| |
| |||||||
Log-Analyse und Auswertung: Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.11.2016, 15:39
| #1 |
 |  Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden Guten Tag trojaner-board.de-Team. Ich bekomme beim Surfen Umleitungen auf Werbewebseiten und der Seitenaufbau ist verlangsamt. Nach einem scan mit Malwarebytes Anti-Malware wurde trojan.chinad und ein haufen weiterer "potenziell unerwünschte Programme" gefunden. Des Weiteren ist als Startseite "searchinme.com" eingetragen. FRST.Scan: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016 durchgeführt von Pascal (Administrator) auf PASCAL-PC (14-11-2016 13:33:56) Gestartet von C:\Users\Pascal\Downloads Geladene Profile: UpdatusUser & Pascal (Verfügbare Profile: UpdatusUser & Pascal) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 9 (Standard-Browser: "C:\Program Files (x86)\Firefox\Firefox.exe" -osint -url "%1") Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe (Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe () C:\Users\Pascal\AppData\Roaming\ibfib\UvConverter.exe (Mozilla Corporation) C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\wbengine.exe (Microsoft Corporation) C:\Windows\System32\vds.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [InstantUpdate] => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-04-07] () HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [576376 2012-02-02] (Alps Electric Co., Ltd.) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated) HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft) HKLM\...\Run: [ALU] => C:\Program Files\Acer\Acer Updater\ALU.exe [2419104 2016-06-06] (Acer Incorporated) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1674896 2011-09-17] (McAfee, Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation) HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\RunOnce: [Cepekahuma] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Pascal\AppData\Roaming\Rerotecenag" HKLM-x32\...\RunOnce: [Hetabe] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Pascal\AppData\Roaming\Disoralepo" HKLM-x32\...\RunOnce: [Patetap] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Pascal\AppData\Local\55994758-7728-2EE3-91E7-317795CF9621\Seboner.dat" Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-926593798-233215359-281748651-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [3015072 2016-01-19] (Comfort Software Group) HKU\S-1-5-21-926593798-233215359-281748651-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd) HKU\S-1-5-21-926593798-233215359-281748651-1001\...\Run: [Chromium] => c:\users\pascal\appdata\local\chromium\application\chrome.exe [1035264 2016-03-17] (The Chromium Authors) HKU\S-1-5-21-926593798-233215359-281748651-1001\...\MountPoints2: {489c651c-09f0-11e6-aa84-e840f2c7a2ad} - F:\TelenorMiniruter_MF91D.exe /s HKU\S-1-5-21-926593798-233215359-281748651-1001\...\MountPoints2: {a2a436c4-9cc7-11e5-be82-806e6f6e6963} - E:\autorun.exe HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-03-21] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-03-21] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-10-29] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.) GroupPolicy: Beschränkung <======= ACHTUNG CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 193.213.112.4 130.67.15.198 Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4 Tcpip\..\Interfaces\{B578A4EF-C16C-4BC5-ABB8-040BD734CBA8}: [DhcpNameServer] 193.213.112.4 130.67.15.198 Tcpip\..\Interfaces\{EE92F413-F0F5-48B4-B8EE-D41E3B16B94B}: [DhcpNameServer] 82.163.142.7 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131235660965126970&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131235660965136971&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-926593798-233215359-281748651-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131235660965166972&GUID=00000000-0000-0000-0000-000000000000 HKU\S-1-5-21-926593798-233215359-281748651-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131235660965176973&GUID=00000000-0000-0000-0000-000000000000 HKU\S-1-5-21-926593798-233215359-281748651-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-926593798-233215359-281748651-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120510081824.dll [2012-02-22] (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120510081825.dll [2012-02-22] (McAfee, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Kein Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> Keine Datei Toolbar: HKLM - Kein Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Keine Datei Toolbar: HKLM-x32 - Kein Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Keine Datei Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - Keine Datei Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Keine Datei FireFox: ======== FF DefaultProfile: dftl4u6t.default FF ProfilePath: C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default [2016-11-14] FF user.js: detected! => C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\user.js [2016-11-08] FF NewTab: Mozilla\Firefox\Profiles\dftl4u6t.default -> hxxp://www.nicesearches.com?type=hp&ts=1475921813&from=fb081008&uid=toshibaxmk6476gsx_y2n5p0wxtxxy2n5p0wxt&z=817d4136745b9cbdfc61f7cgfz8mfw0tao3gfb5g3e FF DefaultSearchEngine: Mozilla\Firefox\Profiles\dftl4u6t.default -> nice FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\dftl4u6t.default -> nice FF SelectedSearchEngine: Mozilla\Firefox\Profiles\dftl4u6t.default -> nice FF Homepage: Mozilla\Firefox\Profiles\dftl4u6t.default -> hxxp://www.nicesearches.com?type=hp&ts=1475921813&from=fb081008&uid=toshibaxmk6476gsx_y2n5p0wxtxxy2n5p0wxt&z=817d4136745b9cbdfc61f7cgfz8mfw0tao3gfb5g3e FF Keyword.URL: Mozilla\Firefox\Profiles\dftl4u6t.default -> user_pref("keyword.URL", true); FF Extension: (xRocket Toolbar) - C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\Extensions\arthurj8283@gmail.com [2016-11-08] [ist nicht signiert] FF Extension: (Firefox Hotfix) - C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09] FF Extension: (NoScript) - C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-09] FF SearchPlugin: C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\searchplugins\nice.xml [2016-11-08] FF SearchPlugin: C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\searchplugins\yahoo! powered.xml [2016-09-06] FF ProfilePath: C:\Users\Pascal\AppData\Roaming\Firefox\Firefox\Profiles\dftl4u6t.default [2016-11-14] FF user.js: detected! => C:\Users\Pascal\AppData\Roaming\Firefox\Firefox\Profiles\dftl4u6t.default\user.js [2015-12-13] FF NewTab: Firefox\Firefox\Profiles\dftl4u6t.default -> about:newtab FF DefaultSearchEngine: Firefox\Firefox\Profiles\dftl4u6t.default -> Yahoo! Powered FF SelectedSearchEngine: Firefox\Firefox\Profiles\dftl4u6t.default -> Yahoo! Powered FF Homepage: Firefox\Firefox\Profiles\dftl4u6t.default -> hxxp://www.searchinme.com/?type=hp&ts=1474628277744&z=28731327c48edf9048a328cgdz2mez2qfoft1q9bcb&from=official&uid=TOSHIBAXMK6476GSX_Y2N5P0WXTXXY2N5P0WXT FF Keyword.URL: Firefox\Firefox\Profiles\dftl4u6t.default -> user_pref("keyword.URL", true); FF Extension: (SimilarWeb) - C:\Users\Pascal\AppData\Roaming\Firefox\Firefox\Profiles\dftl4u6t.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2016-09-23] [ist nicht signiert] FF Extension: (FF Adr) - C:\Users\Pascal\AppData\Roaming\Firefox\Firefox\Profiles\dftl4u6t.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2016-09-23] [ist nicht signiert] FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Pascal\AppData\Roaming\Firefox\Firefox\Profiles\dftl4u6t.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2016-09-23] [ist nicht signiert] FF Extension: (English (US) Language Pack) - C:\Users\Pascal\AppData\Roaming\Firefox\Firefox\Profiles\dftl4u6t.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2016-11-14] [ist nicht signiert] FF Extension: (NoScript) - C:\Users\Pascal\AppData\Roaming\Firefox\Firefox\Profiles\dftl4u6t.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-09] FF SearchPlugin: C:\Users\Pascal\AppData\Roaming\Firefox\Firefox\Profiles\dftl4u6t.default\searchplugins\searchinme.xml [2016-09-23] FF SearchPlugin: C:\Users\Pascal\AppData\Roaming\Firefox\Firefox\Profiles\dftl4u6t.default\searchplugins\yahoo! powered.xml [2016-09-06] FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-05-10] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-12-07] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [Keine Datei] FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll [Keine Datei] FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [2011-08-11] (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=1475921813&from=fb081008&uid=toshibaxmk6476gsx_y2n5p0wxtxxy2n5p0wxt&z=817d4136745b9cbdfc61f7cgfz8mfw0tao3gfb5g3e CHR StartupUrls: Default -> "hxxp://www.nicesearches.com?type=hp&ts=1475921813&from=fb081008&uid=toshibaxmk6476gsx_y2n5p0wxtxxy2n5p0wxt&z=817d4136745b9cbdfc61f7cgfz8mfw0tao3gfb5g3e" CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=ds&ts=1475921813&from=fb081008&uid=toshibaxmk6476gsx_y2n5p0wxtxxy2n5p0wxt&z=817d4136745b9cbdfc61f7cgfz8mfw0tao3gfb5g3e&q={searchTerms} CHR DefaultSearchKeyword: Default -> nice CHR Profile: C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default [2016-11-10] CHR Extension: (Google Präsentationen) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-15] CHR Extension: (Google Docs) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-18] CHR Extension: (Google Drive) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-18] CHR Extension: (YouTube) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-18] CHR Extension: (Google-Suche) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-18] CHR Extension: (Google Tabellen) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-15] CHR Extension: (Google Docs Offline) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-26] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-19] CHR Extension: (Google Mail) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-18] CHR Extension: (Chrome Media Router) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-19] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-05-10] ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG) S3 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-02-10] (Atheros Communication Inc.) [Datei ist nicht signiert] R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [114352 2016-11-04] () S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [502032 2011-10-19] (McAfee, Inc.) S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2012-02-22] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [210584 2012-02-22] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [162192 2012-02-22] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) R2 UvConv; C:\Users\Pascal\AppData\Roaming\ibfib\UvConverter.exe [396800 2016-11-14] () [Datei ist nicht signiert] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros) [Datei ist nicht signiert] ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-14] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.) R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.) S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X] S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X] S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X] S3 BtFilter; system32\DRIVERS\btfilter.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-11-14 13:33 - 2016-11-14 13:34 - 00029696 _____ C:\Users\Pascal\Downloads\FRST.txt 2016-11-14 13:33 - 2016-11-14 13:33 - 02411520 _____ (Farbar) C:\Users\Pascal\Downloads\FRST64.exe 2016-11-14 13:33 - 2016-11-14 13:33 - 00000000 ____D C:\FRST 2016-11-14 13:19 - 2016-11-14 13:19 - 22851472 _____ (Malwarebytes ) C:\Users\Pascal\Downloads\mbam-setup-2.2.1.1043.exe 2016-11-14 12:58 - 2016-11-14 12:58 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\ibfib 2016-11-14 12:57 - 2016-11-14 12:57 - 00000000 ____D C:\ProgramData\bfibf 2016-11-14 12:57 - 2016-11-14 12:57 - 00000000 ____D C:\Program Files (x86)\Firefox 2016-11-10 03:41 - 2016-11-10 03:41 - 00000000 ___HD C:\OneDriveTemp 2016-11-09 17:00 - 2016-11-02 16:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-11-09 17:00 - 2016-10-25 16:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-11-09 17:00 - 2016-10-11 16:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2016-11-09 17:00 - 2016-10-10 16:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-11-09 17:00 - 2016-10-10 16:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-11-09 17:00 - 2016-10-10 16:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-11-09 17:00 - 2016-10-07 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-11-09 17:00 - 2016-10-07 16:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-11-09 17:00 - 2016-10-07 16:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-11-09 17:00 - 2016-10-07 16:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-11-09 17:00 - 2016-10-07 16:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-11-09 17:00 - 2016-10-07 16:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-11-09 17:00 - 2016-10-07 16:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-11-09 17:00 - 2016-10-07 16:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2016-11-09 17:00 - 2016-09-09 19:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-11-09 16:59 - 2016-11-02 16:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-11-09 16:59 - 2016-11-02 16:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-11-09 16:59 - 2016-11-02 16:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-11-09 16:59 - 2016-11-02 16:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-11-09 16:59 - 2016-11-02 16:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-11-09 16:59 - 2016-11-02 16:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-11-09 16:59 - 2016-11-02 16:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2016-11-09 16:59 - 2016-11-02 16:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2016-11-09 16:59 - 2016-11-02 15:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-11-09 16:59 - 2016-10-15 16:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-11-09 16:59 - 2016-10-15 16:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-11-09 16:59 - 2016-10-15 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-11-09 16:59 - 2016-10-15 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2016-11-09 16:59 - 2016-10-11 16:32 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2016-11-09 16:59 - 2016-10-11 16:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME 2016-11-09 16:59 - 2016-10-11 16:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2016-11-09 16:59 - 2016-10-11 16:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2016-11-09 16:59 - 2016-10-11 16:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime 2016-11-09 16:59 - 2016-10-11 16:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2016-11-09 16:59 - 2016-10-11 16:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime 2016-11-09 16:59 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime 2016-11-09 16:59 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime 2016-11-09 16:59 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime 2016-11-09 16:59 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime 2016-11-09 16:59 - 2016-10-11 16:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime 2016-11-09 16:59 - 2016-10-11 16:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime 2016-11-09 16:59 - 2016-10-11 16:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME 2016-11-09 16:59 - 2016-10-11 16:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2016-11-09 16:59 - 2016-10-11 16:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2016-11-09 16:59 - 2016-10-11 16:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime 2016-11-09 16:59 - 2016-10-11 16:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll 2016-11-09 16:59 - 2016-10-11 16:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime 2016-11-09 16:59 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime 2016-11-09 16:59 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime 2016-11-09 16:59 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime 2016-11-09 16:59 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime 2016-11-09 16:59 - 2016-10-11 16:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime 2016-11-09 16:59 - 2016-10-11 16:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime 2016-11-09 16:59 - 2016-10-11 15:53 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2016-11-09 16:59 - 2016-10-10 16:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-11-09 16:59 - 2016-10-10 16:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-11-09 16:59 - 2016-10-10 16:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-11-09 16:59 - 2016-10-10 16:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-11-09 16:59 - 2016-10-10 16:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-11-09 16:59 - 2016-10-10 16:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-11-09 16:59 - 2016-10-10 16:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-11-09 16:59 - 2016-10-10 16:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-11-09 16:59 - 2016-10-10 16:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-11-09 16:59 - 2016-10-10 16:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-11-09 16:59 - 2016-10-10 16:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-11-09 16:59 - 2016-10-10 16:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-11-09 16:59 - 2016-10-10 16:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-11-09 16:59 - 2016-10-10 16:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-11-09 16:59 - 2016-10-10 16:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-11-09 16:59 - 2016-10-10 16:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-11-09 16:59 - 2016-10-10 16:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-11-09 16:59 - 2016-10-10 16:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-11-09 16:59 - 2016-10-10 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-11-09 16:59 - 2016-10-10 16:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-11-09 16:59 - 2016-10-10 15:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-11-09 16:59 - 2016-10-10 15:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-11-09 16:59 - 2016-10-10 15:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-11-09 16:59 - 2016-10-10 15:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-11-09 16:59 - 2016-10-10 15:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-11-09 16:59 - 2016-10-10 15:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-11-09 16:59 - 2016-10-07 16:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 16:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-11-09 16:59 - 2016-10-07 16:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-11-09 16:59 - 2016-10-07 16:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-11-09 16:59 - 2016-10-07 16:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-11-09 16:59 - 2016-10-07 16:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-11-09 16:59 - 2016-10-07 15:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-11-09 16:59 - 2016-10-07 15:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-11-09 16:59 - 2016-10-07 15:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-11-09 16:59 - 2016-10-07 15:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-11-09 16:59 - 2016-10-07 15:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-11-09 16:59 - 2016-10-07 15:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 15:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 15:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-11-09 16:59 - 2016-10-07 15:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-11-09 16:59 - 2016-10-05 15:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2016-11-09 16:59 - 2016-09-15 15:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2016-11-09 16:59 - 2016-09-13 16:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-11-09 16:59 - 2016-09-13 16:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-11-09 16:59 - 2016-09-09 19:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2016-11-09 16:59 - 2016-08-22 17:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2016-11-08 12:03 - 2016-11-08 12:03 - 00000000 ____D C:\ProgramData\ficfi 2016-11-08 12:03 - 2016-11-08 12:03 - 00000000 ____D C:\ProgramData\cficf 2016-11-08 12:03 - 2016-11-08 12:03 - 00000000 ____D C:\Program Files\kdoaa 2016-11-07 00:51 - 2016-11-08 00:51 - 00000000 ____D C:\Users\Pascal\AppData\Local\55994758-7728-2EE3-91E7-317795CF9621 2016-11-07 00:51 - 2016-11-07 00:51 - 00000988 _____ C:\Windows\Tasks\Bing Search Engine tefof.job 2016-11-07 00:51 - 2016-11-07 00:51 - 00000000 ____D C:\ProgramData\{FBD73EB4-7195-B472-F753-2A306D11A1FE} 2016-11-04 00:47 - 2016-11-04 00:47 - 00000000 ____D C:\Users\Pascal\AppData\Local\Setup1341361055 2016-11-02 00:47 - 2016-11-02 00:47 - 00000000 ____D C:\Users\Pascal\AppData\Local\Setup1168571384 2016-10-29 23:50 - 2016-11-14 12:57 - 00000342 _____ C:\Windows\Tasks\{2F245606-2092-1189-6986-0B90E3646478}.job 2016-10-29 23:50 - 2016-10-29 23:50 - 00003286 _____ C:\Windows\System32\Tasks\{2F245606-2092-1189-6986-0B90E3646478} 2016-10-29 23:50 - 2016-10-29 23:50 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk 2016-10-29 19:05 - 2016-10-29 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2016-10-28 11:26 - 2016-11-14 12:58 - 00000000 ____D C:\ProgramData\QQBrowser 2016-10-28 11:26 - 2016-10-28 11:26 - 00000000 ____D C:\ProgramData\fibfi 2016-10-21 14:55 - 2016-11-14 12:57 - 00000000 ____D C:\ProgramData\BaofengUpdate_U 2016-10-21 14:55 - 2016-10-21 14:55 - 00000000 ____D C:\ProgramData\gjcgj 2016-10-20 23:48 - 2016-10-20 23:48 - 00002265 _____ C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2016-10-20 23:48 - 2016-10-20 23:48 - 00002257 _____ C:\Users\Pascal\Desktop\Chromium.lnk 2016-10-20 23:47 - 2016-11-14 12:57 - 00000340 _____ C:\Windows\Tasks\{2E0498F6-8153-6B3C-F94B-1D66661CE914}.job 2016-10-20 23:47 - 2016-11-07 00:51 - 00000000 ____D C:\Users\Pascal\AppData\Local\{580C6E50-7CA4-02E8-113C-27003554DB98} 2016-10-20 23:47 - 2016-10-21 23:47 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\{58516EEA-7D03-039C-1635-244ECAE7D970} 2016-10-20 23:47 - 2016-10-20 23:48 - 00003284 _____ C:\Windows\System32\Tasks\{2E0498F6-8153-6B3C-F94B-1D66661CE914} 2016-10-20 23:47 - 2016-10-20 23:47 - 00016335 _____ C:\Users\Pascal\AppData\Roaming\Disoralepo 2016-10-17 21:57 - 2016-10-17 22:12 - 2038110911 _____ C:\Users\Pascal\Downloads\The.Walking.Dead.S02E04.720p.HDTV.x264-IMMERSE.mkv 2016-10-17 21:01 - 2016-10-17 21:08 - 957692739 _____ C:\Users\Pascal\Downloads\The.Walking.Dead.S02E03.720p.HDTV.x264-IMMERSE.mkv 2016-10-17 20:50 - 2016-10-17 21:00 - 1268468570 _____ C:\Users\Pascal\Downloads\The.Walking.Dead.S02E02.720p.HDTV.x264-IMMERSE.mkv ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-11-14 13:28 - 2015-12-15 11:06 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-14 13:24 - 2016-08-17 00:17 - 00001332 _____ C:\Users\Pascal\Desktop\Neues Textdokument.txt 2016-11-14 13:21 - 2016-01-19 01:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-11-14 13:20 - 2016-01-19 01:02 - 00001088 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-11-14 13:20 - 2016-01-19 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-11-14 13:20 - 2016-01-19 01:02 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-11-14 13:14 - 2012-05-10 16:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-11-14 13:08 - 2016-09-23 11:55 - 00000000 _____ C:\Users\Public\Documents\report.dat 2016-11-14 12:59 - 2015-12-07 19:37 - 00699370 _____ C:\Windows\system32\perfh007.dat 2016-11-14 12:59 - 2015-12-07 19:37 - 00149220 _____ C:\Windows\system32\perfc007.dat 2016-11-14 12:59 - 2009-07-14 06:13 - 01619896 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-14 12:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-11-14 12:58 - 2015-12-22 13:54 - 00001969 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-11-14 12:57 - 2016-09-23 11:55 - 00000000 _____ C:\Users\Public\Documents\temp.dat 2016-11-14 12:57 - 2016-09-06 15:47 - 00000328 _____ C:\Windows\Tasks\{55994758-7728-2EE3-91E7-317795CF9621}.job 2016-11-14 12:57 - 2015-12-22 13:54 - 00001899 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-11-14 06:57 - 2016-05-08 02:45 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Skype 2016-11-14 05:46 - 2016-09-06 15:46 - 00000000 ____D C:\ProgramData\{1C7FD91C-963D-53DA-10FB-CD988AB94656} 2016-11-14 04:04 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-11-14 04:04 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-11-14 04:02 - 2016-10-02 20:50 - 00000000 ___RD C:\Users\Pascal\OneDrive 2016-11-14 03:57 - 2016-09-06 15:49 - 00003114 _____ C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2016-11-14 03:56 - 2015-12-15 11:06 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-14 03:56 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-11-14 03:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2016-11-13 04:05 - 2016-07-02 18:59 - 00000946 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-11-11 13:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2016-11-10 03:42 - 2016-08-14 18:14 - 00000000 ____D C:\Windows\system32\MRT 2016-11-10 03:39 - 2009-07-14 05:45 - 00271440 _____ C:\Windows\system32\FNTCACHE.DAT 2016-11-10 03:36 - 2016-02-09 00:06 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\SoftGrid Client 2016-11-10 03:04 - 2016-08-14 18:13 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-11-09 01:14 - 2016-07-02 18:59 - 00003944 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2016-11-09 01:14 - 2012-05-10 16:09 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-11-09 01:14 - 2012-05-10 16:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-11-09 01:14 - 2012-05-10 16:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-11-09 01:14 - 2012-05-10 16:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-11-09 01:14 - 2012-05-10 16:09 - 00000000 ____D C:\Windows\system32\Macromed 2016-11-07 00:52 - 2009-07-14 06:08 - 00021348 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-11-07 00:51 - 2016-09-06 15:47 - 00003272 _____ C:\Windows\System32\Tasks\{55994758-7728-2EE3-91E7-317795CF9621} 2016-11-07 00:50 - 2016-09-06 16:47 - 00000247 _____ C:\Users\Pascal\AppData\Roaming\WB.CFG 2016-11-07 00:50 - 2015-12-17 10:06 - 00000306 __RSH C:\ProgramData\ntuser.pol 2016-11-06 01:56 - 2015-12-24 10:44 - 00000000 ____D C:\Users\Pascal\AppData\Local\CrashDumps 2016-10-31 10:19 - 2016-10-12 11:40 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\{0BA33D18-2EF1-506E-45C7-77BC99158A82} 2016-10-29 23:52 - 2016-10-12 11:39 - 00000000 ____D C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A} 2016-10-29 23:50 - 2016-10-12 11:40 - 00018556 _____ C:\Users\Pascal\AppData\Roaming\Rerotecenag 2016-10-29 19:05 - 2016-07-11 00:13 - 00000000 ____D C:\Program Files\McAfee Security Scan 2016-10-29 19:05 - 2016-07-02 18:59 - 00001944 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2016-10-26 16:29 - 2010-11-21 04:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-10-26 11:44 - 2015-12-15 11:07 - 00002163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-26 11:44 - 2015-12-15 11:07 - 00002151 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-10-21 13:13 - 2012-05-10 15:38 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-10-21 13:13 - 2012-05-10 15:37 - 00000000 ____D C:\ProgramData\Skype 2016-10-20 23:48 - 2016-05-21 08:17 - 00000000 ____D C:\Users\Pascal\AppData\Local\Chromium 2016-10-19 12:14 - 2015-12-07 10:58 - 00000000 ____D C:\Users\UpdatusUser 2016-10-17 23:47 - 2016-09-06 15:46 - 00000000 ____D C:\Users\Pascal\AppData\Local\{756043DB-5032-2EAD-3B04-097FE7D6F441} ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-10-20 23:47 - 2016-10-20 23:47 - 0016335 _____ () C:\Users\Pascal\AppData\Roaming\Disoralepo 2016-10-12 11:40 - 2016-10-29 23:50 - 0018556 _____ () C:\Users\Pascal\AppData\Roaming\Rerotecenag 2016-09-06 16:47 - 2016-11-07 00:50 - 0000247 _____ () C:\Users\Pascal\AppData\Roaming\WB.CFG 2015-12-07 11:18 - 2015-12-07 11:21 - 0002459 _____ () C:\ProgramData\clear.fiSDK20.log 2015-12-07 11:20 - 2015-12-07 11:20 - 0000032 _____ () C:\ProgramData\PS.log Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Windows\Tasks\{2E0498F6-8153-6B3C-F94B-1D66661CE914}.job C:\Windows\Tasks\{2F245606-2092-1189-6986-0B90E3646478}.job C:\Windows\Tasks\{55994758-7728-2EE3-91E7-317795CF9621}.job Einige Dateien in TEMP: ==================== C:\Users\Pascal\AppData\Local\Temp\browsersecurity.exe ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-11-14 00:58 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-11-2016
durchgeführt von Pascal (14-11-2016 13:35:04)
Gestartet von C:\Users\Pascal\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-12-13 14:43:42)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-926593798-233215359-281748651-500 - Administrator - Disabled)
Gast (S-1-5-21-926593798-233215359-281748651-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-926593798-233215359-281748651-1003 - Limited - Enabled)
Pascal (S-1-5-21-926593798-233215359-281748651-1001 - Administrator - Enabled) => C:\Users\Pascal
UpdatusUser (S-1-5-21-926593798-233215359-281748651-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2108.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2108.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}) (Version: 1.00.3004 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3503 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.109.2020.209 - Alps Electric)
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Bing Search Engine (HKLM-x32\...\{59EAB12A-096A-60AA-B8EA-102A686AC3AA}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Chromium (HKU\S-1-5-21-926593798-233215359-281748651-1001\...\Chromium) (Version: 51.0.2681.0 - Chromium)
Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version: - )
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 12.3.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 11.0.623 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.427.2 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-926593798-233215359-281748651-1001\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 296.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.32 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Qualcomm Atheros Direct Connect (x32 Version: 3.1 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.1 - Qualcomm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Sid Meier's Civilization V The Complete Edition repack Mr DJ version 1.0.3.279 (HKLM-x32\...\Sid Meier's Civilization V The Complete Edition ~01EC3566_is1) (Version: 1.0.3.279 - Mr DJ)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Tales of Monkey Island (HKLM-x32\...\Tales of Monkey Island) (Version: 3.0.0.0 - Telltale Games)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.19051 - WinZip International LLC) <==== ACHTUNG
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-926593798-233215359-281748651-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Pascal\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-926593798-233215359-281748651-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Pascal\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {06439B1D-7E95-4798-83CC-72E432CC8241} - System32\Tasks\{2F245606-2092-1189-6986-0B90E3646478} => C:\Users\Pascal\AppData\Roaming\{0BA33D18-2EF1-506E-45C7-77BC99158A82}\UpdateTask.exe [2013-04-18] () <==== ACHTUNG
Task: {0D251F86-58BB-4672-AF2E-893C0FE0FFA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-15] (Google Inc.)
Task: {0D76C89D-6432-4FF2-B89A-D6D1C221F04C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-06] (AVAST Software)
Task: {1CE49D3B-D977-4255-AC56-81E98CE80456} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {28B89808-C542-4C8D-9DA8-6044A5255EC6} - System32\Tasks\{2F177DCC-7812-4640-8459-4CC1FF07B363} => C:\Program Files (x86)\Infogrames\Civilization III\Civilization3.exe [2002-01-28] ()
Task: {58245C74-201C-4DD6-82B8-BAB2E43D5A63} - \Seventh -> Keine Datei <==== ACHTUNG
Task: {6E652865-2E77-4E27-A6A1-D2F37DE81B74} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2016-05-12] (Nico Mak Computing) <==== ACHTUNG
Task: {6F8FB108-4AAF-40DC-8A0F-50E748B6B6F4} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {783B8BC8-4EF4-43B5-B3F9-BCA5C5AF7DBC} - System32\Tasks\{D6F97620-A5A2-4F6D-B28E-D3CE66CFA569} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.111/de/abandoninstall?page=tsProgressBar
Task: {7D33826D-33F2-44C3-A7F9-71446DE81B7B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-15] (Google Inc.)
Task: {882B9192-7184-4458-9C39-36DD6A34341D} - \Genius_Interval -> Keine Datei <==== ACHTUNG
Task: {9276967C-2234-45A4-8E7E-CB7E0B43CD72} - System32\Tasks\{422057EC-1F8C-4B9C-8773-6C1BD86F0575} => pcalua.exe -a E:\DE_Fallout_3_DLC.EXE -d E:\
Task: {99F4CD5F-C70C-4FA6-8748-55EDFD381B59} - \ChelfNotify Task -> Keine Datei <==== ACHTUNG
Task: {9E0DF9AE-E821-4752-92B8-00979308B758} - System32\Tasks\{17616B16-B9C9-D3F6-AF40-B36CF3DBFA23} => Regsvr32.exe /s /n /i:"/rt" "C:\ProgramData\5db217b6\76ea15c9.dll" <==== ACHTUNG
Task: {C1CF3BF6-EF00-4EE3-A6C3-D560FF205318} - System32\Tasks\Yahoo! Powered tefof => Wscript.exe "C:\ProgramData\{1C7FD91C-963D-53DA-10FB-CD988AB94656}\fere.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b31433746443931432d393633442d353344412d313046422d4344393838414239343635367d5c73616e6f7465" "433a5c50726f6772616d446174615c7b31433746443931432d393633442d353344412d313046 (Der Dateneintrag hat 78 mehr Zeichen).
Task: {C9A6D601-F0BF-4B90-8646-1C448DAB5AEE} - System32\Tasks\{55994758-7728-2EE3-91E7-317795CF9621} => C:\Users\Pascal\AppData\Local\55994758-7728-2EE3-91E7-317795CF9621\Updater.exe [2013-04-18] ()
Task: {D08D8EA8-C651-4860-AEC1-74B4480783A1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {DEF47B3E-D878-47A1-8DB4-EB9AE077535B} - System32\Tasks\{2E0498F6-8153-6B3C-F94B-1D66661CE914} => C:\Users\Pascal\AppData\Roaming\{58516EEA-7D03-039C-1635-244ECAE7D970}\synhelper.exe [2013-04-13] () <==== ACHTUNG
Task: {E6086F1D-8C3A-4621-B39B-50F93727A0CF} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2016-06-08] (Acer Incorporated)
Task: {EEB2D730-8619-44A8-95EC-66CD78F079EC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {F727BFE8-1A84-41BC-B203-C04A7214F791} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
Task: {FA9FACE8-6C5F-4F87-864D-18DEE184ECA4} - \Genius -> Keine Datei <==== ACHTUNG
Task: {FC7CE19A-79EE-40A9-856E-9FC334732C06} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {FFAC2B92-BBE6-4E37-B52F-8582B173F169} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bing Search Engine tefof.job => Wscript.exe C:\ProgramData\{FBD73EB4-7195-B472-F753-2A306D11A1FE}\fere.txt <==== ACHTUNG
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{2E0498F6-8153-6B3C-F94B-1D66661CE914}.job => C:\Users\Pascal\AppData\Roaming\{58516EEA-7D03-039C-1635-244ECAE7D970}\synhelper.exe <==== ACHTUNG
Task: C:\Windows\Tasks\{2F245606-2092-1189-6986-0B90E3646478}.job => C:\Users\Pascal\AppData\Roaming\{0BA33D18-2EF1-506E-45C7-77BC99158A82}\UpdateTask.exe <==== ACHTUNG
Task: C:\Windows\Tasks\{55994758-7728-2EE3-91E7-317795CF9621}.job => C:\Users\Pascal\AppData\Local\55994758-7728-2EE3-91E7-317795CF9621\Updater.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-30 21:42 - 2016-09-30 21:42 - 01864384 _____ () C:\Users\Pascal\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2012-05-10 15:56 - 2012-02-14 02:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-04-07 04:29 - 2012-04-07 04:29 - 00040552 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-04-07 04:29 - 2012-04-07 04:29 - 00022120 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2016-11-14 12:57 - 2016-11-04 05:15 - 00114352 _____ () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
2016-11-14 12:58 - 2016-11-14 06:14 - 00396800 _____ () C:\Users\Pascal\AppData\Roaming\ibfib\UvConverter.exe
2012-01-05 22:22 - 2012-01-05 22:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2016-09-06 15:46 - 2015-03-17 10:03 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2016-09-06 15:46 - 2016-05-12 12:36 - 01718000 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2016-09-06 15:46 - 2015-03-17 10:03 - 00168448 _____ () C:\Program Files (x86)\WinZip Malware Protector\UNRAR.DLL
2016-09-30 21:41 - 2016-09-30 21:41 - 01383616 _____ () C:\Users\Pascal\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-09-30 21:42 - 2016-09-30 21:42 - 00118976 _____ () C:\Users\Pascal\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-05-14 00:10 - 2016-05-14 00:10 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9494e643d25019b25b5cf70f2ffc0778\IsdiInterop.ni.dll
2015-12-07 10:45 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-12-07 10:59 - 2011-12-16 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-11-09 00:14 - 2016-11-09 00:14 - 19640512 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData:gs5sys [7170]
AlternateDataStreams: C:\Users\All Users:gs5sys [7170]
AlternateDataStreams: C:\Users\Pascal:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys [7170]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [7170]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys [3074]
AlternateDataStreams: C:\Users\Pascal\Anwendungsdaten:gs5sys [3074]
AlternateDataStreams: C:\Users\Pascal\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Pascal\Lokale Einstellungen:gs5sys [3074]
AlternateDataStreams: C:\Users\Pascal\Vorlagen:gs5sys [3074]
AlternateDataStreams: C:\Users\Pascal\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Pascal\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Pascal\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Pascal\AppData\Local\Anwendungsdaten:gs5sys [3074]
AlternateDataStreams: C:\Users\Pascal\AppData\Local\Verlauf:gs5sys [3074]
AlternateDataStreams: C:\Users\Pascal\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2304]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-926593798-233215359-281748651-1001\...\hola.org -> hxxp://hola.org
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2016-10-29 19:05 - 00000859 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-926593798-233215359-281748651-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 193.213.112.4 - 130.67.15.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{295AE080-084B-4CD7-A66D-73879A56EFDA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4EE91DFE-C2B6-42F7-945A-C1664271BE44}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{BD310088-E4D4-4487-88F9-50485A3AEE5B}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{06C1CE2D-9950-4FFC-829C-0078196C41B6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D1168825-262B-48D5-A710-D95CDB05C629}] => (Allow) LPort=2869
FirewallRules: [{90B27206-2DCE-45CE-BABD-E1663237D2B0}] => (Allow) LPort=1900
FirewallRules: [{E638D18E-58A2-4183-B242-7D61400BBDF4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0F1B8B43-D34C-45C8-960B-0E800CC4F33E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1B54ED8D-4DED-4D92-AAE3-52C7D084A4EE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{368CC89E-4A4B-4F53-B8C1-15799187EE00}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{68B1D0A9-DC17-420F-901D-A9708480AEAD}] => (Allow) C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe
FirewallRules: [{BE35AA1D-C00F-4FB9-BA09-14776D453FDF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{ECAD0662-4DF5-4D04-9724-2E53AE420C1D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{D5765681-4499-4EF2-9212-FD81FD6B6C60}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{5ACF8893-0695-4520-9A60-28583C2E76FD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{820FDCC1-6B2C-4543-A80C-A0A5B476B44B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{D5936C7C-FCDD-420B-BAD4-7E60E00C5C40}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{3BAB2551-F6AA-41F2-B2F2-B2F3EE9A8793}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{F3C2AB58-0E2B-4102-AB54-D69F988BB4E3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{B803AB91-4792-401E-968F-1F6C500DA1D0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\VideoPlayer.exe
FirewallRules: [{98ACC8A5-59D8-4B29-B512-E252500C89ED}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\MusicPlayer.exe
FirewallRules: [{06AFC4A4-9114-49A9-A730-8F25A45AC636}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2CCDA31-3FA6-4727-86DB-321117FF6F31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BA0A722-4479-4AE5-B10D-24CD7D6E59B3}] => (Allow) C:\Users\Public\Games\Runic Games\Torchlight 2\tl2.runic.launcher.exe
FirewallRules: [{B2E48D7E-8FF7-42F9-856A-56FC6D949CF9}] => (Allow) C:\Users\Public\Games\Runic Games\Torchlight 2\tl2.runic.launcher.exe
FirewallRules: [{765B92BD-F908-42B9-9FDD-E5C7B24F9608}] => (Allow) C:\Users\Public\Games\Runic Games\Torchlight 2\Torchlight2.exe
FirewallRules: [{D3FFF5AB-1916-4FD5-AE98-C8E2C02C4844}] => (Allow) C:\Users\Public\Games\Runic Games\Torchlight 2\Torchlight2.exe
FirewallRules: [{F43A7D3A-4566-495F-8937-89E6D7E7387A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{40C989D1-EDDF-489F-91CD-0C1E4F9FF8AF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{14830497-A5AD-41CB-ADFB-ACFFE3B16153}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D55C607C-06F7-427B-B92C-AF20197EC268}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{D8B3B794-0EEE-40D5-806A-68AE29D8574C}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [UDP Query User{D3B4BB51-4818-437F-90E0-F97959CF2D5C}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [{B9024E98-BD88-4AA7-A969-FA0F40F1E82D}] => (Allow) C:\Program Files (x86)\Mr DJ\Sid Meier's Civilization V The Complete Edition repack Mr DJ\Launcher.exe
FirewallRules: [{629EC3D3-5519-4284-8847-867350CEBC4E}] => (Allow) C:\Program Files (x86)\Mr DJ\Sid Meier's Civilization V The Complete Edition repack Mr DJ\Launcher.exe
FirewallRules: [{538DA149-7CAF-489C-AC2A-2420F66E5EBA}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe
FirewallRules: [{989A5C6A-FFFF-4A8C-AE54-F5404E88EE81}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{AD7DCC9E-75F9-4A35-95A1-8EF77BC78E35}] => (Allow) C:\Users\Pascal\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{804712E9-366F-4E8B-B270-2460D51867FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8C3A6A6F-2CC9-4058-9DBB-902552100831}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{BC1D39E2-0A88-49B8-99E8-0CD86A760EAD}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
==================== Wiederherstellungspunkte =========================
25-10-2016 11:44:07 Windows Update
28-10-2016 23:19:30 Windows Update
01-11-2016 15:24:17 Windows Update
04-11-2016 21:03:02 Windows Update
10-11-2016 03:00:28 Windows Update
14-11-2016 04:01:16 Windows Defender Checkpoint
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/14/2016 04:06:13 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (11/14/2016 04:01:15 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {586067a4-f985-41bd-8f1d-8cdaa9735c26}
Error: (11/14/2016 03:56:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (11/13/2016 08:56:18 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (11/12/2016 12:46:44 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (11/10/2016 03:49:44 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (11/10/2016 03:40:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (11/09/2016 05:07:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (11/07/2016 09:26:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: HTTP-Status 403: Der Client verfügt nicht über genügend Zugriffsrechte auf das angeforderte Serverobjekt.
Error: (11/07/2016 09:17:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Systemfehler:
=============
Error: (11/14/2016 12:58:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "UvConv" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/10/2016 03:20:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Update Service(FirefoxU)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/10/2016 03:20:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Command Service(CommandHandler)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/08/2016 12:03:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "UvConv" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/07/2016 12:54:09 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (11/07/2016 12:54:09 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (11/07/2016 12:53:09 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Anwendungserfahrung" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (11/07/2016 12:52:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/07/2016 12:52:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/07/2016 12:52:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 64%
Installierter physikalischer RAM: 3934.36 MB
Verfügbarer physikalischer RAM: 1413.38 MB
Summe virtueller Speicher: 7866.89 MB
Verfügbarer virtueller Speicher: 4797.9 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:288.23 GB) (Free:185.14 GB) NTFS
Drive d: (Data) (Fixed) (Total:288.31 GB) (Free:287.81 GB) NTFS
Drive e: (CIV3) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: CB143CBE)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=288.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=288.3 GB) - (Type=OF Extended)
==================== Ende von Addition.txt ============================
Code:
ATTFilter # AdwCleaner v6.030 - Bericht erstellt am 14/11/2016 um 13:58:33
# Aktualisiert am 19/10/2016 von Malwarebytes
# Datenbank : 2016-11-13.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : Pascal - PASCAL-PC
# Gestartet von : C:\Users\Pascal\Downloads\AdwCleaner_6.030.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Dienst Gefunden: FirefoxU
***** [ Ordner ] *****
Ordner Gefunden: C:\ProgramData\5db217b6
Ordner Gefunden: C:\Users\Pascal\AppData\Local\Hola
Ordner Gefunden: C:\Users\Pascal\AppData\Roaming\Common\LuaRT
Ordner Gefunden: C:\Users\Pascal\AppData\Roaming\Hola
Ordner Gefunden: C:\Users\Pascal\AppData\Roaming\Sixth
Ordner Gefunden: C:\Users\Pascal\AppData\Roaming\GeniusCache
Ordner Gefunden: C:\Users\Pascal\AppData\Roaming\efo
Ordner Gefunden: C:\Program Files\Hola
Ordner Gefunden: C:\Program Files\WinZip Driver Updater
Ordner Gefunden: C:\ProgramData\QQBrowser
Ordner Gefunden: C:\ProgramData\BaofengUpdate_U
Ordner Gefunden: C:\ProgramData\Application Data\QQBrowser
Ordner Gefunden: C:\ProgramData\Application Data\BaofengUpdate_U
Ordner Gefunden: C:\Program Files (x86)\WinZip Malware Protector
Ordner Gefunden: C:\Program Files (x86)\Firefox
Ordner Gefunden: C:\Users\Pascal\AppData\Roaming\efo
Ordner Gefunden: C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com
Ordner Gefunden: C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com
Ordner Gefunden: C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com
Ordner Gefunden: C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com
***** [ Dateien ] *****
Datei Gefunden: C:\Windows\SysNative\log\iSafeKrnlCall.log
Datei Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
Datei Gefunden: C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\searchplugins\yahoo! powered.xml
Datei Gefunden: C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\searchplugins\nice.xml
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Aufgabe Gefunden: ChelfNotify Task
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F}
Schlüssel Gefunden: HKU\.DEFAULT\Software\Hola
Schlüssel Gefunden: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Hola
Schlüssel Gefunden: HKU\S-1-5-21-926593798-233215359-281748651-1001\Software\Hola
Schlüssel Gefunden: HKU\S-1-5-21-926593798-233215359-281748651-1001\Software\PRODUCTSETUP
Schlüssel Gefunden: HKU\S-1-5-21-926593798-233215359-281748651-1001\Software\csastats
Schlüssel Gefunden: HKU\S-1-5-21-926593798-233215359-281748651-1001\Software\Corner Sunshine
Schlüssel Gefunden: HKU\S-1-5-21-926593798-233215359-281748651-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Hola
Schlüssel Gefunden: HKU\S-1-5-21-926593798-233215359-281748651-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\PRODUCTSETUP
Schlüssel Gefunden: HKU\S-1-5-21-926593798-233215359-281748651-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\csastats
Schlüssel Gefunden: HKU\S-1-5-21-926593798-233215359-281748651-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\NICO MAK COMPUTING\WINZIP MALWARE PROTECTOR
Schlüssel Gefunden: HKU\S-1-5-21-926593798-233215359-281748651-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Corner Sunshine
Schlüssel Gefunden: HKU\S-1-5-18\Software\Hola
Schlüssel Gefunden: HKCU\Software\Hola
Schlüssel Gefunden: HKCU\Software\PRODUCTSETUP
Schlüssel Gefunden: HKCU\Software\csastats
Schlüssel Gefunden: HKCU\Software\Corner Sunshine
Schlüssel Gefunden: HKLM\SOFTWARE\ScreenShot
Schlüssel Gefunden: HKLM\SOFTWARE\Corner Sunshine
Schlüssel Gefunden: HKLM\SOFTWARE\WinSaberSvc
Schlüssel Gefunden: HKLM\SOFTWARE\amule-custom
Schlüssel Gefunden: HKLM\SOFTWARE\mylucky123Software
Schlüssel Gefunden: HKLM\SOFTWARE\UvConverter
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Schlüssel Gefunden: HKLM\SOFTWARE\CLIENTS\Corner Sunshine
Schlüssel Gefunden: [x64] HKCU\Software\Hola
Schlüssel Gefunden: [x64] HKCU\Software\PRODUCTSETUP
Schlüssel Gefunden: [x64] HKCU\Software\csastats
Schlüssel Gefunden: [x64] HKCU\Software\Corner Sunshine
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Hola
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\WebBar
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\CLIENTS\Corner Sunshine
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [HealerCheckout.exe]
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Sunshinesvc]
Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
Schlüssel Gefunden: HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
Schlüssel Gefunden: HKLM\SYSTEM\ControlSet002\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
Schlüssel Gefunden: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
Schlüssel Gefunden: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
Wert Gefunden: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
Wert Gefunden: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
Wert Gefunden: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
Wert Gefunden: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
***** [ Internetbrowser ] *****
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\prefs.js] - "browser.newtab.url" - "hxxp://www.nicesearches.com?type=hp&ts=1475921813&from=fb081008&uid=toshibaxmk6476gsx_y2n
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\prefs.js] - "browser.search.defaultenginename" - "nice"
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\prefs.js] - "browser.search.order.1" - "nice"
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\prefs.js] - "browser.search.searchengine.iconURL" - "hxxp://www.nicesearches.com/favicon.ico?t=1"
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\prefs.js] - "browser.search.searchengine.name" - "nice"
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\prefs.js] - "browser.search.searchengine.url" - "hxxp://www.nicesearches.com/search.php?type=ds&ts=1478576226&from=ead80003&u
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\prefs.js] - "browser.search.selectedEngine" - "nice"
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\prefs.js] - "browser.startup.homepage" - "hxxp://www.nicesearches.com?type=hp&ts=1475921813&from=fb081008&uid=toshibaxmk6476g
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\user.js] - "browser.newtab.url" - "hxxp://www.nicesearches.com?type=hp&ts=1475921813&from=fb081008&uid=toshibaxmk6476gsx_y2n5
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\user.js] - "browser.search.defaultenginename" - "nice"
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\user.js] - "browser.search.order.1" - "nice"
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\user.js] - "browser.search.searchengine.iconURL" - "hxxp://www.nicesearches.com/favicon.ico?t=1"
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\user.js] - "browser.search.searchengine.name" - "nice"
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\user.js] - "browser.search.searchengine.url" - "hxxp://www.nicesearches.com/search.php?type=ds&ts=1478576226&from=ead80003&ui
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\user.js] - "browser.search.selectedEngine" - "nice"
Firefox pref Gefunden: [C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\user.js] - "browser.startup.homepage" - "hxxp://www.nicesearches.com?type=hp&ts=1475921813&from=fb081008&uid=toshibaxmk6476gs
Chrome pref Gefunden: [C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Web data] - searchinterneat-a.akamaihd.net
Chrome pref Gefunden: [C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.nicesearches.com?type=hp&ts=1475921813&from=fb081008&uid=toshibaxmk6476gsx_y2n5p0wxtxxy2n5p0wxt&z=817d413
Chrome pref Gefunden: [C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://www.nicesearches.com?type=hp&ts=1475921813&from=fb081008&uid=toshibaxmk6476gsx_y2n5p0wxtxxy2n5p0wxt&z=817d41
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [9902 Bytes] - [14/11/2016 13:58:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9975 Bytes] ##########
Geändert von gintake (14.11.2016 um 15:59 Uhr) |
|
14.11.2016, 15:47
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden Hi und
__________________ Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
14.11.2016, 16:05
| #3 |
| | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden Die Logs sind nun im richtigen Format.
__________________ |
|
14.11.2016, 16:07
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden+++ WICHTIGER HINWEIS +++ Während der Analyse und Bereinigung nimmst du KEINERLEI Änderungen auf eigene Faust vor, d.h. du installierst oder deinstallierst keine Software ohne Absprache. Auch veränderst du keine Systemeinstellungen, solange wir deinen Fall bearbeiten. Änderungen, Installationen oder Deinstallationen machst du AUSSCHLIESSLICH nur auf Anweisung! Es wird erforderlich sein, deinen Virenscanner zu deaktivieren und in bestimmten Fällen auch zu deinstallieren, damit vernünftig bereinigt werden kann. Dein System ist daher erst wenn wir hier fertig sind wieder für den alltäglichen Gebrauch wie surfen oder mailen von mir freigegeben. Gelesen und verstanden? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.11.2016, 16:12
| #5 |
| | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden Gelesen und verstanden. Das sind soweit alle Scans die ich habe. |
|
14.11.2016, 16:20
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden Und du bist dir da ganz sicher? Denn du hast Malwarebytes installiert: Zitat:
__________________ --> Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden |
|
14.11.2016, 16:38
| #7 |
| | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden Ja stimmt, ich lasse den Scan jetzt durchlaufen und poste dann das Protokoll. Dachte es funktioniert , aufgrund abgelaufener Testversion, nicht mehr.Malwarebyte Scan: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 14.11.2016 Suchlaufzeit: 16:23 Protokolldatei: Malwarebytes-Scan.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.11.14.07 Rootkit-Datenbank: v2016.10.31.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Pascal Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 322637 Abgelaufene Zeit: 12 Min., 37 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 3 PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\bin\FIREFOXUPDATE.EXE, 4852, , [46e9536d1d7d47ef33a61d2ee32039c7] PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\Firefox.exe, 3632, , [46e9536d1d7d47ef33a61d2ee32039c7] PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\PLUGIN-CONTAINER.EXE, 5944, , [46e9536d1d7d47ef33a61d2ee32039c7] Module: 60 PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CORE-FILE-L1-2-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CORE-FILE-L1-2-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CORE-FILE-L2-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CORE-FILE-L2-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CORE-LOCALIZATION-L1-2-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CORE-PROCESSTHREADS-L1-1-1.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CORE-SYNCH-L1-2-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CORE-SYNCH-L1-2-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-CONVERT-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-CONVERT-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-ENVIRONMENT-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-FILESYSTEM-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-HEAP-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-HEAP-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-LOCALE-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-LOCALE-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-MATH-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-MATH-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-MULTIBYTE-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-RUNTIME-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-STDIO-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-STDIO-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-STRING-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-STRING-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-TIME-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-TIME-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\D3DCOMPILER_47.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\freebl3.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\lgpllibs.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\lgpllibs.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\libEGL.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\LIBGLESV2.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\MOZAVCODEC.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\MOZAVUTIL.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\msvcp140.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\msvcp140.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\nss3.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\nss3.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\nssckbi.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\nssdbm3.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\softokn3.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\ucrtbase.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\ucrtbase.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\VCRUNTIME140.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\VCRUNTIME140.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\xul.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\xul.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-UTILITY-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\API-MS-WIN-CRT-UTILITY-L1-1-0.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\mozglue.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\mozglue.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\components\BROWSERCOMPS.DLL, , [46e9536d1d7d47ef33a61d2ee32039c7], Registrierungsschlüssel: 17 PUP.Optional.Ghokswa, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FirefoxU, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.CornerSunshine, HKLM\SOFTWARE\CLIENTS\Corner Sunshine, , [73bc39876436241259be9ee143c0c63a], PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{99F4CD5F-C70C-4FA6-8748-55EDFD381B59}, , [bc7313adc7d38caa3bf372f241c2956b], PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C1CF3BF6-EF00-4EE3-A6C3-D560FF205318}, , [032cb9073d5d61d5018a401457aced13], PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ChelfNotify Task, , [c867eed2a5f573c3b77891d3966d9f61], PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered tefof, , [fa35e2de1b7fc76f16767fd51ae97e82], PUP.Optional.CornerSunshine, HKLM\SOFTWARE\WOW6432NODE\Corner Sunshine, , [cb64d0f063370f27a17e512e9e653dc3], PUP.Optional.CornerSunshine, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\Corner Sunshine, , [33fca31d336747efe13606792ed548b8], PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WinZipMalwareProtector_RASAPI32, , [35fa2b951d7d58deab7a0abd16ecd12f], PUP.Optional.WinZipMalwareProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\WinZipMalwareProtector_RASMANCS, , [7ab5eed23268a195e243bd0a6d955ea2], PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2A31-48E1-B4BB-3B42174BEA0F, , [9f907e421387a690868673487b88ca36], PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\E24B7131-D039-43CB-9E6F-AD4BE601EC1F, , [e44b5769c5d57fb7ae5ebefd679c24dc], PUP.Optional.WinZipMalwareProtector, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WinZip Malware Protector, , [032c9c24c9d19d9966c2596e1be7629e], PUP.Optional.CornerSunshine, HKU\S-1-5-21-926593798-233215359-281748651-1001\SOFTWARE\Corner Sunshine, , [9a950ab663371d19799f4e31ea19e917], PUP.Optional.InstallCore, HKU\S-1-5-21-926593798-233215359-281748651-1001\SOFTWARE\csastats, , [ee411ea2702a2610eea2d20738cad42c], PUP.Optional.ProductSetup, HKU\S-1-5-21-926593798-233215359-281748651-1001\SOFTWARE\PRODUCTSETUP, , [ec43be02aded2c0af433bddafa089c64], PUP.Optional.WinYahoo, HKU\S-1-5-21-926593798-233215359-281748651-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Chromium, , [9e91d5eb7d1dee485eb3d76738cb4bb5], Registrierungswerte: 7 PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{99F4CD5F-C70C-4FA6-8748-55EDFD381B59}|Path, \ChelfNotify Task, , [bc7313adc7d38caa3bf372f241c2956b] PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C1CF3BF6-EF00-4EE3-A6C3-D560FF205318}|Path, \Yahoo! Powered tefof, , [032cb9073d5d61d5018a401457aced13] PUP.Optional.xRocketToolbar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|arthurj8283@gmail.com, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com, , [ce616d5397032a0cf1f4b02e7889669a] PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f|Description, One System Care battery save scheme., , [9f907e421387a690868673487b88ca36] PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f|Description, One System Care game scheme., , [e44b5769c5d57fb7ae5ebefd679c24dc] PUP.Optional.Ghokswa.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FirefoxU|ImagePath, "C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe", , [240b833d28722511a53554f740c3c13f] PUP.Optional.ProductSetup, HKU\S-1-5-21-926593798-233215359-281748651-1001\SOFTWARE\PRODUCTSETUP|tb, 0F1L2R1M1U2Z1X1B1J2Y1O1F, , [ec43be02aded2c0af433bddafa089c64] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 24 PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\langs, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\bin, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\components, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\extensions, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\features, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\defaults, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\defaults\pref, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\dictionaries, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\gmp-clearkey, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\gmp-clearkey\0.1, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\uninstall, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{1C7FD91C-963D-53DA-10FB-CD988AB94656}, , [f33cfac65446d1655306fbd239cac63a], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{FBD73EB4-7195-B472-F753-2A306D11A1FE}, , [022d0bb5a3f791a5b0a9bd10d62d30d0], PUP.Optional.xRocketToolbar, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com, , [e946b30d9ffb1d19bf0f9935e41d629e], PUP.Optional.xRocketToolbar, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com\chrome, , [e946b30d9ffb1d19bf0f9935e41d629e], PUP.Optional.xRocketToolbar, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com\chrome\content, , [e946b30d9ffb1d19bf0f9935e41d629e], PUP.Optional.xRocketToolbar, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com\chrome\skin, , [e946b30d9ffb1d19bf0f9935e41d629e], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}, , [ae81516f3466171f13fe122cb152ed13], Dateien: 198 PUP.Optional.Elex, C:\ProgramData\fibfi\yacqq.exe, , [ee410eb2663472c427a9844d5ba8b24e], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\efo.exe, , [8ba4625ecdcd47ef89d1301129d7dc24], PUP.Optional.WinZipMalwareProtector, C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe, , [d45bd5ebc0da3ef8420575aeb0517888], PUP.Optional.Vondos, C:\Users\Pascal\AppData\Local\Temp\browsersecurity.exe, , [919e6d533e5cdd5971e09428f60d8a76], PUP.Optional.Elex, C:\Windows\Temp\ist15E5.tmp\saberBox.exe, , [ff3060607624eb4b09b0a2ffe91a57a9], Trojan.ChinAd, C:\Windows\Temp\ist15E5.tmp\tools\ffpp.exe, , [39f602be3664a19513edc3e21ae904fc], PUP.Optional.Elex, C:\Windows\Temp\ist15E5.tmp\tools\saber.exe, , [ef40615f2b6f64d28138e3be0201a35d], PUP.Optional.Elex, C:\Windows\Temp\ist15E5.tmp\tools\yasdwd.exe, , [4ae5c3fd9bff979f2891dac7c24141bf], Trojan.ChinAd, C:\Windows\Temp\nsiB969.tmp\ffff.exe, , [73bcc7f911890c2af808abfa986b4eb2], PUP.Optional.Elex, C:\Windows\Temp\nsiB969.tmp\yasdwd.exe, , [ed427d435c3e043293267031946f8080], PUP.Optional.InstallCore, C:\Users\Pascal\Downloads\BitlordSetup.exe, , [0e2106bad2c8c76f3712dfa33ac92cd4], PUP.Optional.Nice, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\searchplugins\nice.xml, , [2a05f2ce118960d638b5f1e521e0c13f], PUP.Optional.WinYahoo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOWTOREMOVE.HTML.LNK, , [f43b8937b3e7251131496162f40e21df], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\EFO.EXE.CONFIG, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\langs\danish_efo_da.ini, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\langs\Dutch_efo_nl.ini, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\langs\english_efo_en.ini, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\langs\finish_efo_fi.ini, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\langs\French_efo_fr.ini, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\langs\german_efo_de.ini, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\langs\italian_efo_it.ini, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\langs\japanese_efo_ja.ini, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\langs\norwegian_efo_no.ini, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\langs\portuguese_efo_ptbr.ini, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.EasyFileOpener, C:\Users\Pascal\AppData\Roaming\efo\langs\russian_efo_ru.ini, , [fa35d6ea5842c86e94682dae7a883dc3], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\bin\FIREFOXUPDATE.EXE, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\bin\Firefox_crashreporter.exe, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\bin\Firefox_crashreporterx64.exe, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\bin\Firefox_helper.exe, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\AccessibleMarshal.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-console-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-datetime-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-debug-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-errorhandling-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-file-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-file-l1-2-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-file-l2-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-handle-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-heap-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-interlocked-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-libraryloader-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-localization-l1-2-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-namedpipe-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-processenvironment-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-processthreads-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-processthreads-l1-1-1.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-profile-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-rtlsupport-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-string-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-synch-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-synch-l1-2-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-sysinfo-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-timezone-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-util-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-convert-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-environment-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-filesystem-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-heap-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-locale-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-math-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-multibyte-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-private-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-process-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-runtime-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-stdio-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-string-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-time-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\application.ini, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\breakpadinjector.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\crashreporter.exe, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\crashreporter.ini, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\d3dcompiler_47.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\dependentlibs.list, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\Firefox.exe, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\freebl3.chk, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\freebl3.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\helper, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\lgpllibs.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\libEGL.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\libGLESv2.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\maintenanceservice.exe, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\maintenanceservice_installer.exe, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\mozavcodec.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\mozavutil.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\msvcp140.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\nss3.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\nssckbi.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\nssdbm3.chk, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\nssdbm3.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\omni.ja, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\platform.ini, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\plugin-container.exe, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\plugin-hang-ui.exe, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\precomplete, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\removed-files, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\softokn3.chk, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\softokn3.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\ucrtbase.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\update-settings.ini, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\updater, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\updater.exe, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\updater.ini, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\vcruntime140.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\wow_helper.exe, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\xul.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-core-memory-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-conio-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\api-ms-win-crt-utility-l1-1-0.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\mozglue.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\blocklist.xml, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\chrome.manifest, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\crashreporter-override.ini, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\omni.ja, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\components\browsercomps.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\components\components.manifest, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\features\e10srollout@mozilla.org.xpi, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\features\firefox@getpocket.com.xpi, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\browser\features\webcompat@mozilla.org.xpi, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\defaults\pref\channel-prefs.js, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\dictionaries\en-US.aff, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\dictionaries\en-US.dic, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\gmp-clearkey\0.1\clearkey.dll, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\gmp-clearkey\0.1\clearkey.info, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.Ghokswa, C:\Program Files (x86)\Firefox\uninstall\helper.exe, , [46e9536d1d7d47ef33a61d2ee32039c7], PUP.Optional.WinYahoo, C:\Windows\System32\Tasks\YAHOO! POWERED TEFOF, , [9699724e0793f54197f64e064db65da3], PUP.Optional.SearchInMe, C:\Users\Pascal\AppData\Roaming\Firefox\Firefox\Profiles\dftl4u6t.default\searchplugins\SEARCHINME.XML, , [70bff7c92b6ffd39d79d4b6ad72c6b95], PUP.Optional.Elex, C:\Users\Pascal\AppData\Roaming\Firefox\Firefox\Profiles\dftl4u6t.default\extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.XPI, , [6ac54c7478227db9bcbb1d98f40fe31d], PUP.Optional.Elex, C:\Users\Pascal\AppData\Roaming\Firefox\Firefox\Profiles\dftl4u6t.default\extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.XPI, , [42ed2898d3c7c86ee493a70e33d0649c], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{1C7FD91C-963D-53DA-10FB-CD988AB94656}\fere.txt, , [f33cfac65446d1655306fbd239cac63a], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{1C7FD91C-963D-53DA-10FB-CD988AB94656}\aowLC, , [f33cfac65446d1655306fbd239cac63a], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{1C7FD91C-963D-53DA-10FB-CD988AB94656}\hdat1, , [f33cfac65446d1655306fbd239cac63a], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{1C7FD91C-963D-53DA-10FB-CD988AB94656}\hdat2, , [f33cfac65446d1655306fbd239cac63a], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{1C7FD91C-963D-53DA-10FB-CD988AB94656}\nali, , [f33cfac65446d1655306fbd239cac63a], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{1C7FD91C-963D-53DA-10FB-CD988AB94656}\sanote, , [f33cfac65446d1655306fbd239cac63a], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{1C7FD91C-963D-53DA-10FB-CD988AB94656}\somenaf, , [f33cfac65446d1655306fbd239cac63a], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{FBD73EB4-7195-B472-F753-2A306D11A1FE}\fere.txt, , [022d0bb5a3f791a5b0a9bd10d62d30d0], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{FBD73EB4-7195-B472-F753-2A306D11A1FE}\hdat1, , [022d0bb5a3f791a5b0a9bd10d62d30d0], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{FBD73EB4-7195-B472-F753-2A306D11A1FE}\hdat2, , [022d0bb5a3f791a5b0a9bd10d62d30d0], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{FBD73EB4-7195-B472-F753-2A306D11A1FE}\nira, , [022d0bb5a3f791a5b0a9bd10d62d30d0], PUP.Optional.WinYahoo.Generic, C:\ProgramData\{FBD73EB4-7195-B472-F753-2A306D11A1FE}\sanote, , [022d0bb5a3f791a5b0a9bd10d62d30d0], PUP.Optional.xRocketToolbar, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com\chrome.manifest, , [e946b30d9ffb1d19bf0f9935e41d629e], PUP.Optional.xRocketToolbar, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com\install.rdf, , [e946b30d9ffb1d19bf0f9935e41d629e], PUP.Optional.xRocketToolbar, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com\chrome\content\toolbar.js, , [e946b30d9ffb1d19bf0f9935e41d629e], PUP.Optional.xRocketToolbar, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com\chrome\content\toolbar.xul, , [e946b30d9ffb1d19bf0f9935e41d629e], PUP.Optional.xRocketToolbar, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\extensions\arthurj8283@gmail.com\chrome\skin\icon.png, , [e946b30d9ffb1d19bf0f9935e41d629e], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove\HowToRemove.html, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove\chromium-min.jpg, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove\control panel-min-min.JPG, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove\down.png, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove\ff menu.JPG, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove\ff search engine-min.png, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove\hp-min ff.png, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove\hp-min ie.png, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove\search engine.gif, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove\setup pages.gif, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove\sp-min.png, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove\start-min.jpg, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\HowToRemove\up.png, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\bapi_ff.dat, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\bapi_ie.dat, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\dice, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\install.log, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\lela, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\nade.dat, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\nene, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\rada.cfg, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\Sqlite3.dll, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\uninst.dat, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{0BFE3DA2-2F56-511A-42CE-74F266A6886A}\uninst.exe, , [9e91d5eb7d1dee485eb3d76738cb4bb5], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove\HowToRemove.html, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove\chromium-min.jpg, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove\control panel-min-min.JPG, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove\down.png, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove\ff menu.JPG, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove\ff search engine-min.png, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove\hp-min ff.png, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove\hp-min ie.png, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove\search engine.gif, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove\setup pages.gif, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove\sp-min.png, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove\start-min.jpg, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\HowToRemove\up.png, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\bapi.dat, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\dice, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\fana, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\install.log, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\lela, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\nade.dat, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\rada.cfg, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\Sqlite3.dll, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\uninst.dat, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Local\{753D4361-5195-2FD9-3C0D-0A311865F6A9}\uninst.exe, , [ae81516f3466171f13fe122cb152ed13], PUP.Optional.NiceSearches, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.nicesearches.com?type=hp&ts=1475921813&from=fb081008&uid=toshibaxmk6476gsx_y2n5p0wxtxxy2n5p0wxt&z=817d4136745b9cbdfc61f7cgfz8mfw0tao3gfb5g3e");), ,[f13e8c34287251e5d48374ca06fd8a76] PUP.Optional.NiceSearches, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.searchengine.url", "hxxp://www.nicesearches.com/search.php?type=ds&ts=1478576226&from=ead80003&uid=toshibaxmk6476gsx_y2n5p0wxtxxy2n5p0wxt&z=1d4a2a110fc2dadd93c0783gbzfm3b5w9mcqboeofz&q={searchTerms}");), ,[3df28838d4c6f1454c0c0c3249ba56aa] PUP.Optional.NiceSearches, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\prefs.js, Gut: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.nicesearches.com?type=hp&ts=1475921813&from=fb081008&uid=toshibaxmk6476gsx_y2n5p0wxtxxy2n5p0wxt&z=817d4136745b9cbdfc61f7cgfz8mfw0tao3gfb5g3e");), ,[72bd02be0694c076d8539aa647bc6e92] PUP.Optional.WinYahoo, C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\dftl4u6t.default\searchplugins\YAHOO! POWERED.XML, , [dd52dce4a5f58bab49d1eb5340c352ae], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
|
15.11.2016, 11:00
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden Was bitte hast du daran nicht verstanden: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.11.2016, 14:11
| #9 |
| | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden Ich habe es als Aufforderung verstanden das Programm zu verwenden. Wie gesagt waren die geposteten Scans alle, die ich bis Dato hatte. Tut mir Leid, wenn ich dir damit die Arbeit erschwert habe. |
|
15.11.2016, 14:36
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden Schon gut  Ich wollte eigentlich nur wissen, ob es dann also nur diese Funde gibt und nix anderes
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.11.2016, 16:33
| #11 |
| | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden Das sind alle Scans die ich habe. |
|
22.11.2016, 16:39
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden ok 1. Schritt: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers 2. Schritt: Kaspersky TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.11.2016, 19:44
| #13 |
| | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden OK hier sind die Protokolle: mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.11.22.09
rootkit: v2016.11.20.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pascal :: PASCAL-PC [administrator]
22.11.2016 18:48:46
mbar-log-2016-11-22 (18-48-46).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 325291
Time elapsed: 19 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\ProgramData\gjcgj\yacnvd.exe (Adware.Elex) -> Delete on reboot. [f160f6cdff9b5dd939ca6576a063e51b]
C:\ProgramData\hbeha\yacqq.exe (Adware.Elex) -> Delete on reboot. [18396d56a6f4f93d23e048930cf77090]
C:\ProgramData\bfibf\yacqq.exe (Adware.Elex) -> Delete on reboot. [49086063e5b5a98d36cd4d8ed330bc44]
C:\ProgramData\cficf\yacqq.exe (Adware.Elex) -> Delete on reboot. [59f8caf9326839fda45fa437c83b56aa]
C:\Users\Pascal\AppData\Roaming\Setup56707.exe (Adware.DealPly) -> Delete on reboot. [f8597f440397211518f0c3c5857ed927]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 19:38:41.0960 0x1568 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
19:38:49.0512 0x1568 ============================================================
19:38:49.0512 0x1568 Current date / time: 2016/11/22 19:38:49.0512
19:38:49.0512 0x1568 SystemInfo:
19:38:49.0512 0x1568
19:38:49.0512 0x1568 OS Version: 6.1.7601 ServicePack: 1.0
19:38:49.0513 0x1568 Product type: Workstation
19:38:49.0513 0x1568 ComputerName: PASCAL-PC
19:38:49.0513 0x1568 UserName: Pascal
19:38:49.0513 0x1568 Windows directory: C:\Windows
19:38:49.0513 0x1568 System windows directory: C:\Windows
19:38:49.0513 0x1568 Running under WOW64
19:38:49.0513 0x1568 Processor architecture: Intel x64
19:38:49.0513 0x1568 Number of processors: 4
19:38:49.0513 0x1568 Page size: 0x1000
19:38:49.0513 0x1568 Boot type: Normal boot
19:38:49.0513 0x1568 CodeIntegrityOptions = 0x00000001
19:38:49.0513 0x1568 ============================================================
19:38:49.0639 0x1568 KLMD registered as C:\Windows\system32\drivers\61490956.sys
19:38:49.0640 0x1568 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23569, osProperties = 0x1
19:38:50.0137 0x1568 System UUID: {9E2A21B6-1A0B-D591-05BE-549EE267B21F}
19:38:50.0705 0x1568 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:38:50.0712 0x1568 ============================================================
19:38:50.0712 0x1568 \Device\Harddisk0\DR0:
19:38:50.0712 0x1568 MBR partitions:
19:38:50.0712 0x1568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2710800, BlocksNum 0x32000
19:38:50.0712 0x1568 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x24078000
19:38:50.0747 0x1568 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x267BB000, BlocksNum 0x2409C800
19:38:50.0747 0x1568 ============================================================
19:38:50.0774 0x1568 C: <-> \Device\Harddisk0\DR0\Partition2
19:38:50.0807 0x1568 D: <-> \Device\Harddisk0\DR0\Partition3
19:38:50.0808 0x1568 ============================================================
19:38:50.0808 0x1568 Initialize success
19:38:50.0808 0x1568 ============================================================
19:39:41.0389 0x0630 ============================================================
19:39:41.0389 0x0630 Scan started
19:39:41.0389 0x0630 Mode: Manual; SigCheck; TDLFS;
19:39:41.0389 0x0630 ============================================================
19:39:41.0389 0x0630 KSN ping started
19:39:41.0600 0x0630 KSN ping finished: true
19:39:42.0573 0x0630 ================ Scan system memory ========================
19:39:42.0573 0x0630 System memory - ok
19:39:42.0574 0x0630 ================ Scan services =============================
19:39:42.0769 0x0630 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:39:42.0863 0x0630 1394ohci - ok
19:39:42.0919 0x0630 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:39:42.0944 0x0630 ACPI - ok
19:39:42.0963 0x0630 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:39:42.0993 0x0630 AcpiPmi - ok
19:39:43.0094 0x0630 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:39:43.0113 0x0630 AdobeARMservice - ok
19:39:43.0219 0x0630 [ 7760EB1D134ECD2DCD83C067816F4B18, 03DB710DEF644387C536C90C893654EA05AD4C80362CEBD039F2368A13D491FE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:39:43.0243 0x0630 AdobeFlashPlayerUpdateSvc - ok
19:39:43.0293 0x0630 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:39:43.0317 0x0630 adp94xx - ok
19:39:43.0365 0x0630 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:39:43.0392 0x0630 adpahci - ok
19:39:43.0413 0x0630 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:39:43.0424 0x0630 adpu320 - ok
19:39:43.0468 0x0630 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:39:43.0518 0x0630 AeLookupSvc - ok
19:39:43.0578 0x0630 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
19:39:43.0626 0x0630 AFD - ok
19:39:43.0663 0x0630 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
19:39:43.0671 0x0630 agp440 - ok
19:39:43.0689 0x0630 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
19:39:43.0727 0x0630 ALG - ok
19:39:43.0787 0x0630 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
19:39:43.0804 0x0630 aliide - ok
19:39:43.0813 0x0630 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
19:39:43.0822 0x0630 amdide - ok
19:39:43.0853 0x0630 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:39:43.0879 0x0630 AmdK8 - ok
19:39:43.0904 0x0630 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:39:43.0932 0x0630 AmdPPM - ok
19:39:43.0969 0x0630 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:39:43.0980 0x0630 amdsata - ok
19:39:43.0995 0x0630 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:39:44.0008 0x0630 amdsbs - ok
19:39:44.0045 0x0630 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:39:44.0054 0x0630 amdxata - ok
19:39:44.0098 0x0630 [ FA766C7988FDD78F2B2D55AA7536FFB4, EB6A29562435B826D47D6FAB1FEF664498B952AB6A2D6D1E8A33E119EB57CE0F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
19:39:44.0119 0x0630 ApfiltrService - ok
19:39:44.0177 0x0630 [ 0CD7BFDE151223C6976C5D1B3D49EB84, A16FAB4F77D03C0664CCE8082E40A7673BC7FA4E89854F9027D478CD99EB2088 ] AppID C:\Windows\system32\drivers\appid.sys
19:39:44.0213 0x0630 AppID - ok
19:39:44.0234 0x0630 [ F9842669B31F20B8B157D33CCC457820, AC8FA65F0A3C479D3CFE10EFE9B3EC5BAE48059F57A12D8C2D7963A22EB043B8 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:39:44.0260 0x0630 AppIDSvc - ok
19:39:44.0290 0x0630 [ B46099A534B7989D80330EA82D9092D6, 0CAC09732FAFAE805E55428B6BE001DCC39EBC599539FADE7AA68571A8A554E5 ] Appinfo C:\Windows\System32\appinfo.dll
19:39:44.0334 0x0630 Appinfo - ok
19:39:44.0474 0x0630 [ 3B3774C868868257533EC7E715BB6D53, 4AF1DADCEDBD80BE6EDEC696DF59E65B51D31E33F4C84413CA03C7BD959FF4E5 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:39:44.0494 0x0630 Apple Mobile Device Service - ok
19:39:44.0532 0x0630 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
19:39:44.0552 0x0630 arc - ok
19:39:44.0571 0x0630 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:39:44.0580 0x0630 arcsas - ok
19:39:44.0690 0x0630 [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:39:44.0710 0x0630 aspnet_state - ok
19:39:44.0741 0x0630 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:44.0788 0x0630 AsyncMac - ok
19:39:44.0841 0x0630 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
19:39:44.0849 0x0630 atapi - ok
19:39:44.0861 0x0630 AthBTPort - ok
19:39:45.0010 0x0630 [ 43E7A4298644526B0190C43AF6489DB1, 3ABA96CEE54E4AAA64100655F9BB676F57C76A098D649E63624251FBACFFDAAC ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:39:45.0103 0x0630 athr - ok
19:39:45.0149 0x0630 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:39:45.0187 0x0630 AudioEndpointBuilder - ok
19:39:45.0202 0x0630 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:39:45.0221 0x0630 AudioSrv - ok
19:39:45.0347 0x0630 [ 7E91F6F1D8C7DD5D00F8D4D203A33228, 98AB5767D9451AEE79A2239EA421963580E22F1E48E275B9C8B8F66A2251D7BC ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
19:39:45.0374 0x0630 Avira.ServiceHost - ok
19:39:45.0413 0x0630 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:39:45.0441 0x0630 AxInstSV - ok
19:39:45.0498 0x0630 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:39:45.0547 0x0630 b06bdrv - ok
19:39:45.0592 0x0630 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:39:45.0629 0x0630 b57nd60a - ok
19:39:45.0669 0x0630 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
19:39:45.0697 0x0630 BDESVC - ok
19:39:45.0726 0x0630 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
19:39:45.0797 0x0630 Beep - ok
19:39:45.0879 0x0630 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
19:39:45.0906 0x0630 BFE - ok
19:39:45.0948 0x0630 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
19:39:46.0011 0x0630 BITS - ok
19:39:46.0049 0x0630 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:39:46.0084 0x0630 blbdrive - ok
19:39:46.0145 0x0630 [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:39:46.0184 0x0630 bowser - ok
19:39:46.0224 0x0630 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:39:46.0261 0x0630 BrFiltLo - ok
19:39:46.0281 0x0630 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:39:46.0316 0x0630 BrFiltUp - ok
19:39:46.0355 0x0630 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
19:39:46.0370 0x0630 Browser - ok
19:39:46.0401 0x0630 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:39:46.0421 0x0630 Brserid - ok
19:39:46.0439 0x0630 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:39:46.0466 0x0630 BrSerWdm - ok
19:39:46.0498 0x0630 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:39:46.0542 0x0630 BrUsbMdm - ok
19:39:46.0560 0x0630 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:39:46.0590 0x0630 BrUsbSer - ok
19:39:46.0606 0x0630 BTATH_A2DP - ok
19:39:46.0610 0x0630 btath_avdt - ok
19:39:46.0616 0x0630 BTATH_BUS - ok
19:39:46.0619 0x0630 BTATH_HCRP - ok
19:39:46.0624 0x0630 BTATH_LWFLT - ok
19:39:46.0628 0x0630 BTATH_RCP - ok
19:39:46.0648 0x0630 BtFilter - ok
19:39:46.0680 0x0630 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:39:46.0702 0x0630 BthEnum - ok
19:39:46.0733 0x0630 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:39:46.0767 0x0630 BTHMODEM - ok
19:39:46.0802 0x0630 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:39:46.0837 0x0630 BthPan - ok
19:39:46.0890 0x0630 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:39:46.0915 0x0630 BTHPORT - ok
19:39:46.0943 0x0630 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
19:39:46.0983 0x0630 bthserv - ok
19:39:47.0006 0x0630 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:39:47.0016 0x0630 BTHUSB - ok
19:39:47.0033 0x0630 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:39:47.0089 0x0630 cdfs - ok
19:39:47.0118 0x0630 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:39:47.0130 0x0630 cdrom - ok
19:39:47.0164 0x0630 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
19:39:47.0200 0x0630 CertPropSvc - ok
19:39:47.0248 0x0630 [ 274CE03459896006F7A5069266E0469E, C7D12E8DE8E2CB927BA64ABD7EB1C255BD4AA232EB05992505966D676A84EE73 ] cfwids C:\Windows\system32\drivers\cfwids.sys
19:39:47.0257 0x0630 cfwids - ok
19:39:47.0295 0x0630 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
19:39:47.0319 0x0630 circlass - ok
19:39:47.0361 0x0630 [ 3891EA60B84EFE115CE070311FA83BBB, 2A30FB15C8D0C69289C087DFE1F822AB4F9C3F091DBB3FD2E99DC5B562E90DFB ] CLFS C:\Windows\system32\CLFS.sys
19:39:47.0374 0x0630 CLFS - ok
19:39:47.0435 0x0630 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:47.0453 0x0630 clr_optimization_v2.0.50727_32 - ok
19:39:47.0498 0x0630 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:39:47.0518 0x0630 clr_optimization_v2.0.50727_64 - ok
19:39:47.0608 0x0630 [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:39:47.0632 0x0630 clr_optimization_v4.0.30319_32 - ok
19:39:47.0660 0x0630 [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:39:47.0681 0x0630 clr_optimization_v4.0.30319_64 - ok
19:39:47.0716 0x0630 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:39:47.0740 0x0630 CmBatt - ok
19:39:47.0766 0x0630 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:39:47.0774 0x0630 cmdide - ok
19:39:47.0827 0x0630 [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG C:\Windows\system32\Drivers\cng.sys
19:39:47.0847 0x0630 CNG - ok
19:39:47.0887 0x0630 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:39:47.0902 0x0630 Compbatt - ok
19:39:47.0934 0x0630 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:39:47.0974 0x0630 CompositeBus - ok
19:39:47.0995 0x0630 COMSysApp - ok
19:39:48.0039 0x0630 [ CEEF9EF16A91596F849421295ABBE86F, 1E93283BFCCE12F9E7C4E1881B4CCB4E2946C55F47DC95431A99C276A772872F ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:39:48.0064 0x0630 cphs - ok
19:39:48.0075 0x0630 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:39:48.0083 0x0630 crcdisk - ok
19:39:48.0120 0x0630 [ BB724567892383010B8436DCC0A84628, 2768F5FD7A096CB1CEA33F8818EF16F9F5E3E07BB8442949A49A9CF24B62C6E6 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:39:48.0144 0x0630 CryptSvc - ok
19:39:48.0273 0x0630 [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:39:48.0323 0x0630 cvhsvc - ok
19:39:48.0367 0x0630 [ A61FE65EE4332ABE6B11679911DB23A3, AC34BD757EC358B571C4C55E8F2A8FD2F656D35D700E2C15D46A258FB2450596 ] DCDhcpService C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe
19:39:48.0405 0x0630 DCDhcpService - detected UnsignedFile.Multi.Generic ( 1 )
19:39:48.0515 0x0630 Detect skipped due to KSN trusted
19:39:48.0515 0x0630 DCDhcpService - ok
19:39:48.0596 0x0630 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch C:\Windows\system32\rpcss.dll
19:39:48.0641 0x0630 DcomLaunch - ok
19:39:48.0675 0x0630 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
19:39:48.0725 0x0630 defragsvc - ok
19:39:48.0800 0x0630 [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:39:48.0843 0x0630 DfsC - ok
19:39:48.0902 0x0630 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:39:48.0949 0x0630 Dhcp - ok
19:39:49.0064 0x0630 [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack C:\Windows\system32\diagtrack.dll
19:39:49.0119 0x0630 DiagTrack - ok
19:39:49.0162 0x0630 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
19:39:49.0218 0x0630 discache - ok
19:39:49.0265 0x0630 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk C:\Windows\system32\drivers\disk.sys
19:39:49.0283 0x0630 Disk - ok
19:39:49.0319 0x0630 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:39:49.0351 0x0630 Dnscache - ok
19:39:49.0380 0x0630 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
19:39:49.0447 0x0630 dot3svc - ok
19:39:49.0482 0x0630 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
19:39:49.0524 0x0630 DPS - ok
19:39:49.0563 0x0630 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:39:49.0600 0x0630 drmkaud - ok
19:39:49.0665 0x0630 [ C02FF01B821FBB72104132E56EC5B881, 161AC96EE71C9B1F59ACE07EDC7550E1203C8DEFF6B333D298D564FAF536CF96 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:39:49.0690 0x0630 DsiWMIService - ok
19:39:49.0762 0x0630 [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:39:49.0794 0x0630 DXGKrnl - ok
19:39:49.0833 0x0630 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
19:39:49.0860 0x0630 E1G60 - ok
19:39:49.0894 0x0630 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
19:39:49.0939 0x0630 EapHost - ok
19:39:50.0070 0x0630 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:39:50.0165 0x0630 ebdrv - ok
19:39:50.0203 0x0630 [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] EFS C:\Windows\System32\lsass.exe
19:39:50.0212 0x0630 EFS - ok
19:39:50.0255 0x0630 [ 5332EC2BA1C112BD4BB1F38127848FEF, 156585CE4011546B20EDD20D04E639A0788B1DE6455B23B94E2CD31BA725FE3C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
19:39:50.0273 0x0630 EgisTec Ticket Service - ok
19:39:50.0348 0x0630 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:39:50.0393 0x0630 ehRecvr - ok
19:39:50.0415 0x0630 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
19:39:50.0448 0x0630 ehSched - ok
19:39:50.0482 0x0630 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:39:50.0501 0x0630 elxstor - ok
19:39:50.0601 0x0630 [ 76B978AD795A7E71C48390B000F6023F, 0A398C0FD9F72A0865343E2153F1F4CFA9EE375DC77E87FBDE38A1A8CA3061EB ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
19:39:50.0631 0x0630 ePowerSvc - ok
19:39:50.0649 0x0630 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:39:50.0680 0x0630 ErrDev - ok
19:39:50.0726 0x0630 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
19:39:50.0780 0x0630 EventSystem - ok
19:39:50.0821 0x0630 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
19:39:50.0855 0x0630 exfat - ok
19:39:50.0881 0x0630 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:39:50.0930 0x0630 fastfat - ok
19:39:51.0002 0x0630 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
19:39:51.0053 0x0630 Fax - ok
19:39:51.0090 0x0630 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
19:39:51.0117 0x0630 fdc - ok
19:39:51.0156 0x0630 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
19:39:51.0189 0x0630 fdPHost - ok
19:39:51.0197 0x0630 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
19:39:51.0238 0x0630 FDResPub - ok
19:39:51.0266 0x0630 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:39:51.0275 0x0630 FileInfo - ok
19:39:51.0288 0x0630 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:39:51.0346 0x0630 Filetrace - ok
19:39:51.0421 0x0630 [ B54D8B5AB270F0DD5E2E68F527E19320, 495592CA1014D865CBAA1844DCDFF1EB5C439C9F4A5C550A76E598BB3BCBA7D8 ] FirefoxU C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
19:39:51.0438 0x0630 FirefoxU - ok
19:39:51.0511 0x0630 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:39:51.0532 0x0630 FLEXnet Licensing Service - ok
19:39:51.0557 0x0630 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:39:51.0593 0x0630 flpydisk - ok
19:39:51.0621 0x0630 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:39:51.0641 0x0630 FltMgr - ok
19:39:51.0704 0x0630 [ A3B63B22B761804C7B916F5FBC5763C2, 4F62413BD70E135C142376ACBE9CD46F7F06303B49B6AE0B9FF58FC4DF7BD86A ] FontCache C:\Windows\system32\FntCache.dll
19:39:51.0737 0x0630 FontCache - ok
19:39:51.0789 0x0630 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:39:51.0805 0x0630 FontCache3.0.0.0 - ok
19:39:51.0828 0x0630 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:39:51.0839 0x0630 FsDepends - ok
19:39:51.0868 0x0630 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:39:51.0878 0x0630 Fs_Rec - ok
19:39:51.0926 0x0630 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:39:51.0942 0x0630 fvevol - ok
19:39:51.0978 0x0630 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:39:51.0989 0x0630 gagp30kx - ok
19:39:52.0046 0x0630 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc C:\Windows\System32\gpsvc.dll
19:39:52.0100 0x0630 gpsvc - ok
19:39:52.0177 0x0630 [ 32096F187020A54D29C95B3A1467D963, 2A50686C1FC921B02F6B7472AC09B2CFD9DE290D22DD0342A94AB8E95AC3DC6C ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
19:39:52.0188 0x0630 GREGService - ok
19:39:52.0236 0x0630 [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:52.0249 0x0630 gupdate - ok
19:39:52.0256 0x0630 [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:52.0269 0x0630 gupdatem - ok
19:39:52.0292 0x0630 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:39:52.0319 0x0630 hcw85cir - ok
19:39:52.0372 0x0630 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:39:52.0411 0x0630 HdAudAddService - ok
19:39:52.0428 0x0630 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:39:52.0463 0x0630 HDAudBus - ok
19:39:52.0487 0x0630 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:39:52.0525 0x0630 HidBatt - ok
19:39:52.0561 0x0630 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:39:52.0594 0x0630 HidBth - ok
19:39:52.0627 0x0630 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
19:39:52.0657 0x0630 HidIr - ok
19:39:52.0684 0x0630 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
19:39:52.0719 0x0630 hidserv - ok
19:39:52.0759 0x0630 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:39:52.0768 0x0630 HidUsb - ok
19:39:52.0799 0x0630 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:39:52.0838 0x0630 hkmsvc - ok
19:39:52.0867 0x0630 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:39:52.0901 0x0630 HomeGroupListener - ok
19:39:52.0942 0x0630 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:39:52.0966 0x0630 HomeGroupProvider - ok
19:39:53.0012 0x0630 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:39:53.0025 0x0630 HpSAMD - ok
19:39:53.0083 0x0630 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:39:53.0127 0x0630 HTTP - ok
19:39:53.0141 0x0630 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:39:53.0148 0x0630 hwpolicy - ok
19:39:53.0175 0x0630 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:39:53.0186 0x0630 i8042prt - ok
19:39:53.0224 0x0630 [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:39:53.0239 0x0630 iaStor - ok
19:39:53.0308 0x0630 [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:39:53.0322 0x0630 IAStorDataMgrSvc - ok
19:39:53.0379 0x0630 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:39:53.0404 0x0630 iaStorV - ok
19:39:53.0547 0x0630 [ D3090576412EC63E0C6271D8B0974D73, 0E7EB7818FE248DCA5FE6CDFBD540A862B39E0A88609141FB3D7D1F82E0521D6 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
19:39:53.0593 0x0630 IconMan_R - ok
19:39:53.0680 0x0630 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:39:53.0708 0x0630 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
19:39:53.0820 0x0630 Detect skipped due to KSN trusted
19:39:53.0821 0x0630 IDriverT - ok
19:39:53.0925 0x0630 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:39:53.0967 0x0630 idsvc - ok
19:39:54.0547 0x0630 [ 276EE9CDAB16C50E1DF0E4CEFA882F5F, 320D677A9576F27D5BA8C6EA9191C8A5ED9EF9947A48F5B98B09AA3CE9C02682 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:39:55.0089 0x0630 igfx - ok
19:39:55.0133 0x0630 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:39:55.0142 0x0630 iirsp - ok
19:39:55.0232 0x0630 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
19:39:55.0287 0x0630 IKEEXT - ok
19:39:55.0489 0x0630 [ E83BB47C3446F0497019DE7FD6C6A86F, DAD20D57743EB03951FD4078FD105BCD684A9652CFFDF8D03509D814820917CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:39:55.0662 0x0630 IntcAzAudAddService - ok
19:39:55.0702 0x0630 [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:39:55.0729 0x0630 IntcDAud - ok
19:39:55.0800 0x0630 [ 2D66067C7A8A0112156BCD1C0BAA7042, 89F77EEE59FF3AD2E777DA15187F1447F6E112E8831417A0DE656ACB82E7B22E ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:39:55.0830 0x0630 Intel(R) Capability Licensing Service Interface - ok
19:39:55.0852 0x0630 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
19:39:55.0864 0x0630 intelide - ok
19:39:55.0892 0x0630 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:39:55.0908 0x0630 intelppm - ok
19:39:55.0932 0x0630 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:39:55.0991 0x0630 IPBusEnum - ok
19:39:56.0014 0x0630 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:56.0051 0x0630 IpFilterDriver - ok
19:39:56.0124 0x0630 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:39:56.0172 0x0630 iphlpsvc - ok
19:39:56.0195 0x0630 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:39:56.0208 0x0630 IPMIDRV - ok
19:39:56.0223 0x0630 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:39:56.0276 0x0630 IPNAT - ok
19:39:56.0302 0x0630 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:39:56.0333 0x0630 IRENUM - ok
19:39:56.0356 0x0630 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:39:56.0365 0x0630 isapnp - ok
19:39:56.0396 0x0630 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:39:56.0412 0x0630 iScsiPrt - ok
19:39:56.0444 0x0630 [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:39:56.0453 0x0630 iusb3hcs - ok
19:39:56.0476 0x0630 [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
19:39:56.0493 0x0630 iusb3hub - ok
19:39:56.0533 0x0630 [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:39:56.0561 0x0630 iusb3xhc - ok
19:39:56.0609 0x0630 [ 12DADA7E8BE1AED392F049CD6258C351, AD0C5C3A6C382738440A321A3E9DEBDFDDD267F521855F8414D81C215F884669 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:39:56.0618 0x0630 jhi_service - ok
19:39:56.0644 0x0630 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:56.0652 0x0630 kbdclass - ok
19:39:56.0685 0x0630 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:39:56.0710 0x0630 kbdhid - ok
19:39:56.0748 0x0630 [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] KeyIso C:\Windows\system32\lsass.exe
19:39:56.0758 0x0630 KeyIso - ok
19:39:56.0799 0x0630 [ 1F4B52A496A43C65AB0F26169650FAF2, 6D6F3505997A7DDEE6F127B3FB537AFFDE687D4F34489679674DC12FB12B842C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:39:56.0819 0x0630 KSecDD - ok
19:39:56.0848 0x0630 [ E4A599EDFAAB66C2BC17FB1593DC129B, 13098694B649E9146214D320FB14C3D305FCA155438CB531A8BAA4A70231D1A7 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:39:56.0869 0x0630 KSecPkg - ok
19:39:56.0902 0x0630 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:39:56.0956 0x0630 ksthunk - ok
19:39:56.0993 0x0630 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
19:39:57.0033 0x0630 KtmRm - ok
19:39:57.0072 0x0630 [ 320F16CA30BC0B8FF59F6C9E1ACD8516, FDCD8E1BFC57CD3B827A78CBFC26F8F7E2F1CFD4A422D72D82A44152F7A06A85 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
19:39:57.0089 0x0630 L1C - ok
19:39:57.0133 0x0630 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:39:57.0192 0x0630 LanmanServer - ok
19:39:57.0226 0x0630 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:39:57.0272 0x0630 LanmanWorkstation - ok
19:39:57.0344 0x0630 [ C7020E0182EE86488E8C2CFBBBCBF502, 0EE1DCE28F62FEF27CA19194BB9D0E40275C86A97A15E8AF264560E4C4353EDD ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:39:57.0374 0x0630 Live Updater Service - ok
19:39:57.0420 0x0630 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:39:57.0490 0x0630 lltdio - ok
19:39:57.0530 0x0630 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:39:57.0609 0x0630 lltdsvc - ok
19:39:57.0633 0x0630 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:39:57.0671 0x0630 lmhosts - ok
19:39:57.0712 0x0630 [ 8D82CBBF5A8532D9A21A64BBCB774EE7, 30D6477EA4B47D50F05E3435A68113B3676CA24EF51CC2693353C2224D28D2BB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:39:57.0723 0x0630 LMS - ok
19:39:57.0749 0x0630 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:39:57.0759 0x0630 LSI_FC - ok
19:39:57.0792 0x0630 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:39:57.0801 0x0630 LSI_SAS - ok
19:39:57.0815 0x0630 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:39:57.0824 0x0630 LSI_SAS2 - ok
19:39:57.0837 0x0630 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:39:57.0846 0x0630 LSI_SCSI - ok
19:39:57.0868 0x0630 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
19:39:57.0915 0x0630 luafv - ok
19:39:57.0997 0x0630 [ ACB01BF1A905356AB7F978C7FE852209, AC0B08FAFD992F81B94ACB8A58D1C510C8F218D29CEA496467EA5709F63410AB ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:39:58.0012 0x0630 McAfee SiteAdvisor Service - ok
19:39:58.0074 0x0630 [ 23FD3A970751AEBDAAD251C68EA57ED4, FC074568E61770D4D03EF0F1AB781FF0B09EF9E34E2DBB49C6A453B256B8BCE8 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe
19:39:58.0097 0x0630 McComponentHostService - ok
19:39:58.0104 0x0630 [ ACB01BF1A905356AB7F978C7FE852209, AC0B08FAFD992F81B94ACB8A58D1C510C8F218D29CEA496467EA5709F63410AB ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:39:58.0116 0x0630 McMPFSvc - ok
19:39:58.0125 0x0630 [ ACB01BF1A905356AB7F978C7FE852209, AC0B08FAFD992F81B94ACB8A58D1C510C8F218D29CEA496467EA5709F63410AB ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:39:58.0137 0x0630 mcmscsvc - ok
19:39:58.0156 0x0630 [ ACB01BF1A905356AB7F978C7FE852209, AC0B08FAFD992F81B94ACB8A58D1C510C8F218D29CEA496467EA5709F63410AB ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:39:58.0166 0x0630 McNaiAnn - ok
19:39:58.0219 0x0630 [ ACB01BF1A905356AB7F978C7FE852209, AC0B08FAFD992F81B94ACB8A58D1C510C8F218D29CEA496467EA5709F63410AB ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:39:58.0241 0x0630 McNASvc - ok
19:39:58.0318 0x0630 [ B3914A7C97A81ACB1E9BEFE07E4C387F, 70FB6F8FD55B2CC3ED1C6D41C978FF949C99709A071C4F330FE4DB8ECB69C5E1 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
19:39:58.0340 0x0630 McODS - ok
19:39:58.0356 0x0630 [ ACB01BF1A905356AB7F978C7FE852209, AC0B08FAFD992F81B94ACB8A58D1C510C8F218D29CEA496467EA5709F63410AB ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:39:58.0366 0x0630 McOobeSv - ok
19:39:58.0392 0x0630 [ ACB01BF1A905356AB7F978C7FE852209, AC0B08FAFD992F81B94ACB8A58D1C510C8F218D29CEA496467EA5709F63410AB ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
19:39:58.0402 0x0630 McProxy - ok
19:39:58.0464 0x0630 [ F9CA63238F4503E773E0F6E0E0EF3199, 7182A7D8654328A288EA627FCB89DDDCF108AEB5AC0B5CC95319657F4375D19A ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:39:58.0486 0x0630 McShield - ok
19:39:58.0511 0x0630 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:39:58.0535 0x0630 Mcx2Svc - ok
19:39:58.0558 0x0630 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
19:39:58.0566 0x0630 megasas - ok
19:39:58.0610 0x0630 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:39:58.0633 0x0630 MegaSR - ok
19:39:58.0665 0x0630 [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:39:58.0673 0x0630 MEIx64 - ok
19:39:58.0713 0x0630 [ 01884CB7655C8908B43FF5E364FE6FD2, 6D033F42D1490B79275182FBBA5E15C531D31104CDB4AC396120880B78E862DE ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
19:39:58.0723 0x0630 mfeapfk - ok
19:39:58.0748 0x0630 [ DAB9A9CDFB04E4D68924492AA043019D, 79140283CD36A82AA875E637653D469E36440C79B1B4E5DB7BA28325904D60C0 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
19:39:58.0760 0x0630 mfeavfk - ok
19:39:58.0774 0x0630 [ 5BD886D592B4FE4F7139BEACAEB4FC09, 2EA12D6A888270E62CE77F8CE2FE7D545B7DECCC54A2994E8C09C1471227198B ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:39:58.0784 0x0630 mfefire - ok
19:39:58.0813 0x0630 [ CE9A3680675C0907ADE16404CA967B49, 98DDCBB74C2CF350D99003769908A4D306E328D42F7AE7947C9F97D3E14800AA ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
19:39:58.0830 0x0630 mfefirek - ok
19:39:58.0903 0x0630 [ 60CF67458DD29CD17E77F2327B1A9A54, 803CEB205D56EF85C38698447099CEC499D3F8804BC8F2B7320C953978BAF81A ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
19:39:58.0941 0x0630 mfehidk - ok
19:39:58.0971 0x0630 [ A8129CFB919347F8533C934B365E9202, A1B84263714DFE92AF3C7D8DF5EBE5BBC7C96954337119BF9754676DDDE5DBED ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
19:39:58.0983 0x0630 mfenlfk - ok
19:39:59.0005 0x0630 [ 5041FA2BD2B3A2693B015771BFBF6DCA, 0765A1410F4182626570F8B7CB9FB2F7AF8E21AC806A0E51DAF4CAB87003C554 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
19:39:59.0017 0x0630 mferkdet - ok
19:39:59.0034 0x0630 [ 33B6879549BA5A1CB123DA0AF0D73FA0, 900B89D0E94E85C19BE51A12A4D356C765C8DED759E67D35EFAE3DB18DC2DCC0 ] mfevtp C:\Windows\system32\mfevtps.exe
19:39:59.0049 0x0630 mfevtp - ok
19:39:59.0083 0x0630 [ 919C56DB14A0E1E2AB6DA5D2821DC26E, FE7D2897FFD664A45FE821785D540AC18679630B64F5A600AC545E1B00EC6582 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
19:39:59.0096 0x0630 mfewfpk - ok
19:39:59.0128 0x0630 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
19:39:59.0174 0x0630 MMCSS - ok
19:39:59.0206 0x0630 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
19:39:59.0231 0x0630 Modem - ok
19:39:59.0254 0x0630 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:39:59.0266 0x0630 monitor - ok
19:39:59.0288 0x0630 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:39:59.0297 0x0630 mouclass - ok
19:39:59.0323 0x0630 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:39:59.0351 0x0630 mouhid - ok
19:39:59.0398 0x0630 [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:39:59.0407 0x0630 mountmgr - ok
19:39:59.0478 0x0630 [ 86320BA9D6A972C79D467931518B165A, 4D7ABD7E5637B9AF98D7F3D4C4DAE595C27C8FEEBAAFF9E6443271C41598FCE1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:39:59.0501 0x0630 MozillaMaintenance - ok
19:39:59.0541 0x0630 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
19:39:59.0565 0x0630 mpio - ok
19:39:59.0587 0x0630 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:39:59.0629 0x0630 mpsdrv - ok
19:39:59.0679 0x0630 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:39:59.0732 0x0630 MpsSvc - ok
19:39:59.0778 0x0630 [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:39:59.0816 0x0630 MRxDAV - ok
19:39:59.0854 0x0630 [ 25F918BB5D57C99FFEB0255143D0DF9A, E4BB656C3AEE19094B0F87828828DC73F248B45B30B678AA759DBAB3087399A2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:59.0889 0x0630 mrxsmb - ok
19:39:59.0920 0x0630 [ 8DF2B80510F438CFEC479181BD29C794, ECA5BC17D1DB92B887D468B0FF1D6302518DBD7C3607B14FA291ECDA204D5E85 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:59.0962 0x0630 mrxsmb10 - ok
19:39:59.0986 0x0630 [ F7622CFE3402A9BF10227BB124901E54, 3EE6BA42E712505AED9D3920163814719FAC591FB5CFF589E230C7005CB598AF ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:40:00.0005 0x0630 mrxsmb20 - ok
19:40:00.0040 0x0630 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
19:40:00.0058 0x0630 msahci - ok
19:40:00.0089 0x0630 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:40:00.0103 0x0630 msdsm - ok
19:40:00.0126 0x0630 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
19:40:00.0157 0x0630 MSDTC - ok
19:40:00.0189 0x0630 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:40:00.0232 0x0630 Msfs - ok
19:40:00.0257 0x0630 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:40:00.0282 0x0630 mshidkmdf - ok
19:40:00.0316 0x0630 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:40:00.0323 0x0630 msisadrv - ok
19:40:00.0372 0x0630 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:40:00.0414 0x0630 MSiSCSI - ok
19:40:00.0417 0x0630 msiserver - ok
19:40:00.0437 0x0630 [ ACB01BF1A905356AB7F978C7FE852209, AC0B08FAFD992F81B94ACB8A58D1C510C8F218D29CEA496467EA5709F63410AB ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:40:00.0447 0x0630 MSK80Service - ok
19:40:00.0465 0x0630 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:40:00.0507 0x0630 MSKSSRV - ok
19:40:00.0526 0x0630 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:40:00.0551 0x0630 MSPCLOCK - ok
19:40:00.0572 0x0630 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:40:00.0617 0x0630 MSPQM - ok
19:40:00.0645 0x0630 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:40:00.0659 0x0630 MsRPC - ok
19:40:00.0676 0x0630 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:40:00.0683 0x0630 mssmbios - ok
19:40:00.0702 0x0630 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:40:00.0739 0x0630 MSTEE - ok
19:40:00.0765 0x0630 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:40:00.0786 0x0630 MTConfig - ok
19:40:00.0809 0x0630 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
19:40:00.0818 0x0630 Mup - ok
19:40:00.0834 0x0630 [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:40:00.0841 0x0630 mwlPSDFilter - ok
19:40:00.0866 0x0630 [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:40:00.0873 0x0630 mwlPSDNServ - ok
19:40:00.0886 0x0630 [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:40:00.0895 0x0630 mwlPSDVDisk - ok
19:40:00.0933 0x0630 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
19:40:00.0967 0x0630 napagent - ok
19:40:01.0020 0x0630 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:40:01.0072 0x0630 NativeWifiP - ok
19:40:01.0127 0x0630 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:40:01.0160 0x0630 NDIS - ok
19:40:01.0191 0x0630 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:40:01.0217 0x0630 NdisCap - ok
19:40:01.0244 0x0630 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:40:01.0269 0x0630 NdisTapi - ok
19:40:01.0294 0x0630 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:40:01.0318 0x0630 Ndisuio - ok
19:40:01.0332 0x0630 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:40:01.0370 0x0630 NdisWan - ok
19:40:01.0385 0x0630 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:40:01.0421 0x0630 NDProxy - ok
19:40:01.0458 0x0630 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:40:01.0483 0x0630 NetBIOS - ok
19:40:01.0523 0x0630 [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:40:01.0557 0x0630 NetBT - ok
19:40:01.0582 0x0630 [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] Netlogon C:\Windows\system32\lsass.exe
19:40:01.0591 0x0630 Netlogon - ok
19:40:01.0626 0x0630 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
19:40:01.0658 0x0630 Netman - ok
19:40:01.0737 0x0630 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:01.0758 0x0630 NetMsmqActivator - ok
19:40:01.0766 0x0630 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:01.0782 0x0630 NetPipeActivator - ok
19:40:01.0822 0x0630 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
19:40:01.0866 0x0630 netprofm - ok
19:40:01.0871 0x0630 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:01.0881 0x0630 NetTcpActivator - ok
19:40:01.0886 0x0630 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:01.0896 0x0630 NetTcpPortSharing - ok
19:40:01.0948 0x0630 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:40:01.0965 0x0630 nfrd960 - ok
19:40:02.0004 0x0630 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:40:02.0041 0x0630 NlaSvc - ok
19:40:02.0186 0x0630 [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:40:02.0240 0x0630 NOBU - ok
19:40:02.0265 0x0630 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:40:02.0291 0x0630 Npfs - ok
19:40:02.0311 0x0630 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
19:40:02.0353 0x0630 nsi - ok
19:40:02.0371 0x0630 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:40:02.0396 0x0630 nsiproxy - ok
19:40:02.0483 0x0630 [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:40:02.0524 0x0630 Ntfs - ok
19:40:02.0583 0x0630 [ D27A4546417ED7C4AEA7B3420D4F1F50, 8D52FF7D2C6E338E2E8B414F0FE9ED296A901CB38BCFF8814B1ECE52D8D1599D ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
19:40:02.0606 0x0630 NTI IScheduleSvc - ok
19:40:02.0642 0x0630 [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
19:40:02.0652 0x0630 NTIDrvr - ok
19:40:02.0666 0x0630 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
19:40:02.0718 0x0630 Null - ok
19:40:03.0159 0x0630 [ 3FE85451B58041D7559E5B240C6ED5E3, BF10C531C09A0C7759E347E939E95FD808630D3A2EB3E4FBD377D6808C7C438F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:40:03.0607 0x0630 nvlddmkm - ok
19:40:03.0686 0x0630 [ 8112C491EF11244A526CD4AF04B3A46A, 9DB90D12C8F796FDC02FCDB4832E658EAE9BE05046843948A8AD54D087E1D7D5 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
19:40:03.0701 0x0630 nvpciflt - ok
19:40:03.0727 0x0630 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:40:03.0742 0x0630 nvraid - ok
19:40:03.0770 0x0630 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:40:03.0785 0x0630 nvstor - ok
19:40:03.0847 0x0630 [ C18E6D625B1F0740798E22DF60A4EA99, 9B74E54E862D41B8627CBA318229D414467476459384F433FC52BA7FCF8AC8F3 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:40:03.0869 0x0630 nvsvc - ok
19:40:03.0990 0x0630 [ 8165CB470A8AB5446E3ADFBC51712580, 8E719821B0B903B6607001464AD97927E689133D9509371BCAD1473B8B4AF23D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:40:04.0039 0x0630 nvUpdatusService - ok
19:40:04.0068 0x0630 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:40:04.0077 0x0630 nv_agp - ok
19:40:04.0091 0x0630 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:40:04.0102 0x0630 ohci1394 - ok
19:40:04.0172 0x0630 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:40:04.0191 0x0630 ose - ok
19:40:04.0418 0x0630 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:40:04.0607 0x0630 osppsvc - ok
19:40:04.0649 0x0630 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:40:04.0684 0x0630 p2pimsvc - ok
19:40:04.0708 0x0630 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
19:40:04.0726 0x0630 p2psvc - ok
19:40:04.0760 0x0630 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
19:40:04.0799 0x0630 Parport - ok
19:40:04.0833 0x0630 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:40:04.0849 0x0630 partmgr - ok
19:40:04.0887 0x0630 [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc C:\Windows\System32\pcasvc.dll
19:40:04.0920 0x0630 PcaSvc - ok
19:40:04.0962 0x0630 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
19:40:04.0987 0x0630 pci - ok
19:40:05.0030 0x0630 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
19:40:05.0047 0x0630 pciide - ok
19:40:05.0059 0x0630 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:40:05.0075 0x0630 pcmcia - ok
19:40:05.0090 0x0630 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
19:40:05.0099 0x0630 pcw - ok
19:40:05.0160 0x0630 [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:40:05.0198 0x0630 PEAUTH - ok
19:40:05.0257 0x0630 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:40:05.0294 0x0630 PerfHost - ok
19:40:05.0388 0x0630 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
19:40:05.0453 0x0630 pla - ok
19:40:05.0511 0x0630 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:40:05.0538 0x0630 PlugPlay - ok
19:40:05.0559 0x0630 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:40:05.0569 0x0630 PNRPAutoReg - ok
19:40:05.0594 0x0630 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:40:05.0608 0x0630 PNRPsvc - ok
19:40:05.0662 0x0630 [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:40:05.0692 0x0630 PolicyAgent - ok
19:40:05.0724 0x0630 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
19:40:05.0759 0x0630 Power - ok
19:40:05.0803 0x0630 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:40:05.0867 0x0630 PptpMiniport - ok
19:40:05.0890 0x0630 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
19:40:05.0916 0x0630 Processor - ok
19:40:05.0957 0x0630 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
19:40:05.0984 0x0630 ProfSvc - ok
19:40:05.0993 0x0630 [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] ProtectedStorage C:\Windows\system32\lsass.exe
19:40:06.0005 0x0630 ProtectedStorage - ok
19:40:06.0032 0x0630 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:40:06.0068 0x0630 Psched - ok
19:40:06.0139 0x0630 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:40:06.0177 0x0630 ql2300 - ok
19:40:06.0206 0x0630 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:40:06.0216 0x0630 ql40xx - ok
19:40:06.0248 0x0630 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
19:40:06.0266 0x0630 QWAVE - ok
19:40:06.0284 0x0630 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:40:06.0329 0x0630 QWAVEdrv - ok
19:40:06.0356 0x0630 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:40:06.0413 0x0630 RasAcd - ok
19:40:06.0450 0x0630 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:40:06.0494 0x0630 RasAgileVpn - ok
19:40:06.0523 0x0630 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
19:40:06.0569 0x0630 RasAuto - ok
19:40:06.0595 0x0630 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:40:06.0640 0x0630 Rasl2tp - ok
19:40:06.0664 0x0630 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
19:40:06.0695 0x0630 RasMan - ok
19:40:06.0718 0x0630 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:40:06.0761 0x0630 RasPppoe - ok
19:40:06.0784 0x0630 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:40:06.0828 0x0630 RasSstp - ok
19:40:06.0860 0x0630 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:40:06.0901 0x0630 rdbss - ok
19:40:06.0922 0x0630 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:40:06.0933 0x0630 rdpbus - ok
19:40:06.0957 0x0630 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:40:06.0999 0x0630 RDPCDD - ok
19:40:07.0003 0x0630 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:40:07.0029 0x0630 RDPENCDD - ok
19:40:07.0034 0x0630 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:40:07.0059 0x0630 RDPREFMP - ok
19:40:07.0108 0x0630 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:40:07.0149 0x0630 RDPWD - ok
19:40:07.0197 0x0630 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:40:07.0218 0x0630 rdyboost - ok
19:40:07.0254 0x0630 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:40:07.0300 0x0630 RemoteAccess - ok
19:40:07.0351 0x0630 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:40:07.0419 0x0630 RemoteRegistry - ok
19:40:07.0444 0x0630 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:40:07.0459 0x0630 RFCOMM - ok
19:40:07.0477 0x0630 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:40:07.0518 0x0630 RpcEptMapper - ok
19:40:07.0545 0x0630 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
19:40:07.0555 0x0630 RpcLocator - ok
19:40:07.0599 0x0630 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs C:\Windows\system32\rpcss.dll
19:40:07.0616 0x0630 RpcSs - ok
19:40:07.0653 0x0630 [ 6E5C3D18C3BCC72AA527DBC5FA61AB8F, DED50163906A86A55E299AAEE127B00EFCCEA7DF26AC962568C91935A13A1562 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
19:40:07.0670 0x0630 RSPCIESTOR - ok
19:40:07.0705 0x0630 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:40:07.0762 0x0630 rspndr - ok
19:40:07.0782 0x0630 [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] SamSs C:\Windows\system32\lsass.exe
19:40:07.0793 0x0630 SamSs - ok
19:40:07.0814 0x0630 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:40:07.0825 0x0630 sbp2port - ok
19:40:07.0858 0x0630 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:40:07.0892 0x0630 SCardSvr - ok
19:40:07.0909 0x0630 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:40:07.0968 0x0630 scfilter - ok
19:40:08.0021 0x0630 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
19:40:08.0065 0x0630 Schedule - ok
19:40:08.0098 0x0630 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:40:08.0123 0x0630 SCPolicySvc - ok
19:40:08.0147 0x0630 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:40:08.0174 0x0630 SDRSVC - ok
19:40:08.0207 0x0630 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:40:08.0232 0x0630 secdrv - ok
19:40:08.0270 0x0630 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll
19:40:08.0280 0x0630 seclogon - ok
19:40:08.0300 0x0630 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
19:40:08.0326 0x0630 SENS - ok
19:40:08.0351 0x0630 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:40:08.0376 0x0630 SensrSvc - ok
19:40:08.0417 0x0630 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:40:08.0454 0x0630 Serenum - ok
19:40:08.0484 0x0630 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
19:40:08.0499 0x0630 Serial - ok
19:40:08.0529 0x0630 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:40:08.0553 0x0630 sermouse - ok
19:40:08.0592 0x0630 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
19:40:08.0646 0x0630 SessionEnv - ok
19:40:08.0667 0x0630 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:40:08.0681 0x0630 sffdisk - ok
19:40:08.0711 0x0630 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:40:08.0752 0x0630 sffp_mmc - ok
19:40:08.0780 0x0630 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:40:08.0798 0x0630 sffp_sd - ok
19:40:08.0821 0x0630 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:40:08.0836 0x0630 sfloppy - ok
19:40:08.0921 0x0630 [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:40:08.0958 0x0630 Sftfs - ok
19:40:09.0058 0x0630 [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:40:09.0079 0x0630 sftlist - ok
19:40:09.0117 0x0630 [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:40:09.0130 0x0630 Sftplay - ok
19:40:09.0151 0x0630 [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:40:09.0159 0x0630 Sftredir - ok
19:40:09.0198 0x0630 [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:40:09.0206 0x0630 Sftvol - ok
19:40:09.0249 0x0630 [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:40:09.0260 0x0630 sftvsa - ok
19:40:09.0306 0x0630 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:40:09.0354 0x0630 SharedAccess - ok
19:40:09.0390 0x1264 Object required for P2P: [ 88FBBB1C601A6BC42054E57C2897FA45 ] gupdate
19:40:09.0391 0x0630 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:40:09.0425 0x0630 ShellHWDetection - ok
19:40:09.0455 0x0630 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:40:09.0463 0x0630 SiSRaid2 - ok
19:40:09.0484 0x1264 Object send P2P result: true
19:40:09.0484 0x1264 Object required for P2P: [ 88FBBB1C601A6BC42054E57C2897FA45 ] gupdatem
19:40:09.0487 0x0630 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:40:09.0496 0x0630 SiSRaid4 - ok
19:40:09.0583 0x1264 Object send P2P result: true
19:40:09.0587 0x0630 [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:40:09.0618 0x0630 SkypeUpdate - ok
19:40:09.0643 0x0630 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:40:09.0707 0x0630 Smb - ok
19:40:09.0752 0x0630 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:40:09.0774 0x0630 SNMPTRAP - ok
19:40:09.0802 0x0630 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
19:40:09.0810 0x0630 spldr - ok
19:40:09.0840 0x0630 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
19:40:09.0875 0x0630 Spooler - ok
19:40:09.0996 0x0630 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
19:40:10.0092 0x0630 sppsvc - ok
19:40:10.0121 0x0630 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:40:10.0147 0x0630 sppuinotify - ok
19:40:10.0194 0x0630 [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:40:10.0241 0x0630 srv - ok
19:40:10.0269 0x0630 [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:40:10.0309 0x0630 srv2 - ok
19:40:10.0331 0x0630 [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:40:10.0361 0x0630 srvnet - ok
19:40:10.0398 0x0630 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:40:10.0447 0x0630 SSDPSRV - ok
19:40:10.0473 0x0630 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:40:10.0524 0x0630 SstpSvc - ok
19:40:10.0569 0x0630 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:40:10.0587 0x0630 stexstor - ok
19:40:10.0641 0x0630 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
19:40:10.0671 0x0630 stisvc - ok
19:40:10.0683 0x0630 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
19:40:10.0691 0x0630 swenum - ok
19:40:10.0729 0x0630 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
19:40:10.0765 0x0630 swprv - ok
19:40:10.0853 0x0630 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
19:40:10.0904 0x0630 SysMain - ok
19:40:10.0919 0x0630 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:40:10.0948 0x0630 TabletInputService - ok
19:40:10.0986 0x0630 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:40:11.0017 0x0630 TapiSrv - ok
19:40:11.0121 0x0630 [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:40:11.0167 0x0630 Tcpip - ok
19:40:11.0214 0x0630 [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:40:11.0253 0x0630 TCPIP6 - ok
19:40:11.0275 0x0630 [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:40:11.0302 0x0630 tcpipreg - ok
19:40:11.0331 0x0630 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:40:11.0340 0x0630 TDPIPE - ok
19:40:11.0351 0x0630 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:40:11.0381 0x0630 TDTCP - ok
19:40:11.0419 0x0630 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:40:11.0442 0x0630 tdx - ok
19:40:11.0477 0x0630 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
19:40:11.0491 0x0630 TermDD - ok
19:40:11.0551 0x0630 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
19:40:11.0591 0x0630 TermService - ok
19:40:11.0621 0x0630 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
19:40:11.0654 0x0630 Themes - ok
19:40:11.0684 0x0630 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
19:40:11.0710 0x0630 THREADORDER - ok
19:40:11.0728 0x0630 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
19:40:11.0756 0x0630 TrkWks - ok
19:40:11.0807 0x0630 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:40:11.0849 0x0630 TrustedInstaller - ok
19:40:11.0886 0x0630 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:40:11.0903 0x0630 tssecsrv - ok
19:40:11.0927 0x0630 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:40:11.0946 0x0630 TsUsbFlt - ok
19:40:11.0977 0x0630 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:40:11.0989 0x0630 TsUsbGD - ok
19:40:12.0030 0x0630 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:40:12.0066 0x0630 tunnel - ok
19:40:12.0104 0x0630 [ 20155CF5FB9F7902178D7D5CDC7C0F90, 151043D6F1D7D3419FB4AA8D76229CFF99ECAA89297421C2137DE609E5A2B368 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
19:40:12.0120 0x0630 TurboB - ok
19:40:12.0168 0x0630 [ E00FC2B80837C29817A3A082717B8C48, 8028C16FB0579EADAAA092B5F197125C716AF1C64C43F9FADF725D3E1109F1BD ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:40:12.0188 0x0630 TurboBoost - ok
19:40:12.0212 0x0630 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:40:12.0225 0x0630 uagp35 - ok
19:40:12.0243 0x0630 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
19:40:12.0253 0x0630 UBHelper - ok
19:40:12.0283 0x0630 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:40:12.0321 0x0630 udfs - ok
19:40:12.0351 0x0630 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:40:12.0362 0x0630 UI0Detect - ok
19:40:12.0388 0x0630 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:40:12.0397 0x0630 uliagpkx - ok
19:40:12.0442 0x0630 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:40:12.0462 0x0630 umbus - ok
19:40:12.0484 0x0630 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
19:40:12.0494 0x0630 UmPass - ok
19:40:12.0593 0x0630 [ 875A3B86D821151C84A4DFD40309C72D, FB251A3180F829B086C007807B68D7918276FEDB33618BB22C28A3DCEAFB751E ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:40:12.0614 0x0630 UNS - ok
19:40:12.0649 0x0630 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
19:40:12.0680 0x0630 upnphost - ok
19:40:12.0729 0x0630 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:40:12.0751 0x0630 USBAAPL64 - ok
19:40:12.0793 0x0630 [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
19:40:12.0816 0x0630 usbccgp - ok
19:40:12.0870 0x0630 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:40:12.0910 0x0630 usbcir - ok
19:40:12.0938 0x0630 [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:40:12.0957 0x0630 usbehci - ok
19:40:12.0999 0x0630 [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub C:\Windows\system32\drivers\usbhub.sys
19:40:13.0035 0x0630 usbhub - ok
19:40:13.0052 0x0630 [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:40:13.0079 0x0630 usbohci - ok
19:40:13.0116 0x0630 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:40:13.0137 0x0630 usbprint - ok
19:40:13.0173 0x0630 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:40:13.0205 0x0630 USBSTOR - ok
19:40:13.0251 0x0630 [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:40:13.0282 0x0630 usbuhci - ok
19:40:13.0332 0x0630 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:40:13.0374 0x0630 usbvideo - ok
19:40:13.0495 0x0630 [ 3341B39E9FC85340B9895D6C0BB0792C, 7A81F710EBA27AA82C57D5A839ECED4E19E155B0B1BC5DA30171F8F184EEF521 ] UvConv C:\Users\Pascal\AppData\Roaming\hadha\UvConverter.exe
19:40:13.0513 0x0630 UvConv - detected UnsignedFile.Multi.Generic ( 1 )
19:40:13.0669 0x0630 UvConv ( UnsignedFile.Multi.Generic ) - warning
19:40:13.0669 0x0630 Force sending object to P2P due to detect: UvConv
19:40:13.0767 0x0630 Object send P2P result: true
19:40:14.0078 0x0630 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
19:40:14.0121 0x0630 UxSms - ok
19:40:14.0127 0x0630 [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] VaultSvc C:\Windows\system32\lsass.exe
19:40:14.0136 0x0630 VaultSvc - ok
19:40:14.0177 0x0630 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:40:14.0185 0x0630 vdrvroot - ok
19:40:14.0224 0x0630 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
19:40:14.0259 0x0630 vds - ok
19:40:14.0273 0x0630 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:40:14.0286 0x0630 vga - ok
19:40:14.0324 0x0630 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:40:14.0348 0x0630 VgaSave - ok
19:40:14.0365 0x0630 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:40:14.0376 0x0630 vhdmp - ok
19:40:14.0410 0x0630 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
19:40:14.0420 0x0630 viaide - ok
19:40:14.0447 0x0630 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:40:14.0455 0x0630 volmgr - ok
19:40:14.0478 0x0630 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:40:14.0492 0x0630 volmgrx - ok
19:40:14.0507 0x0630 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:40:14.0521 0x0630 volsnap - ok
19:40:14.0547 0x0630 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:40:14.0558 0x0630 vsmraid - ok
19:40:14.0680 0x0630 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
19:40:14.0758 0x0630 VSS - ok
19:40:14.0783 0x0630 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:40:14.0794 0x0630 vwifibus - ok
19:40:14.0824 0x0630 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:40:14.0838 0x0630 vwififlt - ok
19:40:14.0888 0x0630 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
19:40:14.0920 0x0630 W32Time - ok
19:40:14.0940 0x0630 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:40:14.0950 0x0630 WacomPen - ok
19:40:14.0978 0x0630 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:40:15.0004 0x0630 WANARP - ok
19:40:15.0008 0x0630 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:40:15.0034 0x0630 Wanarpv6 - ok
19:40:15.0133 0x0630 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:40:15.0167 0x0630 WatAdminSvc - ok
19:40:15.0256 0x0630 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
19:40:15.0303 0x0630 wbengine - ok
19:40:15.0332 0x0630 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:40:15.0360 0x0630 WbioSrvc - ok
19:40:15.0386 0x0630 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:40:15.0423 0x0630 wcncsvc - ok
19:40:15.0448 0x0630 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:40:15.0458 0x0630 WcsPlugInService - ok
19:40:15.0479 0x0630 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
19:40:15.0487 0x0630 Wd - ok
19:40:15.0548 0x0630 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:40:15.0572 0x0630 Wdf01000 - ok
19:40:15.0615 0x0630 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:40:15.0639 0x0630 WdiServiceHost - ok
19:40:15.0646 0x0630 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:40:15.0668 0x0630 WdiSystemHost - ok
19:40:15.0713 0x0630 [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient C:\Windows\System32\webclnt.dll
19:40:15.0728 0x0630 WebClient - ok
19:40:15.0761 0x0630 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:40:15.0806 0x0630 Wecsvc - ok
19:40:15.0825 0x0630 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:40:15.0853 0x0630 wercplsupport - ok
19:40:15.0880 0x0630 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
19:40:15.0926 0x0630 WerSvc - ok
19:40:15.0968 0x0630 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:40:16.0010 0x0630 WfpLwf - ok
19:40:16.0021 0x0630 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:40:16.0029 0x0630 WIMMount - ok
19:40:16.0043 0x0630 WinDefend - ok
19:40:16.0050 0x0630 WinHttpAutoProxySvc - ok
19:40:16.0104 0x0630 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:40:16.0146 0x0630 Winmgmt - ok
19:40:16.0253 0x0630 [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM C:\Windows\system32\WsmSvc.dll
19:40:16.0304 0x0630 WinRM - ok
19:40:16.0367 0x0630 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:40:16.0390 0x0630 WinUsb - ok
19:40:16.0451 0x0630 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:40:16.0494 0x0630 Wlansvc - ok
19:40:16.0560 0x0630 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:40:16.0576 0x0630 wlcrasvc - ok
19:40:16.0729 0x0630 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:40:16.0791 0x0630 wlidsvc - ok
19:40:16.0835 0x0630 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:40:16.0853 0x0630 WmiAcpi - ok
19:40:16.0885 0x0630 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:40:16.0900 0x0630 wmiApSrv - ok
19:40:16.0925 0x0630 WMPNetworkSvc - ok
19:40:16.0954 0x0630 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:40:16.0990 0x0630 WPCSvc - ok
19:40:17.0013 0x0630 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:40:17.0040 0x0630 WPDBusEnum - ok
19:40:17.0066 0x0630 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:40:17.0091 0x0630 ws2ifsl - ok
19:40:17.0110 0x0630 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
19:40:17.0145 0x0630 wscsvc - ok
19:40:17.0148 0x0630 WSearch - ok
19:40:17.0276 0x0630 [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv C:\Windows\system32\wuaueng.dll
19:40:17.0363 0x0630 wuauserv - ok
19:40:17.0394 0x0630 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:40:17.0405 0x0630 WudfPf - ok
19:40:17.0438 0x0630 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:40:17.0481 0x0630 WUDFRd - ok
19:40:17.0518 0x0630 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:40:17.0555 0x0630 wudfsvc - ok
19:40:17.0599 0x0630 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:40:17.0640 0x0630 WwanSvc - ok
19:40:17.0720 0x0630 [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
19:40:17.0763 0x0630 xnacc - ok
19:40:17.0825 0x0630 [ 79BC44FF509C79D4E34DED3CD6EFD92B, E20385AC49BB1BA882A1EEEB57EB4AC2B1EFD507C0254DE6DE5AD5161A8B0E7C ] ZAtheros Wlan Agent C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
19:40:17.0835 0x0630 ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic ( 1 )
19:40:17.0933 0x0630 Detect skipped due to KSN trusted
19:40:17.0933 0x0630 ZAtheros Wlan Agent - ok
19:40:17.0939 0x0630 ================ Scan global ===============================
19:40:17.0975 0x0630 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
19:40:18.0021 0x0630 [ A5794B1E3ACEF48E716F0A89C83C1AEA, B904C861CBDAF00341F8697BD05C2E66C23CF4D6C94E19AF464D898436F34D73 ] C:\Windows\system32\winsrv.dll
19:40:18.0040 0x0630 [ A5794B1E3ACEF48E716F0A89C83C1AEA, B904C861CBDAF00341F8697BD05C2E66C23CF4D6C94E19AF464D898436F34D73 ] C:\Windows\system32\winsrv.dll
19:40:18.0065 0x0630 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:40:18.0112 0x0630 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
19:40:18.0127 0x0630 [ Global ] - ok
19:40:18.0128 0x0630 ================ Scan MBR ==================================
19:40:18.0143 0x0630 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:40:19.0052 0x0630 \Device\Harddisk0\DR0 - ok
19:40:19.0052 0x0630 ================ Scan VBR ==================================
19:40:19.0070 0x0630 [ 772DE8D91943FF12EDDA82E57135F271 ] \Device\Harddisk0\DR0\Partition1
19:40:19.0073 0x0630 \Device\Harddisk0\DR0\Partition1 - ok
19:40:19.0087 0x0630 [ 48E1A9A55FD4A52008627106536A1227 ] \Device\Harddisk0\DR0\Partition2
19:40:19.0090 0x0630 \Device\Harddisk0\DR0\Partition2 - ok
19:40:19.0111 0x0630 [ 6400A0AB6C90A9502733FE4CF5C5E70A ] \Device\Harddisk0\DR0\Partition3
19:40:19.0113 0x0630 \Device\Harddisk0\DR0\Partition3 - ok
19:40:19.0113 0x0630 ================ Scan generic autorun ======================
19:40:19.0163 0x0630 [ E815DF429EE04E2CE644C1B5F30B0B1E, 98C2B1DA65CBC30D43D526C2D43B7A0DB931B3C0CA60193468A8F99538CC8DAF ] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
19:40:19.0180 0x0630 InstantUpdate - ok
19:40:19.0208 0x0630 [ 406C9A72B1CE00E731310CCADB4C3150, 921041224A4BB4E78E863AED3705F3E75C42D2D7FB4DA458E278EB8F0A05BA8A ] C:\Windows\system32\igfxtray.exe
19:40:19.0221 0x0630 IgfxTray - ok
19:40:19.0263 0x0630 [ 2A5459EB1D04D25EC44B6FB1E1F262F2, 058B4CA9AA5228B01664AF42C49D2D78D2EAC12173D82E188B5AD5FF9361D9FA ] C:\Windows\system32\hkcmd.exe
19:40:19.0281 0x0630 HotKeysCmds - ok
19:40:19.0330 0x0630 [ 1C56476A663EAB7561F78DD87544AFAA, F15C6A5469031238C449F41137138A7B0B459B18AB84CDF1B92D2D8E54E39DDA ] C:\Windows\system32\igfxpers.exe
19:40:19.0349 0x0630 Persistence - ok
19:40:19.0717 0x0630 [ 2369302807DB32AFADB5FA65E48500D5, BF9E26F5CEE1F6BF06D48BC1036F27E148C2F85937EAF30111FEC6AE9BD179B7 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:40:19.0927 0x0630 RtHDVCpl - ok
19:40:20.0064 0x0630 [ B1DDCBE7D17DE94045FE9E40EB3D0170, 76EAF208139160C10937FEB4CB47A9890BF66414A3958289DDDCE62EA6E701FC ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
19:40:20.0103 0x0630 RtHDVBg_Dolby - ok
19:40:20.0157 0x0630 [ E390603C119800437DCD25491C888E3B, 04FC59E1BC130BEB95CA230991E81B29FDAFBC4D31AC60FA066849D75369BA63 ] C:\Program Files\Apoint2K\Apoint.exe
19:40:20.0178 0x0630 Apoint - ok
19:40:20.0181 0x0630 IntelTBRunOnce - ok
19:40:20.0274 0x0630 [ 9634F2078F66B901B171F7E75FFF3261, DF82CF522847F930A26A438096C32A34F448A89F28BA4C681F396F0C25B96E28 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
19:40:20.0309 0x0630 Power Management - ok
19:40:20.0353 0x0630 [ 5A89395D7185A2B1B6A43870079D808F, 6557F3F82931D2782B33976FB7B441FFE65AB98377ADB2E8582D0CA41A28F581 ] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe
19:40:20.0367 0x0630 OOTag - ok
19:40:20.0472 0x0630 [ 5281CBFF8143A213CE0230A1B8E9161B, CAA9CF25D901599DFDEC949D4F61D235F111C7A54699DE3F36C57FF27991FA17 ] C:\Program Files\Acer\Acer Updater\ALU.exe
19:40:20.0543 0x0630 ALU - ok
19:40:20.0634 0x0630 [ 9BC2534576547B472FF8CE5092DF49A4, EFE2189C112C90AE40CD7375EEF1936A32993427CF7D7581E887693099E815DB ] C:\Program Files\McAfee.com\Agent\mcagent.exe
19:40:20.0672 0x0630 mcui_exe - ok
19:40:20.0704 0x0630 [ D35187E38B0BD6E116C2CE582CAC4273, B3C652E0875D4354ACE6F475BC84B4BCA41A1AD8AF5FBE9DE9A9B66B7FCC2756 ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
19:40:20.0731 0x0630 SuiteTray - ok
19:40:20.0821 0x0630 [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
19:40:20.0851 0x0630 Norton Online Backup - ok
19:40:20.0938 0x0630 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
19:40:20.0965 0x0630 Adobe ARM - ok
19:40:21.0010 0x0630 [ 4DDE3E01B5020B3D5DEEC7E3DC0F3185, C7315F3521EE461027A3DDE7CFC0EA4F8E705A98F9292284BB20620D7F34DDE9 ] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
19:40:21.0021 0x0630 BackupManagerTray - ok
19:40:21.0030 0x0630 [ 5A89395D7185A2B1B6A43870079D808F, 6557F3F82931D2782B33976FB7B441FFE65AB98377ADB2E8582D0CA41A28F581 ] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
19:40:21.0037 0x0630 OOTag - ok
19:40:21.0079 0x0630 [ 613166769A21CC231605F88A147B27C2, A48EB76D8B49C309B58F8ABC0C19A81379EEC95896D301B8EE8CE8BDB0DE4019 ] C:\Dolby PCEE4\pcee4.exe
19:40:21.0093 0x0630 Dolby Home Theater v4 - ok
19:40:21.0167 0x0630 [ FE668B0E3E87077A46FE77AFB0E27F9C, E9485A083D7CC0438668132154C8AD14267113F15EEB794B356BF3E6F998FD17 ] C:\Program Files (x86)\Launch Manager\LManager.exe
19:40:21.0196 0x0630 LManager - ok
19:40:21.0246 0x0630 [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
19:40:21.0256 0x0630 USB3MON - ok
19:40:21.0309 0x0630 [ 6D17888CAEEEC8AE90217218146CDE8F, 35B875084ADFBEBB23171FE80A9CAAC70BC3D62EF890F2A87D7143956A5C69A1 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
19:40:21.0327 0x0630 Avira SystrayStartTrigger - ok
19:40:21.0387 0x0630 [ 979D74799EA6C8B8167869A68DF5204A, 2160BA6829909EEB1D272AC4A5F43588750C0B4743477BF2B46952033B5D4B3B ] C:\Windows\SysWOW64\wscript.exe
19:40:21.0416 0x0630 Cepekahuma - ok
19:40:21.0425 0x0630 [ 979D74799EA6C8B8167869A68DF5204A, 2160BA6829909EEB1D272AC4A5F43588750C0B4743477BF2B46952033B5D4B3B ] C:\Windows\SysWOW64\wscript.exe
19:40:21.0438 0x0630 Hetabe - ok
19:40:21.0444 0x0630 [ 979D74799EA6C8B8167869A68DF5204A, 2160BA6829909EEB1D272AC4A5F43588750C0B4743477BF2B46952033B5D4B3B ] C:\Windows\SysWOW64\wscript.exe
19:40:21.0456 0x0630 Patetap - ok
19:40:21.0551 0x0630 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:40:21.0590 0x0630 Sidebar - ok
19:40:21.0612 0x0630 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:40:21.0645 0x0630 mctadmin - ok
19:40:21.0647 0x0630 IsMyWinLockerReboot - ok
19:40:21.0670 0x0630 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:40:21.0698 0x0630 Sidebar - ok
19:40:21.0703 0x0630 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:40:21.0716 0x0630 mctadmin - ok
19:40:21.0718 0x0630 IsMyWinLockerReboot - ok
19:40:21.0744 0x0630 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:40:21.0771 0x0630 Sidebar - ok
19:40:21.0776 0x0630 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:40:21.0790 0x0630 mctadmin - ok
19:40:21.0928 0x0630 [ E7268F78AC083DD6FFAB8173C9B4265D, 91BEA3BBF5A4D6314E1BF6AE1A1ABE2F98CA69F4978E74D4990CBEA494AD01AB ] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
19:40:21.0983 0x0630 FreeAC - ok
19:40:22.0283 0x0630 [ C224456660839CFCAD2CD8DFB293F38B, D99B862217BBF99BF26B78615B3FDC1484607BA0A34E61C445345CD8D49501D4 ] C:\Program Files\CCleaner\CCleaner64.exe
19:40:22.0430 0x0630 CCleaner Monitoring - ok
19:40:22.0605 0x0630 [ 06AF77006612DCA6C01EB869E42968FB, 5FA7A9BF9C6F4EE5A67D32DC8DE3A9A4C12DBA3DAEDEB14F1E330BCD49AF624B ] c:\users\pascal\appdata\local\chromium\application\chrome.exe
19:40:22.0660 0x0630 Chromium - detected UnsignedFile.Multi.Generic ( 1 )
19:40:22.0766 0x0630 Chromium ( UnsignedFile.Multi.Generic ) - warning
19:40:22.0990 0x0630 [ 1D7DD340E13DF9585EABB849CFC3E11B, 31CCD9753402DC030C641214B4ECB48A757BCD9F427A143A88745C62EFF87766 ] C:\Users\Pascal\AppData\Local\Microsoft\OneDrive\OneDrive.exe
19:40:23.0018 0x0630 OneDrive - ok
19:40:23.0019 0x0630 Waiting for KSN requests completion. In queue: 144
19:40:24.0110 0x0630 Win FW state via NFP2: enabled ( trusted )
19:40:24.0313 0x0630 ============================================================
19:40:24.0313 0x0630 Scan finished
19:40:24.0313 0x0630 ============================================================
19:40:24.0323 0x118c Detected object count: 2
19:40:24.0323 0x118c Actual detected object count: 2
19:42:02.0356 0x118c UvConv ( UnsignedFile.Multi.Generic ) - skipped by user
19:42:02.0356 0x118c UvConv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:42:02.0359 0x118c Chromium ( UnsignedFile.Multi.Generic ) - skipped by user
19:42:02.0359 0x118c Chromium ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
23.11.2016, 09:56
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden MBAR richtig gelesen? Auch das beachtet was zu tun ist, wenn MBAR fündig wurde?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.11.2016, 18:36
| #15 |
| | Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden Ja, bin auf Clean up, hab rebooten lassen und den scan wiederholt. Der zweite durchlauf war ohne Fund. Was soll mit den 2 Threads vom TDSSKiller passieren? |
|
| Themen zu Windows 7 : Firefox leitet auf Drittseiten um und trojan.chinad wurde beim Scan gefunden |
| anti-malware, aufbau, chromium, firefox, gefunde, gen, guten, haufen, helper.exe, launch, leitet, malwarebytes, problem gelöst, programme, scan, seite, seiten, seitenaufbau, startseite, surfe, surfen, teredo, troja, umleitungen, unerwünschte, weiteren, weiterer, werbewebseiten, windows, windows 7 |
Linear-Darstellung
