22.0713 0x0dbc  NTFS - ok
17:58:22.0722 0x0dbc  [ 6DBD703320484C37CEA9E4E2D266A8CE, 85D6F73C0E3FDE16829C9BC0D13DD89E64183EAE02F84607F6B8440CB7F366E6 ] Null            C:\Windows\system32\drivers\Null.sys
17:58:22.0736 0x0dbc  Null - ok
17:58:22.0744 0x0dbc  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:58:22.0759 0x0dbc  nvraid - ok
17:58:22.0768 0x0dbc  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:58:22.0784 0x0dbc  nvstor - ok
17:58:22.0791 0x0dbc  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:58:22.0806 0x0dbc  nv_agp - ok
17:58:22.0818 0x0dbc  [ 7F3A0D052B8E00E730316210B1DD092F, 14BD026EA759F6C81ED6B4DBB04E0584B7F6456725503FC73CD4347B7743005F ] OneSyncSvc      C:\Windows\System32\APHostService.dll
17:58:22.0849 0x0dbc  OneSyncSvc - ok
17:58:22.0903 0x0dbc  [ 58327B7E7C4E325C66B7C4A5220CE5F4, FF66411B23A195CA3C64F5409F2E2C6F88CB01034A4C9DDCA565DE0E144ABC13 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:58:22.0919 0x0dbc  ose64 - ok
17:58:22.0934 0x0dbc  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:58:22.0960 0x0dbc  p2pimsvc - ok
17:58:22.0977 0x0dbc  [ 4A5634915AF62C983E08425905D0C04C, 09BC3F7AD9F79C5FF59520933D06FE155AC21CD0ABAFE66B81C9F87D83A2339F ] p2psvc          C:\Windows\system32\p2psvc.dll
17:58:23.0006 0x0dbc  p2psvc - ok
17:58:23.0014 0x0dbc  [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport         C:\Windows\System32\drivers\parport.sys
17:58:23.0031 0x0dbc  Parport - ok
17:58:23.0038 0x0dbc  [ 24AC0FD10325FBC2303B29A5F237AEB0, D94B26A36EBE4EFE8EA270FA6600811206830480BE953809F74FAB80628DF879 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:58:23.0052 0x0dbc  partmgr - ok
17:58:23.0070 0x0dbc  [ 0ECA2ADD5FBCE73183A68935C71B40B7, 08CC5F2F10D1DD1A1396CC29196314003491D3AF3DE59CADB281F252577F1860 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:58:23.0097 0x0dbc  PcaSvc - ok
17:58:23.0109 0x0dbc  [ CFFE69B6C276A3418687109EA8AC9E7D, A516B2F4BFB0CD8B38219E3BF783C0BD99CD9EA1BACBE2284987F6DC0976BD36 ] pci             C:\Windows\system32\drivers\pci.sys
17:58:23.0129 0x0dbc  pci - ok
17:58:23.0135 0x0dbc  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:58:23.0146 0x0dbc  pciide - ok
17:58:23.0153 0x0dbc  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:58:23.0167 0x0dbc  pcmcia - ok
17:58:23.0173 0x0dbc  [ 22A53744CEEADFFFD33BA010FAD95229, 30B775EC9795105B8BF785BD63115C160955E7EFF74B995D3EC288138D1825A3 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:58:23.0186 0x0dbc  pcw - ok
17:58:23.0193 0x0dbc  [ 67B9684B8272D5EBD1CCBB1DBD425EC8, 09BE2A2EB3A71E594D08B8D817820965DEEAD283029EBB0B74CCC658A2706233 ] pdc             C:\Windows\system32\drivers\pdc.sys
17:58:23.0207 0x0dbc  pdc - ok
17:58:23.0229 0x0dbc  [ E2F8376F9731D12A009C522036C6073A, 5B8B68D3C013AAA8ED368C97042984C35E8D023542DBA404E7A03E89F2357E66 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:58:23.0271 0x0dbc  PEAUTH - ok
17:58:23.0321 0x0dbc  [ C7D210982B6C8454E52191D0DCF6DC52, D53D575CD9A0AB7EA94E7D1B9730ABE0A582CA3460AEAC4680D01034D69D3949 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:58:23.0402 0x0dbc  PeerDistSvc - ok
17:58:23.0411 0x0dbc  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i       C:\Windows\system32\drivers\percsas2i.sys
17:58:23.0424 0x0dbc  percsas2i - ok
17:58:23.0429 0x0dbc  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i       C:\Windows\system32\drivers\percsas3i.sys
17:58:23.0442 0x0dbc  percsas3i - ok
17:58:23.0466 0x0dbc  [ 0DAF7B7D85F7AF38E29161460899C63F, F2609F2BD02C714857F5D5E6EF580643429C54E175AA72D38467F8F3A4E7F59F ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:58:23.0482 0x0dbc  PerfHost - ok
17:58:23.0510 0x0dbc  [ 57606281E23B0F53347527691E947B2B, 7030182E706CEBE6BD52BDC71CA8F2230AD445AE6554188E76F09A5E2612BD2E ] PhoneSvc        C:\Windows\System32\PhoneService.dll
17:58:23.0552 0x0dbc  PhoneSvc - ok
17:58:23.0564 0x0dbc  [ 04F7878E7017105AB782353231561749, FB2811D98216720D4FDF0AC0EDF16C6CD33D7224B4CAFA752B4D2A839E6DD88A ] PimIndexMaintenanceSvc C:\Windows\System32\PimIndexMaintenance.dll
17:58:23.0588 0x0dbc  PimIndexMaintenanceSvc - ok
17:58:23.0670 0x0dbc  [ A546F72EFFE5CBBC98003A0CA19DA0F8, 89AE396676A37D851F46427E421E8E8ED5B4BADC33023F1E215CC352A4110F44 ] pla             C:\Windows\system32\pla.dll
17:58:23.0738 0x0dbc  pla - ok
17:58:23.0748 0x0dbc  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:58:23.0773 0x0dbc  PlugPlay - ok
17:58:23.0778 0x0dbc  [ 6BF7093B27EA90FD9222845D19C1BE5F, CF8A6764BB6B369258F21FD303E4CAE08632195620A0BD66B62F62F5D7B762B8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:58:23.0795 0x0dbc  PNRPAutoReg - ok
17:58:23.0807 0x0dbc  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:58:23.0834 0x0dbc  PNRPsvc - ok
17:58:23.0848 0x0dbc  [ 5A91C28F99043215121499257468C4BD, 816D2AEBA29B8A050747E01CE11EB12A05C1CDDF91835C44BBB6A7B9D348B15A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:58:23.0878 0x0dbc  PolicyAgent - ok
17:58:23.0888 0x0dbc  [ AE3B1056FC1795F18D990C4908A6ECBF, 1C41F7714EBF54DF358D9B19D6AFE7281D3EABE20038B568A12031B76E1D50D9 ] Power           C:\Windows\system32\umpo.dll
17:58:23.0908 0x0dbc  Power - ok
17:58:23.0915 0x0dbc  [ 5BA6B9AD03B81546BA64E488C4EF9D17, C43442577685FA1A7C32094B2F14FC92BA6B511FD9FDBA6FD82473A1B165FC61 ] PptpMiniport    C:\Windows\System32\drivers\raspptp.sys
17:58:23.0935 0x0dbc  PptpMiniport - ok
17:58:24.0011 0x0dbc  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
17:58:24.0134 0x0dbc  PrintNotify - ok
17:58:24.0147 0x0dbc  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor       C:\Windows\System32\drivers\processr.sys
17:58:24.0166 0x0dbc  Processor - ok
17:58:24.0178 0x0dbc  [ 7E0078F1EFEB6F8F47CF85C1D73C7EBC, 831BC3CE72F29AD259DEE7121D6F785CE0A8462CFB69DD7FB1F3BDAF16CDBF3E ] ProfSvc         C:\Windows\system32\profsvc.dll
17:58:24.0204 0x0dbc  ProfSvc - ok
17:58:24.0214 0x0dbc  [ 596FB6C5A72F34B7566930985E543806, 870B43783DB4CF845FA72BC5E40CE76BE6DFC66FE9E9B4B0A52D6B7FE7EA65FC ] Psched          C:\Windows\system32\drivers\pacer.sys
17:58:24.0229 0x0dbc  Psched - ok
17:58:24.0240 0x0dbc  [ E84F66BA185934C166F8DF0FA8F88455, 2E0380E98DA29B3F43FB3FE0E1ECA52B3C9AEF54CE982D5514F70FAE81758449 ] QWAVE           C:\Windows\system32\qwave.dll
17:58:24.0264 0x0dbc  QWAVE - ok
17:58:24.0271 0x0dbc  [ CFBA9C976CBF6796E5DC39EF59984021, A1C956AD828FC70ED92D702516E0F88A4BDAF8C93C571D7CA20F1695FD8E70C2 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:58:24.0287 0x0dbc  QWAVEdrv - ok
17:58:24.0292 0x0dbc  [ 7B2AD8C55217B514C14281AB97B4E21D, A1E295897B864B9C0177FF1C502EB060084A1783C0E7E53636291F901C2E2AA8 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:58:24.0308 0x0dbc  RasAcd - ok
17:58:24.0315 0x0dbc  [ E15A9CE1E2E7D1C8DF97A4FC1FFE6289, 44B53418D6BC51ACC567CF6917A0981889B44AE420489C9C03F5A30418B37267 ] RasAgileVpn     C:\Windows\System32\drivers\AgileVpn.sys
17:58:24.0335 0x0dbc  RasAgileVpn - ok
17:58:24.0342 0x0dbc  [ D60BA4C76D194472D6602FF3D2D51ADE, 01272663897685C75FFBC3F1C0CFDB8D0E1A58182049E0B607D634536A8F6400 ] RasAuto         C:\Windows\System32\rasauto.dll
17:58:24.0362 0x0dbc  RasAuto - ok
17:58:24.0369 0x0dbc  [ E3C82823B22463BC38AA4F8ADA852624, FF601B117F4003E2CC65B6143C2A270331EB257EE82B3BC020247D1AB1CD625F ] Rasl2tp         C:\Windows\System32\drivers\rasl2tp.sys
17:58:24.0386 0x0dbc  Rasl2tp - ok
17:58:24.0406 0x0dbc  [ 3655D86C5E2982B131FC0935DE24F98F, 0386B31FECDDED77450609A807097B2307361CB59B236DEC41037BDC95897463 ] RasMan          C:\Windows\System32\rasmans.dll
17:58:24.0447 0x0dbc  RasMan - ok
17:58:24.0454 0x0dbc  [ 3369023EB5790A75BA7DABA14B75D922, 36B63D5B74FDC932AAF1A876514024602D2F3EAF2CA33D1247CBA1E52FDB0418 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:58:24.0473 0x0dbc  RasPppoe - ok
17:58:24.0480 0x0dbc  [ 1E32A8CD65C4AD0A827CFEB13034DA29, 5D9A92E13020D994CCD39F701BACAFE2177A40A9CC89649441B91E3F3DECD911 ] RasSstp         C:\Windows\System32\drivers\rassstp.sys
17:58:24.0499 0x0dbc  RasSstp - ok
17:58:24.0513 0x0dbc  [ 2B648363E4C5E34B469C58596F377DD9, 30F82770468BBA562CEA0E9E39B24ACEFBE022343D0180C82E2ACE8957B73E44 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:58:24.0535 0x0dbc  rdbss - ok
17:58:24.0543 0x0dbc  [ D0221C13960E274CC539D72D5A842ED0, A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
17:58:24.0559 0x0dbc  rdpbus - ok
17:58:24.0568 0x0dbc  [ 1DC2CC74B51E4DC4CD5A20C1021E4010, 46B7D17EE27439F2191504D1C6F6C70B2540BD4F2261DBB1F4BE783BEA99B04C ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:58:24.0588 0x0dbc  RDPDR - ok
17:58:24.0598 0x0dbc  [ 177DF954D0DEC0465A380C75F6E7F65F, 6B30C78223029BD5DBA586BF961968F85762209BA55CD031460A215B20F93AB2 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:58:24.0610 0x0dbc  RdpVideoMiniport - ok
17:58:24.0620 0x0dbc  [ 5D1680871054D2B0B8A971BC8AB3B837, 9CAB0B2E3857829D34A82A78B120D07E292D4D5060168D964295EB23339B7DE7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:58:24.0637 0x0dbc  rdyboost - ok
17:58:24.0662 0x0dbc  [ 341E6830DA70F65730300DAB4CB0B490, 341EC8DB5E39963EF89E726F08730AFB2356C3BAD71CCE9EECCAB4D9B31C4863 ] ReFSv1          C:\Windows\system32\drivers\ReFSv1.sys
17:58:24.0700 0x0dbc  ReFSv1 - ok
17:58:24.0719 0x0dbc  [ 8355BCA85B0928382DFCDD02FCD1681A, F306F038DA09C8D2095C311818E2F991B55BCD96B40B95D2A53A60EA6AC37014 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:58:24.0753 0x0dbc  RemoteAccess - ok
17:58:24.0762 0x0dbc  [ 2C82F4DCABAB389CEBB1C9E86C715C9C, 70354621D3D467616A419A818C54D2C89EA013C5050BA9944E3A7A4F25CAD6BA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:58:24.0788 0x0dbc  RemoteRegistry - ok
17:58:24.0814 0x0dbc  [ CFF943806EBAD5CFAC26FD3DF304E79F, 4992AFB7CE3E2117A11B97FD92ED2EC02183D461F89179B6EA42C8F5AC973374 ] RetailDemo      C:\Windows\system32\RDXService.dll
17:58:24.0866 0x0dbc  RetailDemo - ok
17:58:24.0875 0x0dbc  [ 176D8470B15CD9080861594F9A33FA01, CFB66D7FEB9465985C2866D64EA03B7E7BE830DCF6C02B3FE2244D7F7E5343E2 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:58:24.0896 0x0dbc  RpcEptMapper - ok
17:58:24.0902 0x0dbc  [ 1A563653DAEDFE4CA81936E0D2FD8B56, 308B0DFEBA63333D407093C449A08ABFECE118C9274100809356BDAF7FA32EB6 ] RpcLocator      C:\Windows\system32\locator.exe
17:58:24.0920 0x0dbc  RpcLocator - ok
17:58:24.0944 0x0dbc  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] RpcSs           C:\Windows\system32\rpcss.dll
17:58:24.0993 0x0dbc  RpcSs - ok
17:58:25.0002 0x0dbc  [ 0AC5FCDC29ED97ECDEF1276425EE2059, 8A12D1732D4AA18A9ED8416F4D4A49B81CE7C4C86ABCEE8FF28A16EA61993CFE ] rspndr          C:\Windows\system32\drivers\rspndr.sys
17:58:25.0022 0x0dbc  rspndr - ok
17:58:25.0048 0x0dbc  [ E74FB6DC8D8140BB30B21695D79144ED, C3E62EAD0532B70ABAC671E5171291E719AD1833B98D476F154CBFD80487762C ] rt640x64        C:\Windows\System32\drivers\rt640x64.sys
17:58:25.0077 0x0dbc  rt640x64 - ok
17:58:25.0084 0x0dbc  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
17:58:25.0098 0x0dbc  s3cap - ok
17:58:25.0104 0x0dbc  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] SamSs           C:\Windows\system32\lsass.exe
17:58:25.0119 0x0dbc  SamSs - ok
17:58:25.0126 0x0dbc  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:58:25.0140 0x0dbc  sbp2port - ok
17:58:25.0149 0x0dbc  [ 0C12493B333B96797AFC5F3C7831C051, BEE786D7ED14221B1A9450060597393AC44116D776B913E045B5F6066D720F74 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:58:25.0177 0x0dbc  SCardSvr - ok
17:58:25.0187 0x0dbc  [ 40110802D217FE1CB581D9A70B1FD16F, CCB920593CCC6663676039F3F731536DFEF535C3F715F6DB6F34D0D733BEF89B ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
17:58:25.0213 0x0dbc  ScDeviceEnum - ok
17:58:25.0219 0x0dbc  [ 9B6B1D4DB35A3D9BEAF023BC95E1F49D, CA44124CA3E9958FB77A891CD234A993B63E8AC6632AE801CDEC6666267E7C7E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:58:25.0239 0x0dbc  scfilter - ok
17:58:25.0264 0x0dbc  [ EA195B8BC11C1CDB313CFD456EFFA0E9, EEDF349C59ED0645B04040707906BB4496527243858C2A6BE46BE7029B4A7F37 ] Schedule        C:\Windows\system32\schedsvc.dll
17:58:25.0315 0x0dbc  Schedule - ok
17:58:25.0327 0x0dbc  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:58:25.0353 0x0dbc  SCPolicySvc - ok
17:58:25.0365 0x0dbc  [ B24408471C1BCB17FC44F5B47EA8DEA3, 1CFE07C793F2A3D883E9071B8703C01A7619C8C0A02AAEBAA1130F36654AFD4F ] sdbus           C:\Windows\System32\drivers\sdbus.sys
17:58:25.0383 0x0dbc  sdbus - ok
17:58:25.0392 0x0dbc  [ 811EC0B1221402FCED0BA37E112BF627, 366EB8AF04C603BED6CF53652CC937099B247D5DD8C58D699D0D8DA22F8FDD51 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:58:25.0414 0x0dbc  SDRSVC - ok
17:58:25.0422 0x0dbc  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
17:58:25.0435 0x0dbc  sdstor - ok
17:58:25.0441 0x0dbc  [ EBD07BD20B5E0E92A398566EF8720F79, 8A88C861D4113B9938C32CBD28FD3D7F1C3133E700E23E17F5DFD7B26CCDA04A ] seclogon        C:\Windows\system32\seclogon.dll
17:58:25.0459 0x0dbc  seclogon - ok
17:58:25.0465 0x0dbc  [ B7B9EEBCB7466338403A75D15AC120D7, B8F79DA71F8CD0F30983F7D92B625A431C212DD543DE2B3DC03EC5A68C41B00D ] SENS            C:\Windows\System32\sens.dll
17:58:25.0489 0x0dbc  SENS - ok
17:58:25.0523 0x0dbc  [ D14DD7D766664F880FECF44CE6017966, ECF966E3ACF4EBD5A3259468A076619A539E35F1B97AB6A98FBD7882F1FBBBAB ] SensorDataService C:\Windows\System32\SensorDataService.exe
17:58:25.0589 0x0dbc  SensorDataService - ok
17:58:25.0604 0x0dbc  [ 45D26646E3AD737E5DE3DB91CCCE7DBA, B05AB32700998C8347BC5797B18EB97F303FCB2302BED852348F2703DEDE72F9 ] SensorService   C:\Windows\system32\SensorService.dll
17:58:25.0631 0x0dbc  SensorService - ok
17:58:25.0641 0x0dbc  [ 7363A65C738F5A5292D7BDBE55D8C3C2, C53C10A0AE58613DFCC91E62E004D9B188E4793C2A19B4BE871A705EEE77048E ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:58:25.0663 0x0dbc  SensrSvc - ok
17:58:25.0671 0x0dbc  [ 67585C295FF2D221679E376B68893B35, 4B5E9A8DA8C6F7B1F7129F80A0603503D467E5650306FB4C309977D74037E46B ] SerCx           C:\Windows\system32\drivers\SerCx.sys
17:58:25.0684 0x0dbc  SerCx - ok
17:58:25.0693 0x0dbc  [ B8C4852CBCAAC1374C08EC7445443824, DDE577A81B3E11B5B56096317BC47AA6E286573042407B96A9D29BE981F3FA4D ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
17:58:25.0708 0x0dbc  SerCx2 - ok
17:58:25.0715 0x0dbc  [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum         C:\Windows\System32\drivers\serenum.sys
17:58:25.0731 0x0dbc  Serenum - ok
17:58:25.0738 0x0dbc  [ 249A563C48DFD9E42A37587653E003BB, D022FAE2B7AC9D99B9F230A4DF0B045891588162587E1F468B5E05C8DA98AA9A ] Serial          C:\Windows\System32\drivers\serial.sys
17:58:25.0757 0x0dbc  Serial - ok
17:58:25.0762 0x0dbc  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
17:58:25.0778 0x0dbc  sermouse - ok
17:58:25.0799 0x0dbc  [ CD90E445F6458512A5BA884D561EFCF1, E792FAB8AFF4126C1977024060842D788A06475139782896AFD7B39C85FCDF3F ] SessionEnv      C:\Windows\system32\sessenv.dll
17:58:25.0829 0x0dbc  SessionEnv - ok
17:58:25.0836 0x0dbc  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
17:58:25.0854 0x0dbc  sfloppy - ok
17:58:25.0869 0x0dbc  [ F8083C536BEDE61AFB4069D8A8C16DA7, 13AADAD7B5582911B8ABBE0CF7132CC517F7413A361CCF8ED502F803D061FFA3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:58:25.0900 0x0dbc  SharedAccess - ok
17:58:25.0921 0x0dbc  [ AE6E4D3172FBF45B944668CB3998B8A8, E7D7F98CB464C236A17069987F7B678D7688D9D577334151EF09DF5C6F22AFFC ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:58:25.0967 0x0dbc  ShellHWDetection - ok
17:58:25.0975 0x0dbc  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:58:25.0987 0x0dbc  SiSRaid2 - ok
17:58:25.0994 0x0dbc  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:58:26.0008 0x0dbc  SiSRaid4 - ok
17:58:26.0014 0x0dbc  [ B922D32039A3B5991E64429EC4EE52A9, 5EB7EB1F6D2C25F06044D8CA9F3BA0471FB40C8C96432BDC2C80CC36DC49BA0B ] smphost         C:\Windows\System32\smphost.dll
17:58:26.0039 0x0dbc  smphost - ok
17:58:26.0058 0x0dbc  [ F07301C282AA222C33F8C28B4F545275, 2938943A3A62B33C8296DF3B57897D32293F5395A5E2A01C76B0160A98C12520 ] SmsRouter       C:\Windows\system32\SmsRouterSvc.dll
17:58:26.0094 0x0dbc  SmsRouter - ok
17:58:26.0106 0x0dbc  [ 0B6BECB2651EF947249CDC3715E8B9CC, EB7281AF3529DE16FE8CD0C0C0C8877641865A5864D58628DBAB865B510B0D0B ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:58:26.0126 0x0dbc  SNMPTRAP - ok
17:58:26.0142 0x0dbc  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport       C:\Windows\system32\drivers\spaceport.sys
17:58:26.0168 0x0dbc  spaceport - ok
17:58:26.0175 0x0dbc  [ E1C158F6C00359278727A2CEE5D2ED71, 1591F942C6DD99D3BA7FD4D72D957864117B2263F205468A15F1D1417C6F799D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
17:58:26.0188 0x0dbc  SpbCx - ok
17:58:26.0209 0x0dbc  [ D1241DFC397FA8CCFB4BB4B63AAD31AC, F8C57C2F7CA8B6D8FEE1505A143A3FECF502C8DCFFC375F9C8848A87D9714C9E ] Spooler         C:\Windows\System32\spoolsv.exe
17:58:26.0250 0x0dbc  Spooler - ok
17:58:26.0395 0x0dbc  [ 7C58AFEC26E9F7730A8AA7FD40225937, 546EAD8889F2A1BB6DCCB7781976B975F34DA1C9047F95FEAA52CF38EC60C6DD ] sppsvc          C:\Windows\system32\sppsvc.exe
17:58:26.0578 0x0dbc  sppsvc - ok
17:58:26.0600 0x0dbc  [ ACC1709EC7FE6EB8999DBC91C50C2B34, 83ABF51751A264291C53A32B86239A607361E56CB045CD2CBE6E41DBB8A01F54 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:58:26.0628 0x0dbc  srv - ok
17:58:26.0648 0x0dbc  [ AFBCFC946FAE7483E27BD316D03F94A5, CC9478EA717E85C38304957E923997821DFE2A995D7C8DF98C15267D952BEFBE ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:58:26.0685 0x0dbc  srv2 - ok
17:58:26.0696 0x0dbc  [ 107C1EBE79710E4A759449BD6604245A, 963D693F4E61EDC7B3AA9006CC274D56E577CE0035A61DDB2A6DE72116D5C52B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:58:26.0718 0x0dbc  srvnet - ok
17:58:26.0728 0x0dbc  [ 8C1786C073A496B8C0C8A5450A4FFD5B, 13BF3B42A63CE6C461259D4CE767FB0DE1F10433512A11D2B2C033E36E652542 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:58:26.0754 0x0dbc  SSDPSRV - ok
17:58:26.0764 0x0dbc  [ 217A982201052EFC8C3C0C88D229791C, 11509E3446ED7B75C9A05CDC4A7AF18926CB463E0D98BAE1CD5DB43E88F94F90 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:58:26.0790 0x0dbc  SstpSvc - ok
17:58:26.0799 0x0dbc  [ 36C3697CA09B23C77BDF95A6B0B57310, DAEF9CFBDE444A80FB41DA0BC5C3C4E1E4B535497A5EDA43EC8768A6EC42E4EA ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
17:58:26.0812 0x0dbc  ssudmdm - ok
17:58:26.0875 0x0dbc  [ 58863C57E4598C4F9DA967C5C36CFA5D, BB34FBC324E84E05128258CE3755241ECB63F7F2AE7F96716AC373931FAF92A8 ] StateRepository C:\Windows\system32\windows.staterepository.dll
17:58:26.0986 0x0dbc  StateRepository - ok
17:58:27.0028 0x0dbc  [ FB939512BED94C6E899F9FEF4F8A42B8, E15650521BD90CCDBE8531EBE0AA07FBD1422772D2EB8285E563D5448BB8145C ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
17:58:27.0068 0x0dbc  Steam Client Service - ok
17:58:27.0076 0x0dbc  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:58:27.0088 0x0dbc  stexstor - ok
17:58:27.0107 0x0dbc  [ 75476CAA8FA0A4E573948CDE8C7F0304, 68C4405CACA77AEED71761875A9AF60BCFBDD39E356BEA1BA8226E099BAA5FA4 ] stisvc          C:\Windows\System32\wiaservc.dll
17:58:27.0145 0x0dbc  stisvc - ok
17:58:27.0153 0x0dbc  [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci        C:\Windows\system32\drivers\storahci.sys
17:58:27.0168 0x0dbc  storahci - ok
17:58:27.0174 0x0dbc  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:58:27.0186 0x0dbc  storflt - ok
17:58:27.0193 0x0dbc  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\Windows\system32\drivers\stornvme.sys
17:58:27.0206 0x0dbc  stornvme - ok
17:58:27.0213 0x0dbc  [ 390B8A75768E2689586539C224520895, D72F52E6D7AC5DC318FF9C1DF1F4E8A435D65B6BB59D7F1642222EC026BC54DB ] storqosflt      C:\Windows\system32\drivers\storqosflt.sys
17:58:27.0230 0x0dbc  storqosflt - ok
17:58:27.0248 0x0dbc  [ FE42F8A07885E518ED1E846C93E4B78C, 264B21A5E07654F159A3E324F3B38A8C11AF619F61B5779A46367DD99EBD00A6 ] StorSvc         C:\Windows\system32\storsvc.dll
17:58:27.0283 0x0dbc  StorSvc - ok
17:58:27.0290 0x0dbc  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs         C:\Windows\system32\drivers\storufs.sys
17:58:27.0304 0x0dbc  storufs - ok
17:58:27.0310 0x0dbc  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:58:27.0324 0x0dbc  storvsc - ok
17:58:27.0330 0x0dbc  [ FA8F6E3AD3F92B35D2673CC9FD20429C, 62F81CBACF7E16FEF9DE3BE95FA5C9BDB51BAE4667AE5AE71399864A390FF6D5 ] svsvc           C:\Windows\system32\svsvc.dll
17:58:27.0354 0x0dbc  svsvc - ok
17:58:27.0360 0x0dbc  [ BD98B0225BCD49E8A62F4F8EE1D1F613, CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90 ] swenum          C:\Windows\System32\drivers\swenum.sys
17:58:27.0373 0x0dbc  swenum - ok
17:58:27.0388 0x0dbc  [ 22E539A9B96C66A713583EC017562616, 210DA61DFC7AA9AD23277D9CC0239B781F4EABD322D0803AEC9434D68B81FABD ] swprv           C:\Windows\System32\swprv.dll
17:58:27.0433 0x0dbc  swprv - ok
17:58:27.0442 0x0dbc  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\Windows\System32\drivers\Synth3dVsc.sys
17:58:27.0459 0x0dbc  Synth3dVsc - ok
17:58:27.0488 0x0dbc  [ 34A3EB84B2A830E6F450B8F885AE4E6E, E61AC6D17B815CB71F26D71CA3CCAFD9E66A170E3ED2E64A4F20D097A0C683B5 ] SysMain         C:\Windows\system32\sysmain.dll
17:58:27.0546 0x0dbc  SysMain - ok
17:58:27.0561 0x0dbc  [ AF2C8D7C1D4DCFD5C31501F009DF42B7, 3DDF9353F014EE99B031BBC969620CA07647FBB8D78EB4697C8D633021B46B11 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
17:58:27.0590 0x0dbc  SystemEventsBroker - ok
17:58:27.0600 0x0dbc  [ 6979A147C0D5C5CAB621ADC394D32B80, C30B8E3D271A1591D965559EA4A11A1BE63A34D832ED53B26CE91799C888DF77 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:58:27.0621 0x0dbc  TabletInputService - ok
17:58:27.0627 0x0dbc  [ 00E8069A5E1637D03CED158D6EE92EC6, 50F75E5A59A0E24250F1ABD6E3AC09A443059AF8246EE70AF8EB857DB4F1C027 ] tap0901t        C:\Windows\System32\drivers\tap0901t.sys
17:58:27.0641 0x0dbc  tap0901t - ok
17:58:27.0652 0x0dbc  [ 86B62FC8CB89946446F9B24FE49A66FD, 7B095310D1C78B82E5ACAC4713E101DD1323A3CF6FB39218C2E78ABE2B0385B5 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:58:27.0679 0x0dbc  TapiSrv - ok
17:58:27.0735 0x0dbc  [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:58:27.0819 0x0dbc  Tcpip - ok
17:58:27.0879 0x0dbc  [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip6          C:\Windows\system32\drivers\tcpip.sys
17:58:27.0960 0x0dbc  Tcpip6 - ok
17:58:27.0974 0x0dbc  [ 17F37EC9042D84561C550620643D9A85, B01620BA319A1383D403E6E50C7724879520F3267654556D975CAFFF91A82C78 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:58:27.0995 0x0dbc  tcpipreg - ok
17:58:28.0007 0x0dbc  [ 91D3F2A6253EF83EFBD7903028F58C4D, C15768CCCF734093B0F8A5E76882B35927B716E4F14D91ACEE897E1C078D43D1 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:58:28.0022 0x0dbc  tdx - ok
17:58:28.0028 0x0dbc  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
17:58:28.0040 0x0dbc  terminpt - ok
17:58:28.0099 0x0dbc  [ 14307D4801C8CEF0A615907C09E886B3, C7F34C294D70DE689F673E0B5E9253B27EFEBBE6FA38B68B3B0B0374A896407E ] TermService     C:\Windows\System32\termsrv.dll
17:58:28.0152 0x0dbc  TermService - ok
17:58:28.0160 0x0dbc  [ D009D1BC14FD5F2AC93D1878735F6C39, D8BCE505B66E05BC00075E46B38359CA4D0FA484EB7981A74221885E8A1FFB87 ] Themes          C:\Windows\system32\themeservice.dll
17:58:28.0187 0x0dbc  Themes - ok
17:58:28.0199 0x0dbc  [ 5F27DE2082E16D4C1D6C627C8ECBD341, 08DA3EB3EF2B2006B6F9F2C8C149DF55DE6738975D556206A814096CAB5C1411 ] TieringEngineService C:\Windows\system32\TieringEngineService.exe
17:58:28.0229 0x0dbc  TieringEngineService - ok
17:58:28.0245 0x0dbc  [ 82BC3D304654F8EBEFABDDC2AD70AFE3, 466334A46F6579E7C3F619B15243B270AACE9D04FE06E5228B4759FD619BDDD9 ] tiledatamodelsvc C:\Windows\system32\tileobjserver.dll
17:58:28.0279 0x0dbc  tiledatamodelsvc - ok
17:58:28.0288 0x0dbc  [ 7E81E3E0D7F83BFE3C3975020B6C7F12, 316F9415646CC7A4E9A5F1E07310D433457E623B3E589543E4A6C73C4F77712C ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
17:58:28.0311 0x0dbc  TimeBroker - ok
17:58:28.0322 0x0dbc  [ 169B0A246067457FEF8A18EED7EED9D5, BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66 ] TPM             C:\Windows\System32\drivers\tpm.sys
17:58:28.0339 0x0dbc  TPM - ok
17:58:28.0347 0x0dbc  [ AA84AF93CE5AF1F05838B51D20295419, 85B3EE773C691EEDFA080CD9C59D31CB58A5BC577AEE91A929F5DFBE1368AB6D ] TrkWks          C:\Windows\System32\trkwks.dll
17:58:28.0368 0x0dbc  TrkWks - ok
17:58:28.0375 0x0dbc  [ E50DD57F496CED8873FA3E7D38BCCD42, 36B95F6F2CF48078C6B19FB452C87BB07E95C8804A5C6B526D349AC6227CAB26 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:58:28.0398 0x0dbc  TrustedInstaller - ok
17:58:28.0408 0x0dbc  [ 48E828C66AB016E48F2CB4DD585315FD, 063809B610F6B177B65D62D12605FB94F108DB26A9FD3067E6D6C51F0D92E774 ] tsusbflt        C:\Windows\system32\drivers\TsUsbFlt.sys
17:58:28.0426 0x0dbc  tsusbflt - ok
17:58:28.0431 0x0dbc  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
17:58:28.0448 0x0dbc  TsUsbGD - ok
17:58:28.0456 0x0dbc  [ 8CE72F094B822AD5EE9C3A3AFC0C16B6, 827CCD849544E1DA364B03DBC82A848D2F93AD32BA14ED52709C609BC70CE5CA ] tunnel          C:\Windows\System32\drivers\tunnel.sys
17:58:28.0479 0x0dbc  tunnel - ok
17:58:28.0501 0x0dbc  [ 33661C5F44F2FB932B04ED3719A9AF2D, 08FA7A021FA5DD6AE065E4898594D2E43F9580F98B68DF309D1B09C6D46A506F ] TunngleService  C:\Program Files (x86)\Tunngle\TnglCtrl.exe
17:58:28.0528 0x0dbc  TunngleService - ok
17:58:28.0537 0x0dbc  [ 56C238ACFE4CB020D3E38508249039EA, 172868080F07D98175229A02410FE751B5958ED5A3D567D4AE5736F4025DF432 ] tzautoupdate    C:\Windows\system32\tzautoupdate.dll
17:58:28.0558 0x0dbc  tzautoupdate - ok
17:58:28.0566 0x0dbc  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:58:28.0579 0x0dbc  uagp35 - ok
17:58:28.0587 0x0dbc  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
17:58:28.0600 0x0dbc  UASPStor - ok
17:58:28.0607 0x0dbc  [ 82D3B1F4D80057826AA649D78147DE36, 344A738F6866BFD3095BB802206DDB2F9E9AD89DC39CAA7DE96455F410683829 ] UcmCx0101       C:\Windows\system32\Drivers\UcmCx.sys
17:58:28.0626 0x0dbc  UcmCx0101 - ok
17:58:28.0632 0x0dbc  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi         C:\Windows\System32\drivers\UcmUcsi.sys
17:58:28.0650 0x0dbc  UcmUcsi - ok
17:58:28.0659 0x0dbc  [ AED081772091C98173905E2DF28C223B, 08541CF3354EBB634BD590E0019128F70A6FCA9075B7E785A9E9BD82EC234DD3 ] Ucx01000        C:\Windows\system32\drivers\ucx01000.sys
17:58:28.0676 0x0dbc  Ucx01000 - ok
17:58:28.0682 0x0dbc  [ DCA34A111C29E4578DF2B8CEA3C7CDBD, 86BCE4C8EC228724D5896067A85A4768B6069D10A482ECC51A8F828DBD3880C9 ] UdeCx           C:\Windows\system32\drivers\udecx.sys
17:58:28.0699 0x0dbc  UdeCx - ok
17:58:28.0711 0x0dbc  [ 718A956AE00CE086F381044AB66CC29C, E4EED1600C72CECE1D4507827C329A93D356BBA027470FCF6C4B5C1651DED643 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:58:28.0742 0x0dbc  udfs - ok
17:58:28.0747 0x0dbc  [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
17:58:28.0759 0x0dbc  UEFI - ok
17:58:28.0771 0x0dbc  [ 28B8E1C6CBCF9FFE2FABFF3160C26ADF, 1C90E6C4E17C9B5555151943970BB6CC196E7EFC6665D9B9DCBB1EC51C70C715 ] Ufx01000        C:\Windows\system32\drivers\ufx01000.sys
17:58:28.0789 0x0dbc  Ufx01000 - ok
17:58:28.0795 0x0dbc  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea     C:\Windows\System32\drivers\UfxChipidea.sys
17:58:28.0810 0x0dbc  UfxChipidea - ok
17:58:28.0818 0x0dbc  [ 2A87EA182EA333D79AA0B03833EA67F2, 227792A8B4E63CF60A3DEECF829448C8FD59A40DEF3F42414E432820F8D34F64 ] ufxsynopsys     C:\Windows\System32\drivers\ufxsynopsys.sys
17:58:28.0832 0x0dbc  ufxsynopsys - ok
17:58:28.0846 0x0dbc  [ 63451BD694651307254B8DD37A3D79C7, C781E2D876AF42D5972CCDCF86B7A59F6AF8AF0C6350647F3FA1B209119B5EF9 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:58:28.0870 0x0dbc  UI0Detect - ok
17:58:28.0878 0x0dbc  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:58:28.0891 0x0dbc  uliagpkx - ok
17:58:28.0898 0x0dbc  [ 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37 ] umbus           C:\Windows\System32\drivers\umbus.sys
17:58:28.0917 0x0dbc  umbus - ok
17:58:28.0922 0x0dbc  [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass          C:\Windows\System32\drivers\umpass.sys
17:58:28.0936 0x0dbc  UmPass - ok
17:58:28.0948 0x0dbc  [ FD949725D9EB52C0B87435CDE1134668, 96E2B3D3379E9AE225E5A4C5251207F1E7DA573901F4F026758EDE9FAEF4F2C5 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:58:28.0975 0x0dbc  UmRdpService - ok
17:58:29.0005 0x0dbc  [ CB902A15DD21B363FECA5DCCF34F5C57, 6A0836A12A410EBD5C667982852B58CA9E9EDB11EA666C413CC0F811E01A549D ] UnistoreSvc     C:\Windows\System32\unistore.dll
17:58:29.0064 0x0dbc  UnistoreSvc - ok
17:58:29.0132 0x0dbc  [ B85A8CF2BE74DFF1E80097AC94584112, B1DBACC33A4143FEE2CF54E567590A69580312AD7A053BCC85B487C4D451FBDA ] upnphost        C:\Windows\System32\upnphost.dll
17:58:29.0169 0x0dbc  upnphost - ok
17:58:29.0175 0x0dbc  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea     C:\Windows\System32\drivers\urschipidea.sys
17:58:29.0188 0x0dbc  UrsChipidea - ok
17:58:29.0194 0x0dbc  [ 6E59CE43B6BA5AA1ADCF36A4DBBB92BB, 647D66775A90F67D803043DE8C8AE8BC2F7A042A8DCF9C95BF5458C79609481B ] UrsCx01000      C:\Windows\system32\drivers\urscx01000.sys
17:58:29.0207 0x0dbc  UrsCx01000 - ok
17:58:29.0213 0x0dbc  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys     C:\Windows\System32\drivers\urssynopsys.sys
17:58:29.0225 0x0dbc  UrsSynopsys - ok
17:58:29.0231 0x0dbc  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\Windows\System32\Drivers\usbaapl64.sys
17:58:29.0250 0x0dbc  USBAAPL64 - ok
17:58:29.0258 0x0dbc  [ 9F9D5E2086BB9AEEA96E9BF73B7B2D32, AFA84CE1E96C07EBFB7A05D0181C876E027B848AF6C6DB932765912B814CAF56 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:58:29.0278 0x0dbc  usbaudio - ok
17:58:29.0287 0x0dbc  [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
17:58:29.0303 0x0dbc  usbccgp - ok
17:58:29.0311 0x0dbc  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\Windows\System32\drivers\usbcir.sys
17:58:29.0331 0x0dbc  usbcir - ok
17:58:29.0340 0x0dbc  [ 3E4F20DB902D2E2914F3FF3DB9772200, F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C ] usbehci         C:\Windows\System32\drivers\usbehci.sys
17:58:29.0354 0x0dbc  usbehci - ok
17:58:29.0370 0x0dbc  [ 41F7F00D76904416EF1F9EFA1A4C37A2, 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A ] usbhub          C:\Windows\System32\drivers\usbhub.sys
17:58:29.0396 0x0dbc  usbhub - ok
17:58:29.0415 0x0dbc  [ E7463CE8579A0418A98BE9BE42C647D7, 923CD51C82FCF9DC4E9EEA99E53634EE07EBF62FB5DFC337F01309D7D5C7622C ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
17:58:29.0442 0x0dbc  USBHUB3 - ok
17:58:29.0449 0x0dbc  [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
17:58:29.0467 0x0dbc  usbohci - ok
17:58:29.0473 0x0dbc  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
17:58:29.0491 0x0dbc  usbprint - ok
17:58:29.0498 0x0dbc  [ D67B6A4A6FB99D29444C2DBA2B636799, 62BC778D60593B2AB0DA13C4DB3EA5971895AE09DA06E8AB2D03973C940C890C ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:58:29.0518 0x0dbc  usbscan - ok
17:58:29.0526 0x0dbc  [ 4AAD6547953D373A1EB5B2DF583D868B, 4E3DCEC9644550996C314FCC39F885DDE4AA7AD821B8596D96C5BEA5D60795F7 ] usbser          C:\Windows\System32\drivers\usbser.sys
17:58:29.0550 0x0dbc  usbser - ok
17:58:29.0559 0x0dbc  [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
17:58:29.0575 0x0dbc  USBSTOR - ok
17:58:29.0582 0x0dbc  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
17:58:29.0609 0x0dbc  usbuhci - ok
17:58:29.0620 0x0dbc  [ 4B13B61CBB9CC3CB373C60B930D648F5, C79D10A1BF2B6BF141DD37A90BCCA0E1F2AF31B5028BB21537A8EE6EED630F5B ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:58:29.0648 0x0dbc  usbvideo - ok
17:58:29.0666 0x0dbc  [ 9E9D58F5E1702955B2F4D62996F80E8E, 6C21C250B9D98346D0D5CB7D6C11AB120A1D195C28313BDB0CE532663F0114E2 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
17:58:29.0688 0x0dbc  USBXHCI - ok
17:58:29.0725 0x0dbc  [ 2771EBB565F5C121E66060B173991D4D, 1EB34A6262A18E47ADCA392FDB2D58E8428A1CA43EB4196D76A897F74A03CA7F ] UserDataSvc     C:\Windows\System32\userdataservice.dll
17:58:29.0793 0x0dbc  UserDataSvc - ok
17:58:29.0873 0x0dbc  [ 36EC82F0E399F36BD25F593D63DC144A, 2A9E916A098ACD5A5074A5FD053ECAB027A0932A348C728F20CD63EF16289533 ] UserManager     C:\Windows\System32\usermgr.dll
17:58:29.0928 0x0dbc  UserManager - ok
17:58:29.0943 0x0dbc  [ 05F4CB5991D897E4253BF61FA5E828F8, 25B5B6751B4455491E9A050DF5C12F788B5677F70FB4844E0BF851090AC1F74C ] UsoSvc          C:\Windows\system32\usocore.dll
17:58:29.0977 0x0dbc  UsoSvc - ok
17:58:29.0984 0x0dbc  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] VaultSvc        C:\Windows\system32\lsass.exe
17:58:30.0000 0x0dbc  VaultSvc - ok
17:58:30.0009 0x0dbc  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:58:30.0022 0x0dbc  vdrvroot - ok
17:58:30.0044 0x0dbc  [ 67A6E949395A09914AD8B38FE14B8D15, 593F2FAA880B2E0468F98BD58B5214A170E5890907B25294D7A47C66505A3D45 ] vds             C:\Windows\System32\vds.exe
17:58:30.0090 0x0dbc  vds - ok
17:58:30.0101 0x0dbc  [ E42C0F2850735FF9D908B9DB581E6314, E2204A56BF37FC57CD2ED96E3F908882D72B4BFF1BFB97C5172C851F1E4F9650 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
17:58:30.0120 0x0dbc  VerifierExt - ok
17:58:30.0141 0x0dbc  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
17:58:30.0171 0x0dbc  vhdmp - ok
17:58:30.0177 0x0dbc  [ D0C9632C350F46786643A069251BC249, CF65BA0D3F3D2B821C10E2D4F53F5B6BF6236CA9767419392A561CFA79254C3B ] vhf             C:\Windows\System32\drivers\vhf.sys
17:58:30.0194 0x0dbc  vhf - ok
17:58:30.0214 0x0dbc  [ 23B10BECED48F3D6EC714049C9A3ADBE, E3E299C6560750409D6F8D17375CB67F3001576FE796C4F72AA4A1C8EB96EAAA ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
17:58:30.0238 0x0dbc  VIAHdAudAddService - ok
17:58:30.0245 0x0dbc  [ 67925FDB1A3811392D4AAC9E473A3C29, C391444E9DFA0BE22CA85669B4B9CB488E1F1914F6F7630151444AC127DBC7A6 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
17:58:30.0254 0x0dbc  VIAKaraokeService - ok
17:58:30.0262 0x0dbc  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:58:30.0277 0x0dbc  vmbus - ok
17:58:30.0282 0x0dbc  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
17:58:30.0299 0x0dbc  VMBusHID - ok
17:58:30.0315 0x0dbc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicguestinterface C:\Windows\System32\ICSvc.dll
17:58:30.0349 0x0dbc  vmicguestinterface - ok
17:58:30.0365 0x0dbc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
17:58:30.0400 0x0dbc  vmicheartbeat - ok
17:58:30.0420 0x0dbc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmickvpexchange C:\Windows\System32\ICSvc.dll
17:58:30.0456 0x0dbc  vmickvpexchange - ok
17:58:30.0473 0x0dbc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicrdv         C:\Windows\System32\ICSvc.dll
17:58:30.0505 0x0dbc  vmicrdv - ok
17:58:30.0520 0x0dbc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicshutdown    C:\Windows\System32\ICSvc.dll
17:58:30.0554 0x0dbc  vmicshutdown - ok
17:58:30.0569 0x0dbc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmictimesync    C:\Windows\System32\ICSvc.dll
17:58:30.0605 0x0dbc  vmictimesync - ok
17:58:30.0620 0x0dbc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvmsession   C:\Windows\System32\ICSvc.dll
17:58:30.0654 0x0dbc  vmicvmsession - ok
17:58:30.0669 0x0dbc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvss         C:\Windows\System32\ICSvc.dll
17:58:30.0703 0x0dbc  vmicvss - ok
17:58:30.0710 0x0dbc  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:58:30.0724 0x0dbc  volmgr - ok
17:58:30.0736 0x0dbc  [ BEE9C8B72AB752B794F69C2B9B3678AA, 49A5093C26F3CDCD60577F7F2D7F936C7B2BD010B27F2C49A7B6AA41E42DF98D ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:58:30.0757 0x0dbc  volmgrx - ok
17:58:30.0773 0x0dbc  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:58:30.0795 0x0dbc  volsnap - ok
17:58:30.0802 0x0dbc  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\Windows\System32\drivers\vpci.sys
17:58:30.0816 0x0dbc  vpci - ok
17:58:30.0831 0x0dbc  [ 9B62F092C04C6E49230F0E65183DEAC6, 15DEF885B2B1CFB87AFBAC0405A6635D1378F41ADA1BD089205598C803573AD6 ] Vsdatant        C:\Windows\system32\drivers\vsdatant.sys
17:58:30.0850 0x0dbc  Vsdatant - ok
17:58:30.0937 0x0dbc  [ B10C6E5A5E0D1D8397B0B936B3090430, 16992CDFC773E18D3A313B8E59F31C845D5EB45EF04CBD3A08E9E85CEBBE4558 ] vsmon           C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
17:58:31.0035 0x0dbc  vsmon - ok
17:58:31.0055 0x0dbc  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:58:31.0072 0x0dbc  vsmraid - ok
17:58:31.0111 0x0dbc  [ 4CF5A1E0C4FCA956ACD6C654E2A8610E, 57F3C7200C25E8717AF92AF2ED7615C6605179D3514B432220FA6EA94CAB4F2E ] VSS             C:\Windows\system32\vssvc.exe
17:58:31.0188 0x0dbc  VSS - ok
17:58:31.0202 0x0dbc  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
17:58:31.0222 0x0dbc  VSTXRAID - ok
17:58:31.0228 0x0dbc  [ 1EE11F0508C58EF081F4176E66D6970B, 9069B3FC8850C7CF617909C6DBFC3753FEB59A9E708379CC57190F4097FB374E ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:58:31.0248 0x0dbc  vwifibus - ok
17:58:31.0256 0x0dbc  [ 938E4EF58E42D252B742B0E243011B90, AC0C21FBAF15924CB271CA43ACB7A86287936C78B4852BCFC59EC7EC703E036C ] vwififlt        C:\Windows\system32\drivers\vwififlt.sys
17:58:31.0278 0x0dbc  vwififlt - ok
17:58:31.0297 0x0dbc  [ 48C1A256591297C43ECFC4E30D144EAA, 8E66833ED2CEB6D7E499EB2E4282B4F9DFA28B6D21757BB88EC52FD069D7FACE ] W32Time         C:\Windows\system32\w32time.dll
17:58:31.0338 0x0dbc  W32Time - ok
17:58:31.0346 0x0dbc  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
17:58:31.0365 0x0dbc  WacomPen - ok
17:58:31.0382 0x0dbc  [ D76D1AC4F2C642D09A68227D129A4726, D14D6C4D94E9660848C74B220359683D91A4A3D70750E781A20B6D86D46794CE ] WalletService   C:\Windows\system32\WalletService.dll
17:58:31.0418 0x0dbc  WalletService - ok
17:58:31.0427 0x0dbc  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:58:31.0447 0x0dbc  wanarp - ok
17:58:31.0452 0x0dbc  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:58:31.0471 0x0dbc  wanarpv6 - ok
17:58:31.0511 0x0dbc  [ 2598BBF11C9E7D0885DCA52E7FD5BCBD, 46B1FB080A2CD88C89A0EB8BA2594A1FA2C341ED77A6C6835CBFFE42907FAC55 ] wbengine        C:\Windows\system32\wbengine.exe
17:58:31.0581 0x0dbc  wbengine - ok
17:58:31.0603 0x0dbc  [ 642EFABF900374FA85639D83B5533AFD, 292692D6AAC2A785D237ADFBC7CA3D379E8FC79FA366A8CE7D06F5CA5CE6866B ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:58:31.0641 0x0dbc  WbioSrvc - ok
17:58:31.0661 0x0dbc  [ 0BF8D8C7EC9FB15D6480A12101E88B71, E7BC6A4E53D8C9D73BF83097DFE43ED8038B7BED0AE56E5AF7983F74562F15A3 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
17:58:31.0698 0x0dbc  Wcmsvc - ok
17:58:31.0715 0x0dbc  [ 53A036CED1270F2459E708A05922FD49, 2F281A72E4B0408DE6C8153F5988C9AA38591FB1E72558767D389637D0666A85 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:58:31.0749 0x0dbc  wcncsvc - ok
17:58:31.0756 0x0dbc  [ 965B6197A659782B6A0F68411A180AAD, 5541AB78B71E4FA655BCBF2D80D574B2A3B4AA8871F65D26620BDE549FA5459A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:58:31.0776 0x0dbc  WcsPlugInService - ok
17:58:31.0782 0x0dbc  [ 069D3D6E20AD753B34FCE856F0436869, CF8C12295DDAA56E7350019AADBA533D7857CFB3F20DEE14E557963645A9331B ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
17:58:31.0795 0x0dbc  WdBoot - ok
17:58:31.0819 0x0dbc  [ 6CC727E94CD84E9720FDCDA8089CABCC, BCF66056B06DED6BC2D329E910FCD3E685D627BAD3B5D7F4B0E970B45CD9CEF4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:58:31.0849 0x0dbc  Wdf01000 - ok
17:58:31.0862 0x0dbc  [ E3E97151A1D1E87BB2D5371F66C5F169, 0ED0B9852FE0533816F5EE2F06045B3964A00FD749A7011DB3C663AB6FA369E2 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
17:58:31.0881 0x0dbc  WdFilter - ok
17:58:31.0889 0x0dbc  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:58:31.0914 0x0dbc  WdiServiceHost - ok
17:58:31.0919 0x0dbc  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:58:31.0943 0x0dbc  WdiSystemHost - ok
17:58:31.0964 0x0dbc  [ 2BC2E99623119521EEF7910A11D0FDE0, 3F3E48A79534F0F65F961D9B170D534562E04901B630127B16DF02E6D42F2BBF ] wdiwifi         C:\Windows\system32\DRIVERS\wdiwifi.sys
17:58:32.0002 0x0dbc  wdiwifi - ok
17:58:32.0011 0x0dbc  [ 07B043160399AF4009054E2EA3464BF4, 8D652D7CD75F8FB2B5414155355F0C970015914E1AC6522DBB8387BB8662F542 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
17:58:32.0026 0x0dbc  WdNisDrv - ok
17:58:32.0030 0x0dbc  WdNisSvc - ok
17:58:32.0042 0x0dbc  [ 9972D395DBD05D91DA5EDADEB9325680, 9382D846793F285721A1A0FED42F914035A53D856B902FADB0B7144C471BDA91 ] WebClient       C:\Windows\System32\webclnt.dll
17:58:32.0073 0x0dbc  WebClient - ok
17:58:32.0084 0x0dbc  [ B6BF579761489720BCE787F723F596E5, 879B17F6A4F23F5E85A09126B7B407955DDCEB1BA4A8FFC0A418B7F47311C056 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:58:32.0110 0x0dbc  Wecsvc - ok
17:58:32.0116 0x0dbc  [ 10C9CF8771A2A87F575F9FB56821474E, 15E3DFFE9CF6777F67E426ECF797D2DF743EA152DEE336DCC9C2F92A0E6EB9A3 ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
17:58:32.0136 0x0dbc  WEPHOSTSVC - ok
17:58:32.0143 0x0dbc  [ 357C083FE35D030D991D163AAF622A06, F301852D49DBDEF0D28F56CD74CBDC71CA003EBD07D3F46EA5C870DC1BD07896 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:58:32.0170 0x0dbc  wercplsupport - ok
17:58:32.0178 0x0dbc  [ 2235AF716D15D9DFE4C59DC2AC0C440C, 2DCFCEBEA77E7E40CEF9A785BE1A794B390B36E40FBCF49B494F9CEA3F6A28C4 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:58:32.0204 0x0dbc  WerSvc - ok
17:58:32.0213 0x0dbc  [ C11272713719922DE5711094333BD166, 61D4F07E02AECF04964FF51EEA31069A2B0EAA549AD2B29B5FD3E1E6BB543593 ] WFPLWFS         C:\Windows\system32\drivers\wfplwfs.sys
17:58:32.0229 0x0dbc  WFPLWFS - ok
17:58:32.0235 0x0dbc  [ 205A1FAE910F5C493D236245850BB62A, DBA4D1D734BAA3CDEB8A7F9C81A8DAA88CEA55AF5C4C5908E76FB8E522C5EC8A ] WiaRpc          C:\Windows\System32\wiarpc.dll
17:58:32.0254 0x0dbc  WiaRpc - ok
17:58:32.0261 0x0dbc  [ EF536C54AB9281FDC4E83B07279FCFC4, 22E4F133170682EE14413CA8FDC2DBE73AB31960D6ACB728A6B398229FDDFD3B ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:58:32.0275 0x0dbc  WIMMount - ok
17:58:32.0279 0x0dbc  WinDefend - ok
17:58:32.0296 0x0dbc  [ D8966A76408107224C6013993135DD78, 6159F69BC26FF817078E68C70E6DFC9075FEBF9EF9F4F046C7A65BC377544AE6 ] WindowsTrustedRT C:\Windows\system32\drivers\WindowsTrustedRT.sys
17:58:32.0311 0x0dbc  WindowsTrustedRT - ok
17:58:32.0319 0x0dbc  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\Windows\system32\drivers\WindowsTrustedRTProxy.sys
17:58:32.0331 0x0dbc  WindowsTrustedRTProxy - ok
17:58:32.0357 0x0dbc  [ FFD04E8263FC9CDB89BAD8C27C337223, 7021161D354F1536DA261D001524B92301466631DCFA161A7C6355AAC86BBE40 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
17:58:32.0405 0x0dbc  WinHttpAutoProxySvc - ok
17:58:32.0414 0x0dbc  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\Windows\System32\drivers\winmad.sys
17:58:32.0428 0x0dbc  WinMad - ok
17:58:32.0441 0x0dbc  [ 1033C37122C7404C3B926ADF84874832, 163B3A7112F13AE7BB2655A28C6B19AF9B263F2AD2FF1B75314BE3E2B9118903 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:58:32.0465 0x0dbc  Winmgmt - ok
17:58:32.0528 0x0dbc  [ 703D0F62C5AA4D08EE8756516C0D125D, 02015A5E62490C11EC968160C528C2AFD1D7194AACA27F407B06EB462657511F ] WinRM           C:\Windows\system32\WsmSvc.dll
17:58:32.0634 0x0dbc  WinRM - ok
17:58:32.0649 0x0dbc  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\Windows\System32\drivers\WinUSB.SYS
17:58:32.0668 0x0dbc  WINUSB - ok
17:58:32.0674 0x0dbc  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\Windows\System32\drivers\winverbs.sys
17:58:32.0687 0x0dbc  WinVerbs - ok
17:58:32.0740 0x0dbc  [ 453740989239803FE363FF8B40EA2E08, 25499705627C38D3431B3C336E0CF3BF55ABB0C461B88DA6D3767CAAE1E2B893 ] WlanSvc         C:\Windows\System32\wlansvc.dll
17:58:32.0830 0x0dbc  WlanSvc - ok
17:58:32.0881 0x0dbc  [ E48BBF1363F843E030757EC190DD33E6, B37199495115ED423BA99B7317377CE865BB482D4E847861E871480AC49D4A84 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
17:58:32.0964 0x0dbc  wlidsvc - ok
17:58:32.0972 0x0dbc  [ 8F010BF65238F3F822D22BA12831796E, 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
17:58:32.0986 0x0dbc  WmiAcpi - ok
17:58:32.0998 0x0dbc  [ 74ACA5A7880C1F0BB9D60E32E1705A70, A89817BCCBFF94D7394614DA81D1C6C4F53AF47A539E674EEF6DC3FC496BF702 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:58:33.0018 0x0dbc  wmiApSrv - ok
17:58:33.0022 0x0dbc  WMPNetworkSvc - ok
17:58:33.0033 0x0dbc  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\Windows\system32\drivers\Wof.sys
17:58:33.0050 0x0dbc  Wof - ok
17:58:33.0098 0x0dbc  [ 4090C6738AA92B428220857B4D44F638, 4A3EE47494051E5BA8393F2AC8226EF434DA3AA1895CF4BADC9BC1BC378647C6 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
17:58:33.0183 0x0dbc  workfolderssvc - ok
17:58:33.0195 0x0dbc  [ 22C52D7EE7C7D0E02C8EFD8CAE8E3A71, 126605A12CEC9CC07DE3050F12E43CECABEAF0D00DF12300AF70F34700F7FE8E ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
17:58:33.0209 0x0dbc  wpcfltr - ok
17:58:33.0217 0x0dbc  [ 45FA01F8B7971ACB65202038E34D04A3, 9B2C2ABC7DB716295B0BD0AF04DA08E6B4200D7CF1C7DB59DD8FD8FEBD56D94C ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:58:33.0241 0x0dbc  WPDBusEnum - ok
17:58:33.0248 0x0dbc  [ 1C08E424CBDD5065BB7266F8C048C1B1, 0452C85EDA6CBAB75C2617886C5D8117ED25D91F1BE0F8377B08D55B6629B028 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
17:58:33.0261 0x0dbc  WpdUpFltr - ok
17:58:33.0268 0x0dbc  [ 2C6EEFFBB7FB1C51CCD3737C77AB9109, 8C2ED309FAF4312512E7BCCBBC51B1353603A3499077A1DE21991F0692AF1620 ] WpnService      C:\Windows\system32\WpnService.dll
17:58:33.0288 0x0dbc  WpnService - ok
17:58:33.0294 0x0dbc  [ 638B43D39A3D0B47024555CF1095E6F1, C7EA0A6ED227A5256EB02CA76FEC538DF196B8DC38DA2A567757D2B221C9473E ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:58:33.0316 0x0dbc  ws2ifsl - ok
17:58:33.0328 0x0dbc  [ 9C17CF2D05F8DA5AC66880B6BEE64E7D, 8930079A1AFA97657BE567038EE57C988D3DE9A6C24EA46160E2974837082535 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:58:33.0356 0x0dbc  wscsvc - ok
17:58:33.0362 0x0dbc  WSearch - ok
17:58:33.0442 0x0dbc  [ 6E04BBE242E2889B37300C4DF5CE1126, FBDAEAC62C48A4FC5EF412AE47FF10590AE83E8871412F76F6F9BAE910542DFA ] WSService       C:\Windows\System32\WSService.dll
17:58:33.0550 0x0dbc  WSService - ok
17:58:33.0611 0x0dbc  [ 8A88DBA247BFF23BD284C2189F41FDA5, 86A617CB7C7473306DA2889AA30B488ABB9B824F7DCA31AA675DA6EB3974887C ] wuauserv        C:\Windows\system32\wuaueng.dll
17:58:33.0703 0x0dbc  wuauserv - ok
17:58:33.0715 0x0dbc  [ A928F25CB62232F413EE655352856E10, 1D2B278A24DDDE8792ADE7649FF90A98E186B79F13AA296C30E4180293BE906A ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:58:33.0738 0x0dbc  WudfPf - ok
17:58:33.0748 0x0dbc  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFRd          C:\Windows\system32\drivers\WudfRd.sys
17:58:33.0776 0x0dbc  WUDFRd - ok
17:58:33.0785 0x0dbc  [ 1336DA39FE006EAB2733CA4DE5B3560C, F0D6C71ADCB66D4D14EC6D09FD43F5521A3A8CA53F248DFD01696FB4F033BE77 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:58:33.0810 0x0dbc  wudfsvc - ok
17:58:33.0822 0x0dbc  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
17:58:33.0845 0x0dbc  WUDFWpdFs - ok
17:58:33.0854 0x0dbc  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
17:58:33.0878 0x0dbc  WUDFWpdMtp - ok
17:58:33.0910 0x0dbc  [ 5DA95027DF2317174E8C39B4A8D1FCD8, 99B356411CB08B8BCCF2348DBF1FD5D4F417EA509D9C7CE23E5877C333F4D304 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:58:33.0970 0x0dbc  WwanSvc - ok
17:58:33.0998 0x0dbc  [ 5DFAF8BE5A3CABAABF6795BC09EB7876, 1AFD0BC50EA5C2CCB2874E97FE5205175C80849BD6C9BDAF9FBC49174D478997 ] XblAuthManager  C:\Windows\System32\XblAuthManager.dll
17:58:34.0047 0x0dbc  XblAuthManager - ok
17:58:34.0078 0x0dbc  [ 7118498F6E48758A2EF5A7D1982E2B62, 1FF75AE64CB6DB263E8B35515E092B325AA71A6B2210F8F2B0AD087B3BA33345 ] XblGameSave     C:\Windows\System32\XblGameSave.dll
17:58:34.0136 0x0dbc  XblGameSave - ok
17:58:34.0148 0x0dbc  [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip         C:\Windows\System32\drivers\xboxgip.sys
17:58:34.0170 0x0dbc  xboxgip - ok
17:58:34.0197 0x0dbc  [ 69E727F94BEA64E66C284F3C482F33E6, B3E0F287E7A251E0FC17C41089C45737027E54F0213BDE847356AC882B4D3700 ] XboxNetApiSvc   C:\Windows\system32\XboxNetApiSvc.dll
17:58:34.0247 0x0dbc  XboxNetApiSvc - ok
17:58:34.0254 0x0dbc  [ DA0807D87A62D076C29C4E30F1E84F46, CA3079350038091AEE04D4DA7C06865E9DB3095120AE61AAB575AA77E86A6223 ] xinputhid       C:\Windows\System32\drivers\xinputhid.sys
17:58:34.0268 0x0dbc  xinputhid - ok
17:58:34.0276 0x0dbc  [ CEC8ED565F3663F0B8A862561BF08D79, FDDBEDC79C7061B20AA450BB3D09EDADEDD5F531D8EA100BBF542A63BDFCE593 ] ZAPrivacyService C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
17:58:34.0286 0x0dbc  ZAPrivacyService - ok
17:58:34.0291 0x0dbc  ================ Scan global ===============================
17:58:34.0297 0x0dbc  [ 82E25186617BA6C15010F0D47C705705, 5BF9E38918E6EAE86448137E2D120B80318AA1143CDDF539A2BFBEE227646816 ] C:\Windows\system32\basesrv.dll
17:58:34.0308 0x0dbc  [ E2899695BD30B5F93EC626EBBEF2CB69, B190D2903A109D2C146D881F90769060A0E971942F4AA61AEAD81861032D89C3 ] C:\Windows\system32\winsrv.dll
17:58:34.0319 0x0dbc  [ 09E92888FFF86F3334E59778724DCA6F, 2344763B52395EF565A9DE5F55BEDCA026AD2E8072FFD06F826BF366B3BA2AB4 ] C:\Windows\system32\sxssrv.dll
17:58:34.0334 0x0dbc  [ 6FF8248F3A9D69A095C7F3F42BC29CB2, 9077B1AA0AFB8DB329FDED0E51085DE1C51B22A986162F29037FCA404A80D512 ] C:\Windows\system32\services.exe
17:58:34.0344 0x0dbc  [ Global ] - ok
17:58:34.0345 0x0dbc  ================ Scan MBR ==================================
17:58:34.0347 0x0dbc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:58:34.0469 0x0dbc  \Device\Harddisk0\DR0 - ok
17:58:34.0490 0x0dbc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:58:34.0580 0x0dbc  \Device\Harddisk1\DR1 - ok
17:58:34.0580 0x0dbc  ================ Scan VBR ==================================
17:58:34.0583 0x0dbc  [ 095B0603195833D0076AAAD2A185AD40 ] \Device\Harddisk0\DR0\Partition1
17:58:34.0585 0x0dbc  \Device\Harddisk0\DR0\Partition1 - ok
17:58:34.0589 0x0dbc  [ 26F05CB2CB1369BEA36ADF1D026931F1 ] \Device\Harddisk0\DR0\Partition2
17:58:34.0591 0x0dbc  \Device\Harddisk0\DR0\Partition2 - ok
17:58:34.0594 0x0dbc  [ 26F0B2CA1044172F9D55F722CE8162E4 ] \Device\Harddisk1\DR1\Partition1
17:58:34.0622 0x0dbc  \Device\Harddisk1\DR1\Partition1 - ok
17:58:34.0622 0x0dbc  ================ Scan generic autorun ======================
17:58:34.0629 0x0dbc  [ ADFCC68B42627055979B26FC00759D17, 5C1C8395A7846E5DDEB6FFE2B37B537DDA4712D62CE05D7EA8B1773C75D46DE6 ] C:\Program Files\iTunes\iTunesHelper.exe
17:58:34.0639 0x0dbc  iTunesHelper - ok
17:58:34.0746 0x0dbc  [ E41245791F9B6F4022F8C46154C358E8, 3E1597352DC9DBBAD8262B8271FC532F38C39EBB2D7461DE6839880A0D099E2F ] C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
17:58:34.0872 0x0dbc  StartCN - ok
17:58:34.0885 0x0dbc  [ 0F5FD142333184DFBB9DB5964D2ECF13, F24B20E9944703948C8980241B13A9BFCFC864F030185593B925D72AD57D36B6 ] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
17:58:34.0895 0x0dbc  ZoneAlarm - ok
17:58:34.0903 0x0dbc  [ 8FFDB89A0FB7C8ABC3A8825E38047341, B9107FAA3A885CD9A08C20F78D31C3642FA76812E417F41C4F2ADF7D90CA8C72 ] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
17:58:34.0915 0x0dbc  LWS - ok
17:58:35.0101 0x0dbc  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
17:58:35.0532 0x0dbc  OneDriveSetup - ok
17:58:35.0725 0x0dbc  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
17:58:35.0908 0x0dbc  OneDriveSetup - ok
17:58:35.0936 0x0dbc  [ 2010CA459E5EC8F9D5FC8B000D130294, 058FF215A3AAD04F2A4CF23B2CC62A5EA28F5A705EFA689DCE9126720CF33229 ] C:\Users\DaUra\AppData\Local\Microsoft\OneDrive\OneDrive.exe
17:58:35.0961 0x0dbc  OneDrive - ok
17:58:35.0999 0x0dbc  [ E11775E9CC132A91A0918E3C8A536343, 85FAB7BF6B69DA7992E216B230D62520F5F5F87EB003AC4B98394CD60AE369FC ] C:\Users\DaUra\AppData\Roaming\Spotify\SpotifyWebHelper.exe
17:58:36.0046 0x0dbc  Spotify Web Helper - ok
17:58:36.0205 0x0dbc  [ D698C43D244DD4520BBABC381C0B8C21, A2F0173F60CD2B44C8665CD3C53847BD15A408CF598014291EC2B6A82D60346B ] C:\Users\DaUra\AppData\Roaming\Spotify\Spotify.exe
17:58:36.0366 0x0dbc  Spotify - ok
17:58:36.0421 0x0dbc  [ 72C4380EE0D19B7B76196B488E2DFD39, 066E21A906F954D8054CA8601BA2663998AA9018AE47A8A8DB398111E973F7EF ] C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe
17:58:36.0490 0x0dbc  TSMApplication - detected UnsignedFile.Multi.Generic ( 1 )
17:58:38.0978 0x0dbc  TSMApplication ( UnsignedFile.Multi.Generic ) - warning
17:58:38.0978 0x0dbc  Force sending object to P2P due to detect: C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe
17:58:41.0397 0x0dbc  Object send P2P result: true
17:58:43.0921 0x0dbc  [ 6858C336F22251B0906E8E9EB6B9A9A8, 1DCEF5F762FBACE1062CBDD928051E40996AE650F74781DE61C7821F7247EBCA ] C:\Program Files (x86)\Steam\steam.exe
17:58:43.0991 0x0dbc  Steam - ok
17:58:44.0067 0x0dbc  [ A035B7B52734B362B1B73E1B59DE9554, F97EFD4A07AC53201FD2D64770FAB51A00A02DBFD529E81E6E11FD4441552298 ] C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
17:58:44.0146 0x0dbc  Battle.net - ok
17:58:44.0399 0x0dbc  [ 79B65FCC2AC6169B0B898F2894C61221, 5D4801D5D3C8E60F02D93E07B0068471C37B7E25359786A868DBC391D9E4E9DD ] E:\Program Files\CCleaner\CCleaner64.exe
17:58:44.0679 0x0dbc  CCleaner Monitoring - ok
17:58:44.0742 0x0dbc  [ 7C153262FAA390C3F9B82B2D98B541C7, B7F15950391CF0E64198DB95AFBE3E737AEC56F6209D12AB4F284A3ACBC76642 ] C:\Program Files (x86)\FeedReader30\feedreader.exe
17:58:44.0830 0x0dbc  feedreader.exe - detected UnsignedFile.Multi.Generic ( 1 )
17:58:47.0248 0x0dbc  Detect skipped due to KSN trusted
17:58:47.0248 0x0dbc  feedreader.exe - ok
17:58:47.0249 0x0dbc  Waiting for KSN requests completion. In queue: 3
17:58:48.0250 0x0dbc  Waiting for KSN requests completion. In queue: 3
17:58:49.0251 0x0dbc  Waiting for KSN requests completion. In queue: 3
17:58:50.0278 0x0dbc  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x62100 ( disabled : updated )
17:58:50.0279 0x0dbc  AV detected via SS2: ZoneAlarm Antivirus, C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZA_WSC_Remediation.exe ( 14.1.11.0 ), 0x41000 ( enabled : updated )
17:58:50.0280 0x0dbc  FW detected via SS2: ZoneAlarm Firewall, C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZA_WSC_Remediation.exe ( 14.1.11.0 ), 0x41010 ( enabled )
17:58:52.0640 0x0dbc  ============================================================
17:58:52.0640 0x0dbc  Scan finished
17:58:52.0640 0x0dbc  ============================================================
17:58:52.0653 0x1d60  Detected object count: 1
17:58:52.0653 0x1d60  Actual detected object count: 1
17:59:17.0543 0x1d60  TSMApplication ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:17.0543 0x1d60  TSMApplication ( UnsignedFile.Multi.Generic ) - User select action: Skip

Anmerkung: TSM ist ein Programm für ein Spiel und harmlos.

Ich kriege jetzt fast durchgehend die Meldung, das für jegliches die Standardapp zurückgesetzt wurde.

M-K-D-B · 15.06.2016, 15:56

Servus,

wegen den Standardapps:
FRST und TDSS-Killer sind nur Analysetools, wir haben noch gar nichts "bereinigt", also kann es von den Tools nicht kommen.

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- "Prefetch" Dateien löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Chrome Einstellungen zurücksetzen
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und Shortcut.txt und drücke auf Untersuchen.
FRST erstellt nun drei Logdateien (FRST.txt, Addition.txt und Shortcut.txt).
Poste mir alle drei Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die drei neuen Logdateien von FRST.

Danyelz · 15.06.2016, 20:22

Code:

ATTFilter

# AdwCleaner v5.200 - Bericht erstellt am 15/06/2016 um 21:12:08
# Aktualisiert am 14/06/2016 von ToolsLib
# Datenbank : 2016-06-15.1 [Server]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : DaUra - DESKTOP-FASB6LE
# Gestartet von : C:\Users\DaUra\Downloads\AdwCleaner_5.200.exe
# Option : Löschen
# Unterstützung : https://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****

[-] Datei gelöscht : C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] Datei gelöscht : C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Schlüssel gelöscht : HKCU\Software\OCS
[-] Schlüssel gelöscht : HKCU\Software\SrpnFiles
[-] Schlüssel gelöscht : HKLM\SOFTWARE\SrpnFiles
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{27F588BB-A753-4A8B-B40F-23EF394C88CB}]
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{994B2B6B-441A-4F3B-A281-F510FDB188AD}]
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{525B2FFD-D3C6-423F-8126-A59B565944B0}]
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{492227D0-4B61-4BFC-A317-379BBDA574C0}]

***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
:: Chrome Einstellungen zurückgesetzt : C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2710 Bytes] - [15/06/2016 21:12:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [2131 Bytes] - [18/05/2016 18:45:53]
C:\AdwCleaner\AdwCleaner[S2].txt - [2673 Bytes] - [15/06/2016 21:10:14]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2929 Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x64 
Ran by DaUra (Administrator) on 15.06.2016 at 21:15:59,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4 

Successfully deleted: C:\ProgramData\iobit\driver booster (Folder) 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\DaUra\AppData\Roaming\iobit\driver booster (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (DaUra) (Task)



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.06.2016 at 21:17:30,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version:15-06-2016
durchgeführt von DaUra (2016-06-15 21:20:13)
Gestartet von C:\Users\DaUra\Downloads
Start-Modus: Normal

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)





Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\DaUra\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\DaUra\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\DaUra\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\DaUra\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\DaUra\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\DaUra ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk -> C:\Windows\DevicesFlow\DevicesFlow.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\grv_icons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\lyncicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\World of Warcraft.lnk -> C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III\Warcraft III - The Frozen Throne.lnk -> C:\Program Files (x86)\Warcraft III\Frozen Throne.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III\Warcraft III deinstallieren.lnk -> C:\Program Files (x86)\Common Files\Blizzard Entertainment\Warcraft III (2)\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III\Warcraft III.lnk -> C:\Program Files (x86)\Warcraft III\Warcraft III.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III\Welt-Editor von Warcraft III.lnk -> C:\Program Files (x86)\Warcraft III\World Editor.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1\Demos\vulkaninfo.lnk -> C:\Program Files (x86)\VulkanRT\1.0.3.1\vulkaninfo.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1\Demos\vulkaninfo32.lnk -> C:\Program Files (x86)\VulkanRT\1.0.3.1\vulkaninfo32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Tunngle entfernen.lnk -> C:\Program Files (x86)\Tunngle\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Tunngle.lnk -> C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application\TSMApplication.lnk -> C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN\TortoiseIDiff.lnk -> C:\Program Files\TortoiseSVN\bin\TortoiseIDiff.exe (hxxp://tortoisesvn.net)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN\TortoiseMerge.lnk -> C:\Program Files\TortoiseSVN\bin\TortoiseMerge.exe (hxxp://tortoisesvn.net)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN\Website.lnk -> C:\Program Files\TortoiseSVN\bin\Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II\StarCraft II.lnk -> C:\Program Files (x86)\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Aufzeichnungs-Manager von Skype for Business.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\lyncicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Database Compare 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\dbcicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Office 2016 Upload Center.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Office 2016-Spracheinstellungen.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Spreadsheet Compare 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\sscicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Telemetriedashboard für Office 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\osmadminicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Telemetrieprotokoll für Office 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\osmclienticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Logitech Webcam Software.lnk -> C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk -> C:\Riot Games\League of Legends\lol.launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Über iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\de.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm\Heroes of the Storm.lnk -> C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader\FeedReader Backup Utility.lnk -> C:\Program Files (x86)\FeedReader30\feedreaderbackup.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader\FeedReader.lnk -> C:\Program Files (x86)\FeedReader30\feedreader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II - Lord of Destruction.lnk -> C:\Program Files (x86)\Diablo II\Diablo II.exe (Blizzard North)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II Uninstall.lnk -> C:\Program Files (x86)\Common Files\Blizzard Entertainment\Diablo II\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Diagnostics Instrument.lnk -> C:\Program Files (x86)\CheckPoint\ZoneAlarm\diagnostics\DiagnosticsCaptureTool.exe (Check Point Software Technologies Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Logbücher.lnk -> C:\ProgramData\CheckPoint\ZoneAlarm\Logs ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Security.lnk -> C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1404 Gold Edition\Anno 1404 Gold Edition entfernen.lnk -> C:\Games\Anno 1404 Gold Edition\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1404 Gold Edition\Anno 1404 Venice.lnk -> C:\Games\Anno 1404 Gold Edition\Addon.exe (Related Designs)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1404 Gold Edition\Anno 1404.lnk -> C:\Games\Anno 1404 Gold Edition\Anno4.exe (Related Designs)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings\AMD Radeon Settings.lnk -> C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\Links\Desktop.lnk -> C:\Users\DaUra\Desktop ()
Shortcut: C:\Users\DaUra\Links\Downloads.lnk -> C:\Users\DaUra\Downloads ()
Shortcut: C:\Users\DaUra\Documents\StarCraft II\Danyelz_430@2.lnk -> C:\Users\DaUra\Documents\StarCraft II\Accounts\101831178\2-S2-1-6968171 ()
Shortcut: C:\Users\DaUra\Documents\Heroes of the Storm\T_43089749_768@2.lnk -> C:\Users\DaUra\Documents\Heroes of the Storm\Accounts\101831178\2-Hero-1-1034980 ()
Shortcut: C:\Users\DaUra\Desktop\BitTorrent.lnk -> C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\DaUra\Desktop\CCleaner.lnk -> E:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\DaUra\Desktop\FeedReader.lnk -> C:\Program Files (x86)\FeedReader30\feedreader.exe ()
Shortcut: C:\Users\DaUra\Desktop\JDownloader 2.lnk -> C:\Users\DaUra\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\DaUra\Desktop\Speccy.lnk -> E:\Program Files\Speccy\Speccy64.exe (Piriform Ltd)
Shortcut: C:\Users\DaUra\Desktop\Spotify.lnk -> C:\Users\DaUra\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\DaUra\Desktop\TeamSpeak 3 Client.lnk -> E:\Users\DaUra\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\DaUra\Desktop\Wow.exe - Verknüpfung.lnk -> C:\World of Warcraft 3.3.5a\Wow.exe (Blizzard Entertainment)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk -> C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk -> C:\Program Files\AMD\CNext\CNext\cnext.exe (Keine Datei)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\DaUra\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\DaUra\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk -> E:\Users\DaUra\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk -> E:\Users\DaUra\AppData\Local\TeamSpeak 3 Client\Uninstall.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy.lnk -> E:\Program Files\Speccy\Speccy64.exe (Piriform Ltd)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Deinstallationsprogramm.lnk -> C:\Users\DaUra\JDownloader v2.0\Uninstall JDownloader.exe (AppWork GmbH)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Update & Rescue.lnk -> C:\Users\DaUra\JDownloader v2.0\JDownloader2Update.exe (AppWork GmbH)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2.lnk -> C:\Users\DaUra\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> E:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk -> C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FeedReader.lnk -> C:\Program Files (x86)\FeedReader30\feedreader.exe ()
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk -> C:\Users\DaUra\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tunngle.lnk -> C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk -> C:\Users\DaUra\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\DaUra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamSpeak 3 Client.lnk -> E:\Users\DaUra\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk -> C:\Program Files (x86)\Diablo II\Diablo II.exe (Blizzard North)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Heroes of the Storm.lnk -> C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\League of Legends.lnk -> C:\Riot Games\League of Legends\lol.launcher.exe ()
Shortcut: C:\Users\Public\Desktop\Logitech Webcam Software  .lnk -> C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe ()
Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\StarCraft II.lnk -> C:\Program Files (x86)\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\TSMApplication.lnk -> C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe ()
Shortcut: C:\Users\Public\Desktop\Tunngle.lnk -> C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk -> C:\Program Files (x86)\Warcraft III\Frozen Throne.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Warcraft III.lnk -> C:\Program Files (x86)\Warcraft III\Warcraft III.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\World of Warcraft.lnk -> C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\ZoneAlarm Security.lnk -> C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
Shortcut: C:\Users\Public\Desktop\Anno 1404 Gold Edition\Anno 1404 Venice.lnk -> C:\Games\Anno 1404 Gold Edition\Addon.exe (Related Designs)
Shortcut: C:\Users\Public\Desktop\Anno 1404 Gold Edition\Anno 1404.lnk -> C:\Games\Anno 1404 Gold Edition\Anno4.exe (Related Designs)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safebrowsing.biz/?ssid=1465611136&a=1003081&src=sh&uuid=6132599c-e137-47dd-bd52-ad420357d414"
ShortcutWithArgument: C:\Users\DaUra\Knuddels\Knuddels.lnk -> C:\Users\DaUra\Knuddels\FirefoxPortable\KnuddelsApp.exe (PortableApps.com) -> hxxp://www.knuddels.de/?kgx=&utm_medium=knu-windowsapp&utm_campaign=chromeproj-2015-q1&utm_source=knuddels&utm_content=foldericon-app-start
ShortcutWithArgument: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1465611136&a=1003081&src=sh&uuid=6132599c-e137-47dd-bd52-ad420357d414"


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN\Help.lnk -> C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe (hxxp://tortoisesvn.net) -> /command:help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN\Settings.lnk -> C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe (hxxp://tortoisesvn.net) -> /command:settings
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN\TortoiseSVN Project Monitor.lnk -> C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe (hxxp://tortoisesvn.net) -> /command:monitor
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN\TortoiseSVN Repository Browser.lnk -> C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe (hxxp://tortoisesvn.net) -> /command:repobrowser
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN\TortoiseSVN.lnk -> C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe (hxxp://tortoisesvn.net) -> /command:rtfm
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\DaUra\Knuddels-Stapp\Knuddels.lnk -> C:\Users\DaUra\Knuddels-Stapp\CommonFiles\Java\bin\javaw.exe (Oracle Corporation) -> -noverify -client -jar kjupdate.jar
ShortcutWithArgument: C:\Users\DaUra\Desktop\Knuddels.lnk -> C:\Users\DaUra\Knuddels-Stapp\CommonFiles\Java\bin\javaw.exe (Oracle Corporation) -> -noverify -client -jar kjupdate.jar
ShortcutWithArgument: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Knuddels.lnk -> C:\Users\DaUra\Knuddels-Stapp\CommonFiles\Java\bin\javaw.exe (Oracle Corporation) -> -noverify -client -jar kjupdate.jar
ShortcutWithArgument: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\DaUra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\DaUra\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Tunngle im Internet.url -> hxxp://www.Tunngle.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application\TradeSkillMaster.com.url -> hxxp://www.tradeskillmaster.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> hxxp://support.steampowered.com/
InternetURL: C:\Users\DaUra\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\DaUra\Favorites\Booking.com.url -> hxxp://www.booking.com/index.html?aid=379334
InternetURL: C:\Users\DaUra\Favorites\Links\ACER Zubehör Shop.url -> hxxp://go.acer.com/?id=14169&model=Aspire E5-573
InternetURL: C:\Users\DaUra\Favorites\Acer\Acer.url -> hxxp://www.acer.com/
InternetURL: C:\Users\DaUra\Favorites\Acer\eBay.url -> hxxps://rover.ebay.com/rover/1/707-67567-24801-7/4
InternetURL: C:\Users\DaUra\Desktop\Counter-Strike Global Offensive.url -> steam://rungameid/730
InternetURL: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Counter-Strike Global Offensive.url -> steam://rungameid/730
InternetURL: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy Homepage.url -> hxxp://www.piriform.com/speccy
InternetURL: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse\Curse Client Onlineunterstützung.url -> hxxp://clientsupport.curse.com/
InternetURL: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner

==================== Ende von Shortcut.txt =============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-06-2016
durchgeführt von DaUra (2016-06-15 21:19:53)
Gestartet von C:\Users\DaUra\Downloads
Windows 10 Pro Version 1511 (X64) (2016-01-22 15:33:52)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3833861499-410864776-4231530817-500 - Administrator - Disabled)
DaUra (S-1-5-21-3833861499-410864776-4231530817-1001 - Administrator - Enabled) => C:\Users\DaUra
DefaultAccount (S-1-5-21-3833861499-410864776-4231530817-503 - Limited - Disabled)
Gast (S-1-5-21-3833861499-410864776-4231530817-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ZoneAlarm Antivirus (Disabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Disabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall (Disabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Anno 1404 Gold Edition Version 1.03 (HKLM-x32\...\{52057027-985F-4455-9D84-46D3D99AB138}_is1) (Version: 1.03 - UBISoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse Client (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FeedReader (HKLM-x32\...\FeedReader_is1) (Version:  - i-Systems Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HOTSLogsUploader (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\99a83d131490dc73) (Version: 1.0.0.12 - HOTSLogsUploader)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Knuddels Desktop App (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Knuddels Desktop App ) (Version: "2014.12.13.0" - "Knuddels Desktop App")
Knuddels Standalone App (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Knuddels App ) (Version: "2015.12.6.0" - "Knuddels App")
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.7.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2016 de Microsoft Office*- Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotify (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Spotify) (Version: 1.0.31.56.g526cfefe - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strumenti di correzione di Microsoft Office 2016 - Italiano (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TortoiseSVN 1.9.4.27285 (64 bit) (HKLM\...\{62C19AB2-8485-4E18-A9D3-EFA612B8AE74}) (Version: 1.9.27285 - TortoiseSVN)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: 0.0.0.0 - Blizzard Entertainment)
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
ZoneAlarm Antivirus (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 14.1.011.000 - Check Point)
ZoneAlarm Security (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3833861499-410864776-4231530817-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\DaUra\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0CC2D585-441C-4857-9EAA-C34513FF706E} - System32\Tasks\CCleanerSkipUAC => E:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {18D85DB1-F625-4973-B160-1B0C6FFF9F32} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {334EDD7E-FBB4-44E4-B641-B32207EFA893} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {60F65E37-71BE-4989-804A-484CB383EABF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
Task: {6905A366-707E-4980-A863-341508058885} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {73B25E31-F6CE-4376-B3A3-2C4EF6D8B437} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {7B2976A6-5B88-47E5-8DF1-1B7A93E6C8CD} - System32\Tasks\{599228F7-C600-444E-ABC6-AC5B00AD05EC} => pcalua.exe -a "C:\Program Files (x86)\Diablo II\Diablo II.exe" -d "C:\Program Files (x86)\Diablo II\"
Task: {ABB6FB1C-D485-42F7-8CE8-42FE98275257} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
Task: {CD755F95-D127-468F-9967-16CEAA0CEC63} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {DF6A9EDC-ADC4-44B3-BC19-4E449AFCE740} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {E6CF368E-CCD9-4823-99A6-7B8F57724E71} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\DaUra\Knuddels\Knuddels.lnk -> C:\Users\DaUra\Knuddels\FirefoxPortable\KnuddelsApp.exe (PortableApps.com) -> hxxp://www.knuddels.de/?kgx=&utm_medium=knu-windowsapp&utm_campaign=chromeproj-2015-q1&utm_source=knuddels&utm_content=foldericon-app-start
ShortcutWithArgument: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1465611136&a=1003081&src=sh&uuid=6132599c-e137-47dd-bd52-ad420357d414"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safebrowsing.biz/?ssid=1465611136&a=1003081&src=sh&uuid=6132599c-e137-47dd-bd52-ad420357d414"

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-13 18:18 - 2016-03-29 12:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-13 18:18 - 2016-03-29 12:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-04-24 16:07 - 2016-04-24 16:07 - 00094672 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2016-04-19 18:52 - 2016-04-19 18:52 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-10 17:53 - 2016-06-10 17:53 - 01371624 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\Battle.net Helper.exe
2016-01-22 17:40 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 02:06 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 02:06 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 02:06 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 02:07 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 02:07 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 18:52 - 2016-04-19 18:52 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 18:52 - 2016-04-19 18:52 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 37241856 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\libcef.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 00293040 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\ortp.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\libEGL.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\libGLESv2.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\libglesv2.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\libegl.dll
2016-06-10 17:53 - 2016-06-10 17:53 - 00984576 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7505\ffmpegsumo.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 09:24 - 2015-10-30 09:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3833861499-410864776-4231530817-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DaUra\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{05923A5F-7836-449A-9979-62B10BE40D5D}C:\users\daura\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daura\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{CAE5DB22-CBA5-4E7B-BFFC-DAE7C385519F}C:\users\daura\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daura\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D50AE756-AC3C-46B8-BAAA-9DCA6123B494}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{C3E62EEA-8168-4A4F-9C29-43707D745966}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{6C7435BC-D675-4B6B-9E32-957023C9C243}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C172DA42-C74B-42E9-A4A4-063647DA3266}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A0CFC56-F4D9-419B-B673-278C03BA8882}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D935A0D-020F-4573-893A-86717E636426}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F216EF38-9E59-4E2A-8217-7FD6F55309EE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F02E1F8F-20CD-4431-8CAB-65073DA9AE74}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{58AC2EF9-9F36-428B-A2A5-B00F7EA75231}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CEBE63D5-0BB6-427F-94F8-60C2558A566A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E36128C2-FEE5-4086-A85E-0BADA00C8538}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BFE6F5CA-C8FA-4A05-BE2E-47FF61C72513}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6C772914-A160-4DAB-8C36-E27E749E29CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4214CA99-6595-497D-9BD5-8B5772A5252A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{C206BA72-5071-4DE4-A7DC-4931AABD2507}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{5E54755F-0C02-43ED-9845-D73923570A6F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{FB84C192-840F-47D1-BCA7-13DEF346ACAE}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [TCP Query User{E564A686-8D4C-4152-9999-191CA27D5FDF}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{D3A03447-8D65-42FD-BD7E-BD9D27990563}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{712EF737-CB22-4C82-B312-6AE95BCD85A8}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{2517CAEB-BD1C-440F-A834-5E05D1FBA365}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{DE6A4976-7110-4775-8973-D7EE8D2A7E56}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{4A5428EA-25B7-4ECC-9294-21E8EE5DDDE2}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{8470AFCE-464D-4D25-A870-C20EFE53E52A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D1565DBA-DF16-4443-BAEC-B1C4A65284E0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{92DEE86A-5FCE-41F5-A860-E24323F4C536}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{4D055F58-CF56-49C2-8F23-555057622DEA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{7E6877DB-2473-421E-B01F-FAA96BEF21A1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{1D07CBAB-A33F-48E2-94E7-DB2E9DDE1BB0}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{271033F8-6B73-421C-9F42-D17257DCAA8A}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{A9410D6C-0710-4F66-AEBC-A3EDAA10D02B}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{6C624B5A-E248-4936-A841-7966BA413C59}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{D21711BA-2DC6-44BF-8FF7-1BACBDDA4BE6}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{64E30B58-4927-44B3-BBB1-56E24F4DC2FA}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{75AD3178-3A90-4D63-BB09-4F1F380E9952}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{72FCF239-9821-4D38-B177-3B08A850EE25}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{12DF495F-A81F-4021-B50B-112003405A98}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{970B9B86-D9B6-481D-894E-D67657B50BFB}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{53DCEA20-76A1-4607-8EB9-51327491209A}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{589D5CB7-46E5-44D4-959C-EFA94E7111C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

24-05-2016 17:38:34 Installed TortoiseSVN 1.9.4.27285 (64 bit)
02-06-2016 22:07:23 Geplanter Prüfpunkt
13-06-2016 23:29:49 Geplanter Prüfpunkt
15-06-2016 21:15:59 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/15/2016 09:16:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (06/15/2016 01:39:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(BZDN1840188107-QkxaMDAwMiN7akVFVm5kRUVcMDk5OTFCRTNDNSM=._bzdn._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (06/15/2016 01:39:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(BZDN1840188107-QkxaMDAwMiN7akVFVm5kRUVcMDk5OTFCRTNDNSM=._bzdn._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (06/13/2016 11:29:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (06/13/2016 11:18:45 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (06/13/2016 12:11:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.10586.306, Zeitstempel: 0x571afaa5
Name des fehlerhaften Moduls: StartUI.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af976
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000320ae1
ID des fehlerhaften Prozesses: 0x1dc8
Startzeit der fehlerhaften Anwendung: 0xShellExperienceHost.exe0
Pfad der fehlerhaften Anwendung: ShellExperienceHost.exe1
Pfad des fehlerhaften Moduls: ShellExperienceHost.exe2
Berichtskennung: ShellExperienceHost.exe3
Vollständiger Name des fehlerhaften Pakets: ShellExperienceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ShellExperienceHost.exe5

Error: (06/13/2016 01:12:48 AM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}

Error: (06/13/2016 01:12:48 AM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}

Error: (06/12/2016 12:46:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FASB6LE)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (06/12/2016 12:44:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FASB6LE)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147022986. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (06/15/2016 09:13:40 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst TrueVector Internet Monitor konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (06/15/2016 09:12:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FASB6LE)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/15/2016 09:12:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FASB6LE)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (06/15/2016 09:12:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_471316f" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/15/2016 09:12:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _471316f" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/15/2016 09:12:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_471316f" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/15/2016 09:12:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_471316f" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/15/2016 09:12:27 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/15/2016 09:12:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/15/2016 09:12:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2016-05-15 23:16:54.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 15:36:56.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 18:28:52.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-22 19:14:49.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-17 18:21:11.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-17 01:33:54.583
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-17 00:06:41.688
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 14:16:07.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 14:16:06.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 16:41:28.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: AMD Athlon(tm) II X4 640 Processor
Prozentuale Nutzung des RAM: 23%
Installierter physikalischer RAM: 8189.16 MB
Verfügbarer physikalischer RAM: 6245.98 MB
Summe virtueller Speicher: 9469.16 MB
Verfügbarer virtueller Speicher: 7437.61 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.4 GB) (Free:47.43 GB) NTFS
Drive e: () (Fixed) (Total:596.17 GB) (Free:566.51 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 39D295D9)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: F98D6E74)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-06-2016
durchgeführt von DaUra (Administrator) auf DESKTOP-FASB6LE (15-06-2016 21:19:14)
Gestartet von C:\Users\DaUra\Downloads
Geladene Profile: DaUra (Verfügbare Profile: DaUra)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.7505\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7505\Battle.net Helper.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7505\Battle.net Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4949\Agent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134792 2015-11-07] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [Spotify Web Helper] => C:\Users\DaUra\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1552496 2016-06-14] (Spotify Ltd)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [Spotify] => C:\Users\DaUra\AppData\Roaming\Spotify\Spotify.exe [6916208 2016-06-14] (Spotify Ltd)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-05-30] ()
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-15] (Valve Corporation)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [3006952 2016-03-08] (Blizzard Entertainment)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [CCleaner Monitoring] => E:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
Startup: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-01-22] ()
Startup: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader 2.lnk [2016-05-15]
ShortcutTarget: JDownloader 2.lnk ->  (Keine Datei)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{382cd532-40e2-47aa-b9f1-aa0b77315726}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{7ef27578-732e-4352-9e9a-420138f5219e}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7ef27578-732e-4352-9e9a-420138f5219e}: [DhcpNameServer] 192.168.178.1
ManualProxies: 

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-15] (Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-15]
CHR Extension: (Google Docs) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-15]
CHR Extension: (Google Drive) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-15]
CHR Extension: (YouTube) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-15]
CHR Extension: (Google Tabellen) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-15]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-15]
CHR Extension: (Google Mail) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-15]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3722912 2015-11-07] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-22] (REALiX(tm))
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-11-03] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-11-03] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2016-01-22] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [40568 2015-12-04] (Tunngle.net)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [462304 2016-01-22] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-15 21:18 - 2016-06-15 21:18 - 02385920 _____ (Farbar) C:\Users\DaUra\Downloads\FRST64.exe
2016-06-15 21:17 - 2016-06-15 21:17 - 00000847 _____ C:\Users\DaUra\Desktop\JRT.txt
2016-06-15 21:15 - 2016-06-15 21:15 - 01610816 _____ (Malwarebytes) C:\Users\DaUra\Downloads\JRT.exe
2016-06-15 21:09 - 2016-06-15 21:09 - 03703360 _____ C:\Users\DaUra\Downloads\AdwCleaner_5.200.exe
2016-06-15 13:43 - 2016-06-15 13:51 - 00000000 ____D C:\Program Files (x86)\Diablo II
2016-06-15 13:43 - 2016-06-15 13:43 - 00001194 _____ C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
2016-06-15 13:43 - 2016-06-15 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-06-14 17:57 - 2016-06-14 18:28 - 00250806 _____ C:\TDSSKiller.3.1.0.9_14.06.2016_17.57.40_log.txt
2016-06-14 17:55 - 2016-06-14 17:55 - 00041895 _____ C:\Users\DaUra\Downloads\Addition.txt
2016-06-14 17:54 - 2016-06-15 21:19 - 00016988 _____ C:\Users\DaUra\Downloads\FRST.txt
2016-06-14 17:54 - 2016-06-15 21:19 - 00000000 ____D C:\FRST
2016-06-14 16:17 - 2016-06-14 16:17 - 00005899 _____ C:\Users\DaUra\Desktop\Pro6.txt
2016-06-14 16:17 - 2016-06-14 16:17 - 00001362 _____ C:\Users\DaUra\Desktop\Pro7.txt
2016-06-14 16:16 - 2016-06-14 16:16 - 00007171 _____ C:\Users\DaUra\Desktop\Pro4.txt
2016-06-14 16:16 - 2016-06-14 16:16 - 00006868 _____ C:\Users\DaUra\Desktop\Pro3.txt
2016-06-14 16:16 - 2016-06-14 16:16 - 00002236 _____ C:\Users\DaUra\Desktop\Pro2.txt
2016-06-14 16:16 - 2016-06-14 16:16 - 00001941 _____ C:\Users\DaUra\Desktop\Pro1.txt
2016-06-14 16:16 - 2016-06-14 16:16 - 00001185 _____ C:\Users\DaUra\Desktop\Pro5.txt
2016-06-11 04:22 - 2016-06-15 21:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-11 04:22 - 2016-06-11 04:22 - 00001171 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-06-11 04:22 - 2016-06-11 04:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-06-11 04:22 - 2016-06-11 04:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-11 04:22 - 2016-06-11 04:22 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-06-11 04:22 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-11 04:22 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-11 04:22 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-11 04:13 - 2016-06-11 04:13 - 02585498 _____ (Macromedia, Inc.) C:\Users\DaUra\Downloads\Ganguro Girl Deluxe.exe
2016-06-05 18:11 - 2016-06-05 18:11 - 00001045 _____ C:\Users\DaUra\Desktop\Wow.exe - Verknüpfung.lnk
2016-06-05 15:22 - 2016-06-05 18:11 - 00000000 ____D C:\World of Warcraft 3.3.5a
2016-06-05 00:06 - 2016-06-05 00:06 - 00008731 _____ C:\Users\DaUra\Documents\hamadin.xlsx
2016-06-02 19:12 - 2015-02-01 08:26 - 00000000 ____D C:\Users\DaUra\Desktop\d2bot-with-kolbot-master
2016-06-02 04:11 - 2016-06-02 04:11 - 06169139 _____ C:\D2XP_IX86_1xx_114d.mpq
2016-06-01 01:20 - 2016-06-01 01:20 - 00002724 _____ C:\Users\DaUra\Desktop\BitTorrent.lnk
2016-06-01 01:20 - 2016-06-01 01:20 - 00002724 _____ C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-06-01 01:19 - 2016-06-05 18:10 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\BitTorrent
2016-05-24 21:46 - 2016-06-15 21:14 - 00000000 ____D C:\Users\DaUra\AppData\Local\TSVNCache
2016-05-24 17:39 - 2016-05-24 17:39 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Subversion
2016-05-24 17:39 - 2016-05-24 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2016-05-24 17:39 - 2016-05-24 17:39 - 00000000 ____D C:\Program Files\TortoiseSVN
2016-05-24 17:39 - 2016-05-24 17:39 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2016-05-24 17:20 - 2016-06-02 19:23 - 00000000 ____D C:\Users\DaUra\AppData\Local\noah~
2016-05-24 17:16 - 2016-06-02 19:36 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Notepad++
2016-05-24 17:16 - 2016-05-24 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-05-24 17:16 - 2016-05-24 17:16 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-05-22 18:48 - 2016-05-22 19:24 - 00009707 _____ C:\Users\DaUra\Documents\Runen.xlsx
2016-05-21 00:18 - 2016-05-21 00:18 - 00003334 _____ C:\Windows\System32\Tasks\{599228F7-C600-444E-ABC6-AC5B00AD05EC}
2016-05-20 13:15 - 2016-05-20 13:16 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Feedreader
2016-05-20 13:15 - 2016-05-20 13:15 - 00001042 _____ C:\Users\DaUra\Desktop\FeedReader.lnk
2016-05-20 13:15 - 2016-05-20 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader
2016-05-20 13:15 - 2016-05-20 13:15 - 00000000 ____D C:\Program Files (x86)\FeedReader30
2016-05-19 21:57 - 2016-05-19 21:57 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\java
2016-05-19 21:53 - 2016-05-30 23:32 - 00000000 ____D C:\Users\DaUra\Knuddels-Stapp
2016-05-18 18:45 - 2016-06-15 21:12 - 00000000 ____D C:\AdwCleaner
2016-05-17 20:33 - 2016-05-17 21:42 - 00009747 _____ C:\Users\DaUra\Documents\Mappe1.xlsx

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-15 21:16 - 2016-01-22 18:59 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\IObit
2016-06-15 21:16 - 2016-01-22 18:59 - 00000000 ____D C:\ProgramData\IObit
2016-06-15 21:15 - 2016-01-22 18:28 - 00000000 ____D C:\Users\DaUra\JDownloader v2.0
2016-06-15 21:15 - 2016-01-22 18:00 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-15 21:14 - 2016-02-24 00:40 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-15 21:14 - 2016-01-22 18:33 - 00000000 ____D C:\Users\DaUra\AppData\Local\Battle.net
2016-06-15 21:14 - 2016-01-22 18:33 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-15 21:14 - 2016-01-22 18:00 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-15 21:14 - 2016-01-22 17:32 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-15 21:13 - 2015-10-30 08:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-06-15 21:11 - 2016-01-24 19:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-15 21:04 - 2016-01-28 20:27 - 00004170 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4C3E66F1-1712-448E-9AAC-85DA865B7FB6}
2016-06-15 21:01 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-15 21:01 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\AppReadiness
2016-06-15 16:17 - 2016-01-22 18:29 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\TS3Client
2016-06-15 14:17 - 2016-02-12 00:10 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\vlc
2016-06-15 14:05 - 2016-01-22 18:39 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-06-15 14:03 - 2016-01-22 18:34 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-06-15 14:02 - 2015-10-30 09:11 - 00000000 ____D C:\Windows\CbsTemp
2016-06-15 13:53 - 2016-02-24 01:17 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-15 13:44 - 2016-04-24 13:54 - 00000000 _____ C:\BnetLog.txt
2016-06-15 13:44 - 2016-01-22 18:33 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-06-15 13:32 - 2016-04-13 17:28 - 00010891 _____ C:\Users\DaUra\Documents\Serien.xlsx
2016-06-15 13:25 - 2016-03-07 15:27 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-06-15 13:24 - 2016-01-31 20:23 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-06-14 16:28 - 2016-01-22 18:31 - 00000000 ____D C:\Users\DaUra\AppData\Local\Spotify
2016-06-14 15:57 - 2016-01-22 17:40 - 01799166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-14 15:57 - 2015-10-30 20:35 - 00775524 _____ C:\Windows\system32\perfh007.dat
2016-06-14 15:57 - 2015-10-30 20:35 - 00155338 _____ C:\Windows\system32\perfc007.dat
2016-06-14 15:57 - 2015-10-30 09:21 - 00000000 ____D C:\Windows\INF
2016-06-14 15:54 - 2016-01-22 18:31 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Spotify
2016-06-13 01:47 - 2016-02-12 00:10 - 00000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-06-12 23:39 - 2016-03-15 17:52 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2016-06-12 20:43 - 2016-01-22 17:34 - 00000000 ____D C:\Users\DaUra
2016-06-12 19:42 - 2015-10-30 09:24 - 00000000 ___RD C:\Windows\DevicesFlow
2016-06-11 18:00 - 2016-01-22 18:01 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-11 04:12 - 2016-01-22 18:01 - 00002468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-30 22:31 - 2016-01-22 18:37 - 00000000 ____D C:\Program Files (x86)\TradeSkillMaster Application
2016-05-21 00:18 - 2016-01-22 17:35 - 00000000 ____D C:\Users\DaUra\AppData\Local\VirtualStore
2016-05-19 21:53 - 2016-03-19 22:58 - 00002199 _____ C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Knuddels.lnk
2016-05-19 21:53 - 2016-03-19 22:58 - 00002169 _____ C:\Users\DaUra\Desktop\Knuddels.lnk
2016-05-19 15:33 - 2016-01-22 18:38 - 00000000 ____D C:\Users\DaUra\AppData\Local\Deployment
2016-05-18 18:31 - 2016-03-15 17:43 - 00000735 _____ C:\Users\DaUra\Desktop\CCleaner.lnk

Einige Dateien in TEMP:
====================
C:\Users\DaUra\AppData\Local\Temp\libeay32.dll
C:\Users\DaUra\AppData\Local\Temp\msvcr120.dll
C:\Users\DaUra\AppData\Local\Temp\proxy_vole5964532226572847312.dll
C:\Users\DaUra\AppData\Local\Temp\proxy_vole6276735598846132041.dll
C:\Users\DaUra\AppData\Local\Temp\proxy_vole7438355538046780878.dll
C:\Users\DaUra\AppData\Local\Temp\sqlite3.dll
C:\Users\DaUra\AppData\Local\Temp\vlc-2.2.4-win64.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-13 23:18

==================== Ende von FRST.txt ============================

M-K-D-B · 16.06.2016, 15:27

Servus,

wir entfernen die letzten Reste und kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
ShortcutWithArgument: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1465611136&a=1003081&src=sh&uuid=6132599c-e137-47dd-bd52-ad420357d414"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safebrowsing.biz/?ssid=1465611136&a=1003081&src=sh&uuid=6132599c-e137-47dd-bd52-ad420357d414"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von HitmanPro,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

Danyelz · 17.06.2016, 16:35

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:16-06-2016 01
durchgeführt von DaUra (2016-06-17 16:23:44) Run:1
Gestartet von C:\FRST
Geladene Profile: DaUra (Verfügbare Profile: DaUra)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
ShortcutWithArgument: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1465611136&a=1003081&src=sh&uuid=6132599c-e137-47dd-bd52-ad420357d414"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safebrowsing.biz/?ssid=1465611136&a=1003081&src=sh&uuid=6132599c-e137-47dd-bd52-ad420357d414"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
     
*****************

Prozess erfolgreich geschlossen.
C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Verknüpfung Eigenschaft erfolgreich entfernt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Verknüpfung Eigenschaft erfolgreich entfernt.

========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= Ende von CMD: =========


=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

DOMStore, BITS transfer queue, thumbcache, IE frameiconcache.dat => 25224240 bytes
Java, Opera, Flash, IE recovery, Steam htmlcache, Windows/system/drivers/LocalLow Temp => 77250104 bytes
Edge => 14302235 bytes
Chrome => 729726415 bytes
Firefox => 0 bytes

Temp, IE cache, history, cookies, recent:
Default => 0 bytes
ProgramData => 0 bytes
Public => 0 bytes
systemprofile => 128 bytes
systemprofile32 => 0 bytes
LocalService => 6546 bytes
NetworkService => 0 bytes
DaUra => 56429681 bytes

RecycleBin => 1171 bytes
EmptyTemp: => 861.1 MB temporäre Dateien entfernt.
======================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 16:24:30 ====

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b962e8140c9b534d9ebcdabdf167258e
# end=init
# utc_time=2016-06-17 02:27:51
# local_time=2016-06-17 04:27:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 29828
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b962e8140c9b534d9ebcdabdf167258e
# end=updated
# utc_time=2016-06-17 02:29:32
# local_time=2016-06-17 04:29:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b962e8140c9b534d9ebcdabdf167258e
# engine=29828
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-06-17 03:24:02
# local_time=2016-06-17 05:24:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 9332418 19991185 0 0
# scanned=257045
# found=0
# cleaned=0
# scan_time=3269

M-K-D-B · 17.06.2016, 16:45

Servus,

sehr gut, fehlen nur noch HitmanPro und FRST und die Beantwortung der Fragen.

Danyelz · 17.06.2016, 16:53

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : DESKTOP-FASB6LE
   Windows . . . . . . . : 10.0.0.10586.X64/4
   User name . . . . . . : DESKTOP-FASB6LE\DaUra
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-06-17 17:46:37
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 3

   Objects scanned . . . : 1.601.643
   Files scanned . . . . : 43.251
   Remnants scanned  . . : 414.740 files / 1.143.652 keys

Suspicious files ____________________________________________________________

   C:\FRST\FRST64.exe
      Size . . . . . . . : 2.386.944 bytes
      Age  . . . . . . . : 0.1 days (2016-06-17 16:23:31)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 14CD1F04194F67B466DCE53FC748039D7023EA4FBFBB60A81162495F81D5E804
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\FRST\FRST64.exe
         12.9s C:\FRST\Logs\ct
         12.9s C:\FRST\Fixlog.txt
         15.1s C:\FRST\Quarantine\C\Users\DaUra\
         15.1s C:\FRST\Quarantine\C\
         15.1s C:\FRST\Quarantine\C\Users\DaUra\AppData\Roaming\Microsoft\
         15.1s C:\FRST\Quarantine\C\Users\
         15.1s C:\FRST\Quarantine\C\Users\DaUra\AppData\Roaming\Microsoft\Windows\
         15.1s C:\FRST\Quarantine\C\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\
         15.1s C:\FRST\Quarantine\C\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
         15.1s C:\FRST\Quarantine\C\Users\DaUra\AppData\
         15.1s C:\FRST\Quarantine\C\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\
         15.1s C:\FRST\Quarantine\C\Users\DaUra\AppData\Roaming\
         15.2s C:\FRST\Quarantine\C\ProgramData\
         15.2s C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\
         15.2s C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\
         15.2s C:\FRST\Quarantine\C\ProgramData\Microsoft\
         15.2s C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\

   C:\Users\DaUra\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.385.920 bytes
      Age  . . . . . . . : 1.9 days (2016-06-15 21:18:37)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3DB74C1470C8F40E9ED580C1E6A0F74D36D06026B57021C026FD8F7B1806FF80
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\DaUra\Downloads\FRST64.exe
      Size . . . . . . . : 2.386.944 bytes
      Age  . . . . . . . : 0.1 days (2016-06-17 16:22:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 14CD1F04194F67B466DCE53FC748039D7023EA4FBFBB60A81162495F81D5E804
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.3s C:\Users\DaUra\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -0.3s C:\Users\DaUra\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -0.2s C:\Users\DaUra\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
         -0.2s C:\Users\DaUra\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
         -0.1s C:\Users\DaUra\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_4F8D4D4F8A055DA96F5FDDC885E626A4
         -0.1s C:\Users\DaUra\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_4F8D4D4F8A055DA96F5FDDC885E626A4
          0.0s C:\Users\DaUra\Downloads\FRST64.exe
          0.7s C:\Users\DaUra\Downloads\FRST-OlderVersion\

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01
durchgeführt von DaUra (Administrator) auf DESKTOP-FASB6LE (17-06-2016 17:50:37)
Gestartet von C:\FRST
Geladene Profile: DaUra (Verfügbare Profile: DaUra)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\FeedReader30\feedreader.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) E:\Users\DaUra\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Blizzard Entertainment) C:\Program Files (x86)\Warcraft III\War3.exe
(Spotify Ltd) C:\Users\DaUra\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\DaUra\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\DaUra\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\DaUra\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\DaUra\AppData\Roaming\Spotify\Spotify.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134792 2015-11-07] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [Spotify Web Helper] => C:\Users\DaUra\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1552496 2016-06-14] (Spotify Ltd)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [Spotify] => C:\Users\DaUra\AppData\Roaming\Spotify\Spotify.exe [6916208 2016-06-14] (Spotify Ltd)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-05-30] ()
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-15] (Valve Corporation)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [3006952 2016-03-08] (Blizzard Entertainment)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [CCleaner Monitoring] => E:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
Startup: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-01-22] ()
Startup: C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader 2.lnk [2016-05-15]
ShortcutTarget: JDownloader 2.lnk ->  (Keine Datei)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{382cd532-40e2-47aa-b9f1-aa0b77315726}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{7ef27578-732e-4352-9e9a-420138f5219e}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7ef27578-732e-4352-9e9a-420138f5219e}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-16] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-04-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-15] (Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-15]
CHR Extension: (Google Docs) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-15]
CHR Extension: (Google Drive) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-15]
CHR Extension: (YouTube) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-15]
CHR Extension: (Adblock Plus) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-15]
CHR Extension: (Google Tabellen) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-15]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-15]
CHR Extension: (Google Mail) - C:\Users\DaUra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-15]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3722912 2015-11-07] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-22] (REALiX(tm))
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-11-03] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-11-03] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [172920 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-11-03] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [917880 2015-11-03] (AO Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2016-01-22] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [40568 2015-12-04] (Tunngle.net)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [462304 2016-01-22] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-17 17:46 - 2016-06-17 17:49 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-17 17:46 - 2016-06-17 17:46 - 11438608 _____ (SurfRight B.V.) C:\Users\DaUra\Downloads\HitmanPro_x64.exe
2016-06-17 16:27 - 2016-06-17 16:27 - 02870984 _____ (ESET) C:\Users\DaUra\Downloads\esetsmartinstaller_deu.exe
2016-06-17 16:22 - 2016-06-17 16:22 - 00000000 ____D C:\Users\DaUra\Downloads\FRST-OlderVersion
2016-06-16 20:02 - 2016-06-17 02:23 - 00012038 _____ C:\Users\DaUra\Documents\BhopUnfinishedMaps.xlsx
2016-06-16 13:30 - 2016-06-16 13:30 - 00001045 _____ C:\Users\DaUra\Desktop\Wow 3.3.5a.exe - Verknüpfung.lnk
2016-06-15 21:20 - 2016-06-15 21:20 - 00042630 _____ C:\Users\DaUra\Downloads\Shortcut.txt
2016-06-15 21:18 - 2016-06-17 16:22 - 02386944 _____ (Farbar) C:\Users\DaUra\Downloads\FRST64.exe
2016-06-15 21:15 - 2016-06-15 21:15 - 01610816 _____ (Malwarebytes) C:\Users\DaUra\Downloads\JRT.exe
2016-06-15 21:09 - 2016-06-15 21:09 - 03703360 _____ C:\Users\DaUra\Downloads\AdwCleaner_5.200.exe
2016-06-15 13:43 - 2016-06-15 13:51 - 00000000 ____D C:\Program Files (x86)\Diablo II
2016-06-15 13:43 - 2016-06-15 13:43 - 00001194 _____ C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
2016-06-15 13:43 - 2016-06-15 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2016-06-14 17:57 - 2016-06-14 18:28 - 00250806 _____ C:\TDSSKiller.3.1.0.9_14.06.2016_17.57.40_log.txt
2016-06-14 17:55 - 2016-06-17 16:23 - 00016234 _____ C:\Users\DaUra\Downloads\Addition.txt
2016-06-14 17:54 - 2016-06-17 17:50 - 00000000 ____D C:\FRST
2016-06-14 17:54 - 2016-06-17 16:23 - 00028852 _____ C:\Users\DaUra\Downloads\FRST.txt
2016-06-11 04:22 - 2016-06-17 17:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-11 04:22 - 2016-06-11 04:22 - 00001171 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-06-11 04:22 - 2016-06-11 04:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-06-11 04:22 - 2016-06-11 04:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-11 04:22 - 2016-06-11 04:22 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-06-11 04:22 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-11 04:22 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-11 04:22 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-11 04:13 - 2016-06-11 04:13 - 02585498 _____ (Macromedia, Inc.) C:\Users\DaUra\Downloads\Ganguro Girl Deluxe.exe
2016-06-05 15:22 - 2016-06-16 13:30 - 00000000 ____D C:\World of Warcraft 3.3.5a
2016-06-05 00:06 - 2016-06-05 00:06 - 00008731 _____ C:\Users\DaUra\Documents\hamadin.xlsx
2016-06-02 19:12 - 2015-02-01 08:26 - 00000000 ____D C:\Users\DaUra\Desktop\d2bot-with-kolbot-master
2016-06-02 04:11 - 2016-06-02 04:11 - 06169139 _____ C:\D2XP_IX86_1xx_114d.mpq
2016-06-01 01:20 - 2016-06-01 01:20 - 00002724 _____ C:\Users\DaUra\Desktop\BitTorrent.lnk
2016-06-01 01:20 - 2016-06-01 01:20 - 00002724 _____ C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-06-01 01:19 - 2016-06-05 18:10 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\BitTorrent
2016-05-24 21:46 - 2016-06-17 16:25 - 00000000 ____D C:\Users\DaUra\AppData\Local\TSVNCache
2016-05-24 17:39 - 2016-05-24 17:39 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Subversion
2016-05-24 17:39 - 2016-05-24 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2016-05-24 17:39 - 2016-05-24 17:39 - 00000000 ____D C:\Program Files\TortoiseSVN
2016-05-24 17:39 - 2016-05-24 17:39 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2016-05-24 17:20 - 2016-06-02 19:23 - 00000000 ____D C:\Users\DaUra\AppData\Local\noah~
2016-05-24 17:16 - 2016-06-02 19:36 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Notepad++
2016-05-24 17:16 - 2016-05-24 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-05-24 17:16 - 2016-05-24 17:16 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-05-22 18:48 - 2016-05-22 19:24 - 00009707 _____ C:\Users\DaUra\Documents\Runen.xlsx
2016-05-21 00:18 - 2016-05-21 00:18 - 00003334 _____ C:\Windows\System32\Tasks\{599228F7-C600-444E-ABC6-AC5B00AD05EC}
2016-05-20 13:15 - 2016-05-20 13:16 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Feedreader
2016-05-20 13:15 - 2016-05-20 13:15 - 00001042 _____ C:\Users\DaUra\Desktop\FeedReader.lnk
2016-05-20 13:15 - 2016-05-20 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FeedReader
2016-05-20 13:15 - 2016-05-20 13:15 - 00000000 ____D C:\Program Files (x86)\FeedReader30
2016-05-19 21:57 - 2016-05-19 21:57 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\java
2016-05-19 21:53 - 2016-06-15 22:53 - 00000000 ____D C:\Users\DaUra\Knuddels-Stapp
2016-05-18 18:45 - 2016-06-15 21:12 - 00000000 ____D C:\AdwCleaner

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-06-17 17:49 - 2016-01-22 18:29 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\TS3Client
2016-06-17 17:40 - 2016-01-22 17:40 - 01799166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-17 17:40 - 2015-10-30 20:35 - 00775524 _____ C:\Windows\system32\perfh007.dat
2016-06-17 17:40 - 2015-10-30 20:35 - 00155338 _____ C:\Windows\system32\perfc007.dat
2016-06-17 17:40 - 2015-10-30 09:21 - 00000000 ____D C:\Windows\INF
2016-06-17 17:19 - 2016-01-22 18:31 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Spotify
2016-06-17 17:19 - 2016-01-22 18:31 - 00000000 ____D C:\Users\DaUra\AppData\Local\Spotify
2016-06-17 17:15 - 2016-01-22 18:00 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-17 17:11 - 2016-01-24 19:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-17 17:02 - 2016-03-15 17:52 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2016-06-17 16:46 - 2016-02-24 00:40 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-17 16:45 - 2016-01-22 18:28 - 00000000 ____D C:\Users\DaUra\JDownloader v2.0
2016-06-17 16:36 - 2016-01-22 18:33 - 00000000 ____D C:\Users\DaUra\AppData\Local\Battle.net
2016-06-17 16:26 - 2016-01-22 18:33 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-17 16:25 - 2016-01-22 18:00 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-17 16:25 - 2016-01-22 17:32 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-17 16:25 - 2015-10-30 08:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-06-17 16:23 - 2016-01-22 18:01 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 14:26 - 2015-10-30 09:11 - 00000000 ____D C:\Windows\CbsTemp
2016-06-17 12:45 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-17 12:45 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\AppReadiness
2016-06-17 12:39 - 2016-01-28 20:27 - 00004170 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4C3E66F1-1712-448E-9AAC-85DA865B7FB6}
2016-06-16 13:04 - 2016-01-22 18:39 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-06-16 00:36 - 2016-02-12 00:10 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\vlc
2016-06-16 00:03 - 2016-04-13 17:28 - 00010891 _____ C:\Users\DaUra\Documents\Serien.xlsx
2016-06-15 21:16 - 2016-01-22 18:59 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\IObit
2016-06-15 21:16 - 2016-01-22 18:59 - 00000000 ____D C:\ProgramData\IObit
2016-06-15 14:03 - 2016-01-22 18:34 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-06-15 13:53 - 2016-02-24 01:17 - 00000000 ____D C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-15 13:44 - 2016-04-24 13:54 - 00000000 _____ C:\BnetLog.txt
2016-06-15 13:44 - 2016-01-22 18:33 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-06-15 13:25 - 2016-03-07 15:27 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-06-15 13:24 - 2016-01-31 20:23 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-06-13 01:47 - 2016-02-12 00:10 - 00000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-06-12 20:43 - 2016-01-22 17:34 - 00000000 ____D C:\Users\DaUra
2016-06-12 19:42 - 2015-10-30 09:24 - 00000000 ___RD C:\Windows\DevicesFlow
2016-06-11 18:00 - 2016-01-22 18:01 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-30 22:31 - 2016-01-22 18:37 - 00000000 ____D C:\Program Files (x86)\TradeSkillMaster Application
2016-05-21 00:18 - 2016-01-22 17:35 - 00000000 ____D C:\Users\DaUra\AppData\Local\VirtualStore
2016-05-19 21:53 - 2016-03-19 22:58 - 00002199 _____ C:\Users\DaUra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Knuddels.lnk
2016-05-19 21:53 - 2016-03-19 22:58 - 00002169 _____ C:\Users\DaUra\Desktop\Knuddels.lnk
2016-05-19 15:33 - 2016-01-22 18:38 - 00000000 ____D C:\Users\DaUra\AppData\Local\Deployment
2016-05-18 18:31 - 2016-03-15 17:43 - 00000735 _____ C:\Users\DaUra\Desktop\CCleaner.lnk

Einige Dateien in TEMP:
====================
C:\Users\DaUra\AppData\Local\Temp\proxy_vole2647158863692072375.dll
C:\Users\DaUra\AppData\Local\Temp\proxy_vole298242181801802180.dll
C:\Users\DaUra\AppData\Local\Temp\proxy_vole4302429597827295891.dll
C:\Users\DaUra\AppData\Local\Temp\proxy_vole4440506755268404936.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-06-13 23:18

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:16-06-2016 01
durchgeführt von DaUra (2016-06-17 17:51:21)
Gestartet von C:\FRST
Windows 10 Pro Version 1511 (X64) (2016-01-22 15:33:52)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3833861499-410864776-4231530817-500 - Administrator - Disabled)
DaUra (S-1-5-21-3833861499-410864776-4231530817-1001 - Administrator - Enabled) => C:\Users\DaUra
DefaultAccount (S-1-5-21-3833861499-410864776-4231530817-503 - Limited - Disabled)
Gast (S-1-5-21-3833861499-410864776-4231530817-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Anno 1404 Gold Edition Version 1.03 (HKLM-x32\...\{52057027-985F-4455-9D84-46D3D99AB138}_is1) (Version: 1.03 - UBISoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse Client (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FeedReader (HKLM-x32\...\FeedReader_is1) (Version:  - i-Systems Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HOTSLogsUploader (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\99a83d131490dc73) (Version: 1.0.0.12 - HOTSLogsUploader)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Knuddels Desktop App (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Knuddels Desktop App ) (Version: "2014.12.13.0" - "Knuddels Desktop App")
Knuddels Standalone App (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Knuddels App ) (Version: "2015.12.6.0" - "Knuddels App")
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.7.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2016 de Microsoft Office*- Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotify (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\Spotify) (Version: 1.0.31.56.g526cfefe - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strumenti di correzione di Microsoft Office 2016 - Italiano (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TortoiseSVN 1.9.4.27285 (64 bit) (HKLM\...\{62C19AB2-8485-4E18-A9D3-EFA612B8AE74}) (Version: 1.9.27285 - TortoiseSVN)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.4 - Tunngle.net GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: 0.0.0.0 - Blizzard Entertainment)
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
ZoneAlarm Antivirus (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 14.1.011.000 - Check Point)
ZoneAlarm Security (x32 Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3833861499-410864776-4231530817-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\DaUra\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0CC2D585-441C-4857-9EAA-C34513FF706E} - System32\Tasks\CCleanerSkipUAC => E:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {18D85DB1-F625-4973-B160-1B0C6FFF9F32} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {334EDD7E-FBB4-44E4-B641-B32207EFA893} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {60F65E37-71BE-4989-804A-484CB383EABF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
Task: {6905A366-707E-4980-A863-341508058885} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {73B25E31-F6CE-4376-B3A3-2C4EF6D8B437} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {7B2976A6-5B88-47E5-8DF1-1B7A93E6C8CD} - System32\Tasks\{599228F7-C600-444E-ABC6-AC5B00AD05EC} => pcalua.exe -a "C:\Program Files (x86)\Diablo II\Diablo II.exe" -d "C:\Program Files (x86)\Diablo II\"
Task: {ABB6FB1C-D485-42F7-8CE8-42FE98275257} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
Task: {CD755F95-D127-468F-9967-16CEAA0CEC63} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {DF6A9EDC-ADC4-44B3-BC19-4E449AFCE740} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {E6CF368E-CCD9-4823-99A6-7B8F57724E71} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\DaUra\Knuddels\Knuddels.lnk -> C:\Users\DaUra\Knuddels\FirefoxPortable\KnuddelsApp.exe (PortableApps.com) -> hxxp://www.knuddels.de/?kgx=&utm_medium=knu-windowsapp&utm_campaign=chromeproj-2015-q1&utm_source=knuddels&utm_content=foldericon-app-start

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-13 18:18 - 2016-03-29 12:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-13 18:18 - 2016-03-29 12:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-04-24 16:07 - 2016-04-24 16:07 - 00094672 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2016-04-19 18:52 - 2016-04-19 18:52 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-22 17:40 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 02:06 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 02:06 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 02:06 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 02:07 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 02:07 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-20 13:15 - 2009-03-29 11:30 - 02058240 _____ () C:\Program Files (x86)\FeedReader30\feedreader.exe
2012-09-13 01:38 - 2012-09-13 01:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2015-10-22 13:22 - 2016-04-27 01:08 - 00174872 _____ () E:\Users\DaUra\AppData\Local\TeamSpeak 3 Client\quazip.dll
2015-10-22 13:21 - 2016-04-27 01:08 - 00103192 _____ () E:\Users\DaUra\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2015-10-22 13:21 - 2016-04-27 01:08 - 00107800 _____ () E:\Users\DaUra\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2015-10-22 13:22 - 2016-04-27 01:08 - 00312088 _____ () E:\Users\DaUra\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2015-10-22 13:22 - 2016-04-27 01:08 - 00485656 _____ () E:\Users\DaUra\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2015-11-03 07:42 - 2015-11-03 07:42 - 00794920 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
2016-04-19 18:52 - 2016-04-19 18:52 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 18:52 - 2016-04-19 18:52 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-24 00:41 - 2016-04-29 22:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-02-24 00:41 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-02-24 00:41 - 2016-06-15 02:47 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2016-02-24 00:41 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-02-24 00:41 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-02-24 00:41 - 2016-02-09 01:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-02-24 00:41 - 2016-02-09 01:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-02-24 00:41 - 2016-02-09 01:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-02-24 00:41 - 2016-02-09 01:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-02-24 00:41 - 2016-02-09 01:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-02-24 00:41 - 2016-06-15 02:47 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-10 02:57 - 2016-02-18 00:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-02-24 00:41 - 2016-06-14 21:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 01:39 - 2012-09-13 01:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2016-02-24 00:41 - 2015-09-25 01:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-03-15 17:52 - 2016-03-15 17:52 - 00353768 _____ () c:\program files (x86)\warcraft iii\mss32.dll
2016-03-15 17:52 - 2016-03-15 17:52 - 00132072 _____ () c:\program files (x86)\warcraft iii\redist\miles\Mp3dec.asi
2016-03-15 17:52 - 2016-03-15 17:52 - 00071656 _____ () c:\program files (x86)\warcraft iii\redist\miles\Mssdolby.m3d
2016-03-15 17:52 - 2016-03-15 17:52 - 00076264 _____ () c:\program files (x86)\warcraft iii\redist\miles\Msseax2.m3d
2016-03-15 17:52 - 2016-03-15 17:52 - 00070120 _____ () c:\program files (x86)\warcraft iii\redist\miles\Mssfast.m3d
2016-03-15 17:52 - 2016-03-15 17:52 - 00062952 _____ () c:\program files (x86)\warcraft iii\redist\miles\Reverb3.flt
2016-01-22 18:31 - 2016-06-14 15:54 - 47503472 _____ () C:\Users\DaUra\AppData\Roaming\Spotify\libcef.dll
2016-01-22 18:31 - 2016-06-14 15:54 - 01584240 _____ () C:\Users\DaUra\AppData\Roaming\Spotify\libglesv2.dll
2016-01-22 18:31 - 2016-06-14 15:54 - 00082032 _____ () C:\Users\DaUra\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 09:24 - 2015-10-30 09:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3833861499-410864776-4231530817-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DaUra\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3833861499-410864776-4231530817-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{05923A5F-7836-449A-9979-62B10BE40D5D}C:\users\daura\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daura\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{CAE5DB22-CBA5-4E7B-BFFC-DAE7C385519F}C:\users\daura\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daura\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D50AE756-AC3C-46B8-BAAA-9DCA6123B494}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{C3E62EEA-8168-4A4F-9C29-43707D745966}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{6C7435BC-D675-4B6B-9E32-957023C9C243}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C172DA42-C74B-42E9-A4A4-063647DA3266}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A0CFC56-F4D9-419B-B673-278C03BA8882}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D935A0D-020F-4573-893A-86717E636426}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F216EF38-9E59-4E2A-8217-7FD6F55309EE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F02E1F8F-20CD-4431-8CAB-65073DA9AE74}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{58AC2EF9-9F36-428B-A2A5-B00F7EA75231}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CEBE63D5-0BB6-427F-94F8-60C2558A566A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E36128C2-FEE5-4086-A85E-0BADA00C8538}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BFE6F5CA-C8FA-4A05-BE2E-47FF61C72513}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6C772914-A160-4DAB-8C36-E27E749E29CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4214CA99-6595-497D-9BD5-8B5772A5252A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{C206BA72-5071-4DE4-A7DC-4931AABD2507}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{5E54755F-0C02-43ED-9845-D73923570A6F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{FB84C192-840F-47D1-BCA7-13DEF346ACAE}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [TCP Query User{E564A686-8D4C-4152-9999-191CA27D5FDF}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{D3A03447-8D65-42FD-BD7E-BD9D27990563}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{712EF737-CB22-4C82-B312-6AE95BCD85A8}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{2517CAEB-BD1C-440F-A834-5E05D1FBA365}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{DE6A4976-7110-4775-8973-D7EE8D2A7E56}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{4A5428EA-25B7-4ECC-9294-21E8EE5DDDE2}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{8470AFCE-464D-4D25-A870-C20EFE53E52A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D1565DBA-DF16-4443-BAEC-B1C4A65284E0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{92DEE86A-5FCE-41F5-A860-E24323F4C536}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{4D055F58-CF56-49C2-8F23-555057622DEA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{7E6877DB-2473-421E-B01F-FAA96BEF21A1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{1D07CBAB-A33F-48E2-94E7-DB2E9DDE1BB0}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{271033F8-6B73-421C-9F42-D17257DCAA8A}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{A9410D6C-0710-4F66-AEBC-A3EDAA10D02B}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{6C624B5A-E248-4936-A841-7966BA413C59}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{D21711BA-2DC6-44BF-8FF7-1BACBDDA4BE6}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{64E30B58-4927-44B3-BBB1-56E24F4DC2FA}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{75AD3178-3A90-4D63-BB09-4F1F380E9952}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{72FCF239-9821-4D38-B177-3B08A850EE25}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{12DF495F-A81F-4021-B50B-112003405A98}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{970B9B86-D9B6-481D-894E-D67657B50BFB}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{53DCEA20-76A1-4607-8EB9-51327491209A}] => (Allow) C:\Users\DaUra\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{589D5CB7-46E5-44D4-959C-EFA94E7111C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

24-05-2016 17:38:34 Installed TortoiseSVN 1.9.4.27285 (64 bit)
02-06-2016 22:07:23 Geplanter Prüfpunkt
13-06-2016 23:29:49 Geplanter Prüfpunkt
15-06-2016 21:15:59 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (06/17/2016 05:50:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/17/2016 05:34:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/17/2016 05:34:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/17/2016 04:28:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/17/2016 04:27:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/17/2016 04:27:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/17/2016 04:27:40 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (06/15/2016 09:16:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (06/15/2016 01:39:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(BZDN1840188107-QkxaMDAwMiN7akVFVm5kRUVcMDk5OTFCRTNDNSM=._bzdn._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (06/15/2016 01:39:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(BZDN1840188107-QkxaMDAwMiN7akVFVm5kRUVcMDk5OTFCRTNDNSM=._bzdn._tcp.local.) active for over two minutes. This places considerable burden on the network.


Systemfehler:
=============
Error: (06/17/2016 04:29:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275 = Der Treiber konnte nicht geladen werden.


Error: (06/17/2016 04:29:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\DaUra\AppData\Local\Temp\ehdrv.sys

Error: (06/17/2016 04:29:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275 = Der Treiber konnte nicht geladen werden.


Error: (06/17/2016 04:29:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\DaUra\AppData\Local\Temp\ehdrv.sys

Error: (06/17/2016 04:29:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275 = Der Treiber konnte nicht geladen werden.


Error: (06/17/2016 04:29:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\DaUra\AppData\Local\Temp\ehdrv.sys

Error: (06/17/2016 04:28:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275 = Der Treiber konnte nicht geladen werden.


Error: (06/17/2016 04:28:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\DaUra\AppData\Local\Temp\ehdrv.sys

Error: (06/17/2016 04:28:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275 = Der Treiber konnte nicht geladen werden.


Error: (06/17/2016 04:28:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\DaUra\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2016-05-15 23:16:54.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 15:36:56.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-11 18:28:52.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-22 19:14:49.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-17 18:21:11.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-17 01:33:54.583
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-17 00:06:41.688
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 14:16:07.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 14:16:06.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 16:41:28.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: AMD Athlon(tm) II X4 640 Processor
Prozentuale Nutzung des RAM: 46%
Installierter physikalischer RAM: 8189.16 MB
Verfügbarer physikalischer RAM: 4345.57 MB
Summe virtueller Speicher: 9469.16 MB
Verfügbarer virtueller Speicher: 5326.96 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.4 GB) (Free:49.26 GB) NTFS
Drive d: (TOSHIBA EXT) (Fixed) (Total:3725.9 GB) (Free:2419.63 GB) NTFS
Drive e: () (Fixed) (Total:596.17 GB) (Free:563.44 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 39D295D9)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: F98D6E74)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 3726 GB) (Disk ID: 6A7CE573)

Partition: GPT.

==================== Ende von Addition.txt ============================

M-K-D-B · 17.06.2016, 16:54

Servus,

gut gemacht.

Und jetzt bitte noch meine Frage beantworten.

Danyelz · 17.06.2016, 16:55

Heute hat sich noch keine Seite geöffnet. Sieht gut aus. Falls was ist sag ich bescheid ^^
Danke dafür

M-K-D-B · 17.06.2016, 16:59

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	Microsoft Security Essentials	ESET

Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

M-K-D-B · 21.06.2016, 13:52

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

17.06.2016, 16:45	#10
M-K-D-B /// TB-Ausbilder	Malware + Startseitenänderung + Werbetab-Popups Servus, sehr gut, fehlen nur noch HitmanPro und FRST und die Beantwortung der Fragen.

17.06.2016, 16:54	#12
M-K-D-B /// TB-Ausbilder	Malware + Startseitenänderung + Werbetab-Popups Servus, gut gemacht. Und jetzt bitte noch meine Frage beantworten.

Malware + Startseitenänderung + Werbetab-Popups

Plagegeister aller Art und deren Bekämpfung: Malware + Startseitenänderung + Werbetab-Popups