| |
| |||||||
Log-Analyse und Auswertung: Trojan.Win32.Generic - Entdeckt und desinfiziert durch KasperskyWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.12.2016, 13:39
| #1 |
 |  Trojan.Win32.Generic - Entdeckt und desinfiziert durch Kaspersky Hallo zusammen, in der Nacht vom 10.12. auf den 11.12. hat Kaspersky neben einer Rootkitsuche wohl auch größere Updates installiert. Jedenfalls bekam ich Meldungen von Winpatrol. Da die Quelle mit Kaspersky legitim wirkte, habe ich alle Änderungen zugelassen. Als ich am 11.12 meinen JDownloader startete, bekam ich eine Virenmeldung von Kaspersky, die ich im Folgenden posten werde. Ich wurde gefragt, ob ich Desinfizieren möchte, was ich eigtl nicht wollte, ohne vorher hier einen Thread aufzumachen, aber ich konnte nicht anderes auswählen. Also startete ich die Desinfektion und direkt im Anschluss bekam ich diverse Rollback-Meldungen. Nach dem Neustart des PCs kam Kaspersky nicht hoch und ich musste es mit Doppelklick aktivieren. Ich wurde aufgefordert einer Nutzungsvereinbarung zu zustimmen und nach einem Update um einen weiteren Neustart gebeten. Das Interface sah neu aus. Ich konnte keine Logfiles oder einen Menüpunkt für vergangene Suchen finden. Ich lasse immer wieder Malwarebytes oder Adwcleaner drüber laufen, hatte aber in der Vergangenheit keine Meldungen. Da ich eine Meldung zu einem Trojaner bekommen habe, öffne ich den Thread hier. Freue mich wenn jemand mal drüber schaut und mir sagt, ob weitere Schritte nötig sind. Aktuell läuft alles wieder normal. Kaspersky Code:
ATTFilter 11.12.2016 18.20.22 Schadsoftware wurde gelöscht. PDM:Trojan.Win32.Generic Programmname: JDownloader 2 Launcher Programmpfad: c:\users\user\appdata\local\jdownloader v2.0\jdownloader2.exe Zeitpunkt: 11.12.2016 18:20
11.12.2016 18.20.18 Schadsoftware wurde gelöscht. PDM:Trojan.Win32.Generic Programmname: JDownloader 2 Launcher Programmpfad: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk Zeitpunkt: 11.12.2016 18:20
11.12.2016 18.19.14 Schadsoftware-Aktivität wurde beendet. PDM:Trojan.Win32.Generic Programmname: JDownloader 2 Launcher Programmpfad: c:\users\user\appdata\local\jdownloader v2.0\jdownloader2.exe Zeitpunkt: 11.12.2016 18:19
11.12.2016 18.19.12 Schadsoftware gefunden. PDM:Trojan.Win32.Generic Programmname: JDownloader 2 Launcher Programmpfad: c:\users\user\appdata\local\jdownloader v2.0\jdownloader2.exe Zeitpunkt: 11.12.2016 18:19
FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
durchgeführt von User (Administrator) auf IDEA-PC (12-12-2016 13:01:49)
Gestartet von C:\Users\User\Downloads
Geladene Profile: User (Verfügbare Profile: User & Bernd & Administrator)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptcore.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-29] (Alcor Micro Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-29] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-05-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-05-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe [1706576 2012-07-23] (Lenovo)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998088 2015-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [Dropbox Update] => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\MountPoints2: {0871a019-6dd7-11e4-be9d-84a6c8643f47} - "E:\IronKey.exe"
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk [2015-04-16]
ShortcutTarget: PrivateTunnel.lnk -> C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\PrivateTunnel.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-07-26]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{02588863-A3D3-4E9A-B006-C06DDEB9CAED}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5D5EB5BF-6C15-48C3-9169-6F5D07611D78}: [DhcpNameServer] 10.9.0.1 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => Keine Datei
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => Keine Datei
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6khcpd89.default-1462037983612 [2016-12-12]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6khcpd89.default-1462037983612\user.js [2016-05-01]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6khcpd89.default-1462037983612\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-08-26] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2014-04-24] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-08-13] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 Lenovo Smart Update Service; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [66640 2012-07-18] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 ptservice; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe [17816 2015-01-29] (OpenVPN Technologies, Inc)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-08-13] (Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [435032 2016-12-11] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-11] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-11] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-11] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 LAD; C:\WINDOWS\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: <Company name>)
R1 NEOFLTR_7117_28099; C:\WINDOWS\system32\Drivers\NEOFLTR_7117_28099.SYS [99632 2013-11-22] (Juniper Networks)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew00.sys [3349984 2014-02-25] (Intel Corporation)
R3 ptun0901; C:\WINDOWS\system32\DRIVERS\ptun0901.sys [27136 2014-04-24] (The OpenVPN Project)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [204184 2014-03-04] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [975104 2012-08-23] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 klids; \??\C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-12-12 13:01 - 2016-12-12 13:03 - 00028732 _____ C:\Users\User\Downloads\FRST.txt
2016-12-12 13:01 - 2016-12-12 13:01 - 00000000 ____D C:\FRST
2016-12-12 13:00 - 2016-12-12 13:01 - 02420224 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-12-11 18:39 - 2016-12-11 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-12-11 18:39 - 2016-12-11 01:34 - 00002229 _____ C:\Users\Public\Desktop\Sicherer Zahlungsverkehr.lnk
2016-12-11 18:39 - 2016-12-11 01:34 - 00002167 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-12-11 18:23 - 2016-12-11 18:23 - 00000904 _____ C:\Users\User\Desktop\jdw Kasp 11_12_16.txt
2016-12-11 01:38 - 2016-12-11 21:30 - 00001427 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2016-12-11 01:38 - 2016-12-11 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-12-11 01:35 - 2016-12-11 21:23 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-05 08:15 - 2016-12-05 08:16 - 03968464 _____ C:\Users\User\Downloads\adwcleaner_6.040.exe
2016-12-04 23:01 - 2016-12-04 23:01 - 00310728 _____ C:\WINDOWS\Minidump\120416-23921-01.dmp
2016-12-01 21:17 - 2016-12-01 21:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-27 11:50 - 2016-11-27 11:50 - 00441629 _____ C:\Users\User\Desktop\FLT_CSO1OK57129_0.pdf
2016-11-19 10:27 - 2016-12-12 12:54 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2016-11-18 21:45 - 2016-12-02 19:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-12-12 12:29 - 2014-01-01 19:37 - 00000000 ____D C:\Users\User\Documents\Wohnung
2016-12-12 12:16 - 2016-11-05 21:00 - 00001236 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001UA.job
2016-12-12 12:16 - 2016-03-30 11:51 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-12-12 12:12 - 2013-11-27 22:20 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-12 11:35 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-12 10:48 - 2015-08-26 18:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-12 10:47 - 2016-02-13 15:13 - 00000000 ___RD C:\Users\User\OneDrive
2016-12-11 23:00 - 2015-02-02 20:39 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2016-12-11 21:32 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-11 21:30 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-12-11 21:28 - 2016-07-28 19:56 - 01019616 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-12-11 21:28 - 2016-06-20 23:41 - 00057424 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2016-12-11 21:28 - 2015-12-03 10:12 - 00134880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2016-12-11 21:27 - 2016-06-20 17:54 - 00435032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-12-11 18:39 - 2015-08-26 18:35 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-12-11 18:20 - 2013-11-24 12:00 - 00000000 ____D C:\Users\User\AppData\Local\JDownloader v2.0
2016-12-11 18:09 - 2013-11-24 11:23 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1705235364-331925899-3810876140-1001
2016-12-11 01:34 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-12-11 01:33 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-12-09 21:16 - 2015-09-30 09:27 - 00001184 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001Core.job
2016-12-09 16:10 - 2014-03-18 11:03 - 01564806 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-09 16:10 - 2014-03-18 10:25 - 00661900 _____ C:\WINDOWS\system32\perfh007.dat
2016-12-09 16:10 - 2014-03-18 10:25 - 00135098 _____ C:\WINDOWS\system32\perfc007.dat
2016-12-07 22:06 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-05 08:21 - 2016-07-15 21:55 - 00000000 ____D C:\AdwCleaner
2016-12-04 23:01 - 2013-11-24 11:14 - 824054486 _____ C:\WINDOWS\MEMORY.DMP
2016-12-04 19:57 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-12-03 23:26 - 2014-08-30 22:38 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-03 20:38 - 2015-03-19 14:28 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-02 18:30 - 2013-06-07 09:08 - 03947520 ___SH C:\Users\User\Desktop\Thumbs.db
2016-12-01 21:17 - 2013-12-08 13:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2016-12-01 21:11 - 2016-11-05 21:00 - 00004180 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001UA
2016-12-01 21:11 - 2016-11-05 21:00 - 00003800 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001Core
2016-11-20 17:54 - 2014-12-27 09:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-19 11:25 - 2014-03-11 21:18 - 00000000 ____D C:\Users\User\Documents\Beruf
2016-11-19 11:25 - 2013-06-17 10:30 - 00000000 ____D C:\Users\User\Documents\Uni
2016-11-17 23:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2016-11-17 20:04 - 2013-11-24 15:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-17 19:46 - 2013-11-24 15:40 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-11-22 22:15 - 2013-11-24 11:27 - 0002004 _____ () C:\Users\User\AppData\Roaming\AbsoluteReminder.xml
2014-09-21 10:12 - 2014-09-21 10:12 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-03 13:05 - 2014-08-03 13:10 - 0037691 _____ () C:\Users\User\AppData\Local\WiDiSetupLog.20140803.140526.wdl
2013-05-29 06:47 - 2013-05-29 06:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\User\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\User\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\User\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\User\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\User\AppData\Local\Temp\proxy_vole7142710015461310899.dll
C:\Users\User\AppData\Local\Temp\vlc-2.2.4-win32.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-12-04 10:01
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 07-12-2016
durchgeführt von User (12-12-2016 13:04:33)
Gestartet von C:\Users\User\Downloads
Windows 8.1 (Update) (X64) (2014-08-27 21:38:25)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1705235364-331925899-3810876140-500 - Administrator - Disabled) => C:\Users\Administrator
Bernd (S-1-5-21-1705235364-331925899-3810876140-1021 - Administrator - Enabled) => C:\Users\Bernd
Gast (S-1-5-21-1705235364-331925899-3810876140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1705235364-331925899-3810876140-1003 - Limited - Enabled)
User (S-1-5-21-1705235364-331925899-3810876140-1001 - Administrator - Enabled) => C:\Users\User
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.2.3042.61510 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.2.3042.61510 - Alcor Micro Corp.) Hidden
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
calibre 64bit (HKLM\...\{022ED169-3871-4D3E-963E-322226C5F455}) (Version: 2.13.0 - Kovid Goyal)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{9C798E99-094E-4289-A6C8-1D5EE63AFFE3}) (Version: 4.2.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Juniper Networks Host Checker (HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Neoteris_Host_Checker) (Version: 7.1.17.28099 - Juniper Networks)
Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 7.1.17.28099 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Juniper_Setup_Client) (Version: 7.1.17.41283 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo MediaShow6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.4019 - CyberLink Corp.)
Lenovo MediaShow6 (x32 Version: 6.0.4019 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.5.75 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 de)) (Version: 50.0 - Mozilla)
Mozilla Firefox 50.0.2 (x86 de) (HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Mozilla Firefox 50.0.2 (x86 de)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
myphotobook.de (x32 Version: 1.6.0 - myphotobook GmbH) Hidden
Plex Media Server (HKLM-x32\...\{9eb61479-6f2f-43c4-bfe8-12a7ea9d1acb}) (Version: 0.9.914 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.914 - Plex, Inc.) Hidden
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.4.2.4 - OpenVPN Technologies)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.15 - Synaptics Incorporated)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Lenovo Corporation (LAD) System (06/08/2012 1.0.0.3) (HKLM\...\C48768A2A32F4649238F7DCF737A260911895FDE) (Version: 06/08/2012 1.0.0.3 - Lenovo Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 5.40 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.3 - win.rar GmbH)
WISO Steuer 2014 (HKLM-x32\...\{90FBD066-7FAB-4698-AF88-E136F62CA853}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO steuer:Start 2015 (HKLM-x32\...\{2228393B-63AA-43F7-9D61-760AA6540529}) (Version: 22.00.8811 - Buhl Data Service GmbH)
WISO steuer:Start 2016 (HKLM-x32\...\{05FBB017-9FB8-4CDD-9569-EA85C263E4E2}) (Version: 23.00.1146 - Buhl Data Service GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01763BFF-E7F9-43D7-96F6-1EEFD6C43290} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001Core => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {09F5DE1B-3F48-4516-B8CA-2AF2A10D282A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {0CBA7208-89B1-41F0-8E7D-47DBB48B6C3D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {21942AF5-9839-4D23-BA8D-9363DEC591FC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-18] (Lenovo)
Task: {4AC36279-3B9C-401B-9EF3-FE1982F4E670} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {740E76F3-EFAB-4C75-B6FB-597383EB2406} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001UA => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {7A00E54B-2E2F-46E3-91F4-897B05EDB75B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {A3ED5BFD-5EB9-4538-9D0A-90D4F29D17E7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {A9D09BB0-DAE7-47A0-8CEC-2DAA6874BCB0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {B53498BC-A5F7-4DED-A490-25AF73409A43} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-08-13] (Intel)
Task: {B633137E-EF1A-4BE5-9AFC-6986F6A8DBC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D04CDC14-EA6A-40AF-847F-FE41F5846A5F} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001Core.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001UA.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d001aaea758086.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d042b0f7740a83.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-03-16 11:20 - 2016-03-16 11:20 - 00052912 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-05-29 06:45 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2015-01-26 18:29 - 2015-01-26 18:29 - 00113664 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\lzo2.dll
2015-01-26 18:29 - 2015-01-26 18:29 - 01034752 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\libxml2.dll
2016-07-17 11:47 - 2016-07-17 11:47 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\5cc2cf6e9f5e45736eb5075f8c0329a2\PSIClient.ni.dll
2013-05-29 06:31 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Temp:AD022376 [125]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2016-02-07 16:17 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\StartupFolder: => "PrivateTunnel.lnk"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "Smart Update"
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\StartupApproved\Run: => "Skype"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{2CB2A4ED-B51B-4DFD-B9BE-713486DF5046}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [UDP Query User{3470FDDA-E8C0-4B64-B071-01CB6EB470B6}C:\users\user\videos\verschiedene dateien\microsoft.toolkit.v2.4.5\microsoft toolkit.exe] => C:\users\user\videos\verschiedene dateien\microsoft.toolkit.v2.4.5\microsoft toolkit.exe
FirewallRules: [TCP Query User{8DCBC302-FDF5-400A-BD94-CC121DEB4B98}C:\users\user\videos\verschiedene dateien\microsoft.toolkit.v2.4.5\microsoft toolkit.exe] => C:\users\user\videos\verschiedene dateien\microsoft.toolkit.v2.4.5\microsoft toolkit.exe
FirewallRules: [UDP Query User{8E294404-07D9-4560-976C-116484006948}C:\users\user\appdata\local\temp\rarsfx1\bie_kms.exe] => C:\users\user\appdata\local\temp\rarsfx1\bie_kms.exe
FirewallRules: [TCP Query User{F3A413B2-7FE6-4631-B142-6345380951C6}C:\users\user\appdata\local\temp\rarsfx1\bie_kms.exe] => C:\users\user\appdata\local\temp\rarsfx1\bie_kms.exe
FirewallRules: [{85C48FC8-4EF1-4E9A-BBAF-66A0AD15EBA4}] => C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{08FCB043-8794-44E8-BEE3-7D6B2F853478}] => C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{B338BACE-2989-469B-AC27-813CA7C9866C}C:\users\user\appdata\local\temp\rarsfx0\bie_kms.exe] => C:\users\user\appdata\local\temp\rarsfx0\bie_kms.exe
FirewallRules: [TCP Query User{C3EDB401-6616-446D-8509-CD9E495A9217}C:\users\user\appdata\local\temp\rarsfx0\bie_kms.exe] => C:\users\user\appdata\local\temp\rarsfx0\bie_kms.exe
FirewallRules: [UDP Query User{1D80F0CD-CAE7-456F-9301-1D60FCD4A93B}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [TCP Query User{925EB48B-468C-4F0B-B3F7-4536392679F1}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [{8AB9F1BA-9F6E-4D3C-9DAE-B4FACC026426}] => C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C6DC0735-3082-4684-8F53-90F274FF9E17}] => C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0561741A-FD1C-4E3A-B4D4-6D175E9944DD}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CEF71AF0-42FE-4FCC-9B56-ABD2B7C82C48}] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{709AE15F-11E0-4593-BE57-0ADE7DA13666}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{73D03D39-EFE4-4CF6-BBE0-68B45DD5D2C2}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [TCP Query User{25F746E9-4161-445B-AE56-733C879C8948}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{FA6DB062-4B90-4DD0-9C5F-A182FCE42693}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{8A4FCC4E-EB73-4D7D-AB7B-E7B4AF284CF9}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6F94A576-8D06-4AFC-96DC-382D1BE1EE79}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{731806F7-B5F8-4BAA-A085-A38CE1ABC851}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CFA33571-2DE4-49D0-AC04-99CB1FD0A2C0}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D95582E7-6446-443F-819B-F3A8D4F43BA3}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6C64DCBF-C09C-4270-BAEC-298C5E2407BA}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{48863F50-98E6-4BBE-9975-BB0D8AEAFD01}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D7AE42B-7551-401E-BEC9-4E7894CD259E}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{64720FDC-E8E4-481B-B05D-66437B455F5A}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B5E23924-A6B5-4ABA-91C4-ED92B4F5C959}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F2B1FFE6-449F-4B16-A01A-772AE6497404}] => C:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales 2\Windows\BouT2.exe
FirewallRules: [{37C601B5-A6CD-4690-B6E2-2B64AE869B65}] => C:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales 2\Windows\BouT2.exe
FirewallRules: [{6EC84F94-7877-4132-8449-B75D1A103398}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B798D52D-9FB5-41F1-AF28-709428829D18}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{758A37CB-A743-462D-8EA9-89F6AE9E1BDE}] => C:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales 2\Windows\BouT2.exe
FirewallRules: [{62DDAAE0-49BC-4648-A417-F730CAAAE4C4}] => C:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales 2\Windows\BouT2.exe
FirewallRules: [TCP Query User{55E03C55-2BFF-4816-B134-467D5B5E2026}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{53DCDD63-2058-48BF-9974-17AFC74C2E07}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5C8447EC-4A5D-46E6-B149-FC7A144B41F7}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D977C42C-18DE-40BA-8B04-8F2229CD8F41}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Wiederherstellungspunkte =========================
17-11-2016 19:42:50 Windows Update
03-12-2016 21:39:47 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/12/2016 12:16:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SynTPEnh.exe, Version: 16.2.10.15, Zeitstempel: 0x503e389a
Name des fehlerhaften Moduls: SynTPEnh.exe, Version: 16.2.10.15, Zeitstempel: 0x503e389a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000009d6f4
ID des fehlerhaften Prozesses: 0x60c
Startzeit der fehlerhaften Anwendung: 0x01d2545ccc0805d4
Pfad der fehlerhaften Anwendung: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Berichtskennung: 657edf75-c05c-11e6-bf82-089e012cf948
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/11/2016 09:37:34 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/11/2016 09:37:33 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/11/2016 09:37:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (12/11/2016 09:36:23 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Error: (12/11/2016 09:36:22 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (12/11/2016 09:36:21 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Error: (12/11/2016 06:39:44 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/11/2016 06:39:42 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/11/2016 06:37:32 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Systemfehler:
=============
Error: (12/12/2016 10:57:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Microsoft.BingMaps
Error: (12/12/2016 10:47:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst KSDE1.0.0 erreicht.
Error: (12/11/2016 09:38:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (12/11/2016 09:36:34 PM) (Source: DCOM) (EventID: 10010) (User: IDEA-PC)
Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/11/2016 09:36:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
Die digitale Signatur dieser Datei kann nicht überprüft werden. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um böswillige Software aus einer unbekannten Quelle handelt, installiert.
Error: (12/11/2016 09:34:59 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/11/2016 09:33:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann den angegebenen Pfad nicht finden.
Error: (12/11/2016 09:32:52 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (12/11/2016 09:30:47 PM) (Source: KLIF) (EventID: 0) (User: )
Description: Event-ID 0
Error: (12/11/2016 09:30:47 PM) (Source: KLIF) (EventID: 0) (User: )
Description: Event-ID 0
CodeIntegrity:
===================================
Date: 2016-12-11 21:36:16.998
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-11 18:37:30.604
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-09 21:05:57.061
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-08 21:52:35.405
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-07 21:01:23.461
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-05 08:25:47.326
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-05 08:09:45.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-04 19:59:47.382
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-24 04:54:35.725
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-21 22:39:10.727
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Prozentuale Nutzung des RAM: 56%
Installierter physikalischer RAM: 3954.72 MB
Verfügbarer physikalischer RAM: 1722.42 MB
Summe virtueller Speicher: 7922.72 MB
Verfügbarer virtueller Speicher: 5084.48 MB
==================== Laufwerke ================================
Drive c: (Windows8_OS) (Fixed) (Total:417.99 GB) (Free:191.2 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:18.85 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 22.4 GB) (Disk ID: E3B041A2)
Partition: GPT.
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: E3B041A1)
Partition: GPT.
==================== Ende von Addition.txt ============================
Geändert von cosinus (14.12.2016 um 16:44 Uhr) Grund: CODE-Tags |
|
13.12.2016, 11:49
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.Win32.Generic - Entdeckt und desinfiziert durch KasperskyZitat:
  Lesestoff:Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ |
|
14.12.2016, 16:26
| #3 |
| | Trojan.Win32.Generic - Entdeckt und desinfiziert durch Kaspersky Ok, deinstalliert.
__________________Entschuldige bitte. FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
durchgeführt von User (Administrator) auf IDEA-PC (14-12-2016 16:07:36)
Gestartet von C:\Users\User\Downloads
Geladene Profile: User (Verfügbare Profile: User & Bernd & Administrator)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptcore.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\wmi64.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Lenovo\iMController\AutoUpdate.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-29] (Alcor Micro Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-29] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-05-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-05-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe [1706576 2012-07-23] (Lenovo)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998088 2015-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [OfficeSyncProcess] => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [Dropbox Update] => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\MountPoints2: {0871a019-6dd7-11e4-be9d-84a6c8643f47} - "E:\IronKey.exe"
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk [2015-04-16]
ShortcutTarget: PrivateTunnel.lnk -> C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\PrivateTunnel.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-07-26]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{02588863-A3D3-4E9A-B006-C06DDEB9CAED}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5D5EB5BF-6C15-48C3-9169-6F5D07611D78}: [DhcpNameServer] 10.9.0.1 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => Keine Datei
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6khcpd89.default-1462037983612 [2016-12-14]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6khcpd89.default-1462037983612\user.js [2016-05-01]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6khcpd89.default-1462037983612\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-11]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2014-04-24] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-08-13] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 Lenovo Smart Update Service; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [66640 2012-07-18] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 ptservice; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe [17816 2015-01-29] (OpenVPN Technologies, Inc)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-08-13] (Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [435032 2016-12-11] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-11] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-11] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-11] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 LAD; C:\WINDOWS\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: <Company name>)
R1 NEOFLTR_7117_28099; C:\WINDOWS\system32\Drivers\NEOFLTR_7117_28099.SYS [99632 2013-11-22] (Juniper Networks)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew00.sys [3349984 2014-02-25] (Intel Corporation)
R3 ptun0901; C:\WINDOWS\system32\DRIVERS\ptun0901.sys [27136 2014-04-24] (The OpenVPN Project)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [204184 2014-03-04] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [975104 2012-08-23] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 klids; \??\C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-12-12 13:04 - 2016-12-12 13:07 - 00042065 _____ C:\Users\User\Downloads\Addition.txt
2016-12-12 13:01 - 2016-12-14 16:07 - 00024762 _____ C:\Users\User\Downloads\FRST.txt
2016-12-12 13:01 - 2016-12-14 16:07 - 00000000 ____D C:\FRST
2016-12-12 13:00 - 2016-12-12 13:01 - 02420224 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-12-11 18:39 - 2016-12-11 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-12-11 18:39 - 2016-12-11 01:34 - 00002229 _____ C:\Users\Public\Desktop\Sicherer Zahlungsverkehr.lnk
2016-12-11 18:39 - 2016-12-11 01:34 - 00002167 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-12-11 18:23 - 2016-12-11 18:23 - 00000904 _____ C:\Users\User\Desktop\jdw Kasp 11_12_16.txt
2016-12-11 01:38 - 2016-12-11 21:30 - 00001427 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2016-12-11 01:38 - 2016-12-11 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-12-11 01:35 - 2016-12-11 21:23 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-05 08:15 - 2016-12-05 08:16 - 03968464 _____ C:\Users\User\Downloads\adwcleaner_6.040.exe
2016-12-04 23:01 - 2016-12-04 23:01 - 00310728 _____ C:\WINDOWS\Minidump\120416-23921-01.dmp
2016-12-01 21:17 - 2016-12-01 21:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-27 11:50 - 2016-11-27 11:50 - 00441629 _____ C:\Users\User\Desktop\FLT_CSO1OK57129_0.pdf
2016-11-19 10:27 - 2016-12-14 01:02 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2016-11-18 21:45 - 2016-12-02 19:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-12-14 16:09 - 2015-08-26 18:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-14 16:08 - 2013-11-24 11:23 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1705235364-331925899-3810876140-1001
2016-12-14 16:07 - 2016-02-13 15:13 - 00000000 ___RD C:\Users\User\OneDrive
2016-12-14 16:03 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-14 16:02 - 2013-08-22 15:44 - 00477704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-14 15:58 - 2013-12-01 19:56 - 00000000 ____D C:\Program Files\Microsoft Office
2016-12-14 15:58 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-14 15:56 - 2014-08-27 22:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-12-14 15:53 - 2014-03-18 10:40 - 00000000 ____D C:\WINDOWS\ShellNew
2016-12-14 15:52 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2016-12-14 15:52 - 2012-07-26 06:26 - 00000112 _____ C:\WINDOWS\win.ini
2016-12-14 15:46 - 2013-12-02 21:46 - 00000000 ____D C:\ProgramData\Adobe
2016-12-14 15:46 - 2013-12-02 21:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-14 15:16 - 2016-11-05 21:00 - 00001236 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001UA.job
2016-12-14 15:13 - 2013-11-27 22:20 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-14 15:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-14 14:59 - 2014-03-18 11:03 - 01564806 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-14 14:59 - 2014-03-18 10:25 - 00661900 _____ C:\WINDOWS\system32\perfh007.dat
2016-12-14 14:59 - 2014-03-18 10:25 - 00135098 _____ C:\WINDOWS\system32\perfc007.dat
2016-12-14 14:59 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-12-14 01:03 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-12-13 23:42 - 2015-02-02 20:39 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2016-12-13 21:40 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-13 21:16 - 2015-09-30 09:27 - 00001184 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001Core.job
2016-12-13 18:03 - 2013-09-26 19:31 - 00000000 ____D C:\Users\User\Documents\Auto
2016-12-12 12:29 - 2014-01-01 19:37 - 00000000 ____D C:\Users\User\Documents\Wohnung
2016-12-12 12:16 - 2016-03-30 11:51 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-12-11 21:28 - 2016-07-28 19:56 - 01019616 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-12-11 21:28 - 2016-06-20 23:41 - 00057424 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2016-12-11 21:28 - 2015-12-03 10:12 - 00134880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2016-12-11 21:27 - 2016-06-20 17:54 - 00435032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-12-11 18:39 - 2015-08-26 18:35 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-12-11 18:20 - 2013-11-24 12:00 - 00000000 ____D C:\Users\User\AppData\Local\JDownloader v2.0
2016-12-11 01:34 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-12-11 01:33 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-12-07 22:06 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-05 08:21 - 2016-07-15 21:55 - 00000000 ____D C:\AdwCleaner
2016-12-04 23:01 - 2013-11-24 11:14 - 824054486 _____ C:\WINDOWS\MEMORY.DMP
2016-12-03 23:26 - 2014-08-30 22:38 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-03 20:38 - 2015-03-19 14:28 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-02 18:30 - 2013-06-07 09:08 - 03947520 ___SH C:\Users\User\Desktop\Thumbs.db
2016-12-01 21:17 - 2013-12-08 13:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2016-12-01 21:11 - 2016-11-05 21:00 - 00004180 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001UA
2016-12-01 21:11 - 2016-11-05 21:00 - 00003800 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001Core
2016-11-20 17:54 - 2014-12-27 09:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-19 11:25 - 2014-03-11 21:18 - 00000000 ____D C:\Users\User\Documents\Beruf
2016-11-19 11:25 - 2013-06-17 10:30 - 00000000 ____D C:\Users\User\Documents\Uni
2016-11-17 23:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2016-11-17 20:04 - 2013-11-24 15:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-17 19:46 - 2013-11-24 15:40 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-11-22 22:15 - 2013-11-24 11:27 - 0002004 _____ () C:\Users\User\AppData\Roaming\AbsoluteReminder.xml
2014-09-21 10:12 - 2014-09-21 10:12 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-03 13:05 - 2014-08-03 13:10 - 0037691 _____ () C:\Users\User\AppData\Local\WiDiSetupLog.20140803.140526.wdl
2013-05-29 06:47 - 2013-05-29 06:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\User\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\User\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\User\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\User\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\User\AppData\Local\Temp\proxy_vole7142710015461310899.dll
C:\Users\User\AppData\Local\Temp\vlc-2.2.4-win32.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-12-13 21:15
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 07-12-2016
durchgeführt von User (14-12-2016 16:10:54)
Gestartet von C:\Users\User\Downloads
Windows 8.1 (Update) (X64) (2014-08-27 21:38:25)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1705235364-331925899-3810876140-500 - Administrator - Disabled) => C:\Users\Administrator
Bernd (S-1-5-21-1705235364-331925899-3810876140-1021 - Administrator - Enabled) => C:\Users\Bernd
Gast (S-1-5-21-1705235364-331925899-3810876140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1705235364-331925899-3810876140-1003 - Limited - Enabled)
User (S-1-5-21-1705235364-331925899-3810876140-1001 - Administrator - Enabled) => C:\Users\User
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.2.3042.61510 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.2.3042.61510 - Alcor Micro Corp.) Hidden
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
calibre 64bit (HKLM\...\{022ED169-3871-4D3E-963E-322226C5F455}) (Version: 2.13.0 - Kovid Goyal)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{9C798E99-094E-4289-A6C8-1D5EE63AFFE3}) (Version: 4.2.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Juniper Networks Host Checker (HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Neoteris_Host_Checker) (Version: 7.1.17.28099 - Juniper Networks)
Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 7.1.17.28099 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Juniper_Setup_Client) (Version: 7.1.17.41283 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo MediaShow6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.4019 - CyberLink Corp.)
Lenovo MediaShow6 (x32 Version: 6.0.4019 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.5.75 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 de)) (Version: 50.0 - Mozilla)
Mozilla Firefox 50.0.2 (x86 de) (HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Mozilla Firefox 50.0.2 (x86 de)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
myphotobook.de (x32 Version: 1.6.0 - myphotobook GmbH) Hidden
Plex Media Server (HKLM-x32\...\{9eb61479-6f2f-43c4-bfe8-12a7ea9d1acb}) (Version: 0.9.914 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.914 - Plex, Inc.) Hidden
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.4.2.4 - OpenVPN Technologies)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.15 - Synaptics Incorporated)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Lenovo Corporation (LAD) System (06/08/2012 1.0.0.3) (HKLM\...\C48768A2A32F4649238F7DCF737A260911895FDE) (Version: 06/08/2012 1.0.0.3 - Lenovo Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 5.40 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.3 - win.rar GmbH)
WISO Steuer 2014 (HKLM-x32\...\{90FBD066-7FAB-4698-AF88-E136F62CA853}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO steuer:Start 2015 (HKLM-x32\...\{2228393B-63AA-43F7-9D61-760AA6540529}) (Version: 22.00.8811 - Buhl Data Service GmbH)
WISO steuer:Start 2016 (HKLM-x32\...\{05FBB017-9FB8-4CDD-9569-EA85C263E4E2}) (Version: 23.00.1146 - Buhl Data Service GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01763BFF-E7F9-43D7-96F6-1EEFD6C43290} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001Core => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {09F5DE1B-3F48-4516-B8CA-2AF2A10D282A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {0CBA7208-89B1-41F0-8E7D-47DBB48B6C3D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {21942AF5-9839-4D23-BA8D-9363DEC591FC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-18] (Lenovo)
Task: {4AC36279-3B9C-401B-9EF3-FE1982F4E670} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {740E76F3-EFAB-4C75-B6FB-597383EB2406} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001UA => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {7A00E54B-2E2F-46E3-91F4-897B05EDB75B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {A3ED5BFD-5EB9-4538-9D0A-90D4F29D17E7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {A9D09BB0-DAE7-47A0-8CEC-2DAA6874BCB0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {B53498BC-A5F7-4DED-A490-25AF73409A43} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-08-13] (Intel)
Task: {B633137E-EF1A-4BE5-9AFC-6986F6A8DBC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D04CDC14-EA6A-40AF-847F-FE41F5846A5F} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001Core.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001UA.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d001aaea758086.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d042b0f7740a83.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-03-16 11:20 - 2016-03-16 11:20 - 00052912 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-12-14 15:28 - 2015-12-14 15:28 - 00078808 _____ () C:\Program Files\Lenovo\iMController\AutoUpdate.exe
2013-05-29 06:45 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2015-01-26 18:29 - 2015-01-26 18:29 - 00113664 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\lzo2.dll
2015-01-26 18:29 - 2015-01-26 18:29 - 01034752 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\libxml2.dll
2016-08-12 17:38 - 2016-08-12 17:38 - 00042720 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32api.pyd
2016-08-12 17:38 - 2016-08-12 17:38 - 00060640 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\pywintypes27.dll
2016-08-12 17:38 - 2016-08-12 17:38 - 00126688 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\pythoncom27.dll
2016-07-17 11:47 - 2016-07-17 11:47 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\5cc2cf6e9f5e45736eb5075f8c0329a2\PSIClient.ni.dll
2013-05-29 06:31 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Temp:AD022376 [125]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2016-02-07 16:17 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\StartupFolder: => "PrivateTunnel.lnk"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "Smart Update"
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\StartupApproved\Run: => "Skype"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{2CB2A4ED-B51B-4DFD-B9BE-713486DF5046}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [UDP Query User{3470FDDA-E8C0-4B64-B071-01CB6EB470B6}C:\users\user\videos\verschiedene dateien\microsoft.toolkit.v2.4.5\microsoft toolkit.exe] => C:\users\user\videos\verschiedene dateien\microsoft.toolkit.v2.4.5\microsoft toolkit.exe
FirewallRules: [TCP Query User{8DCBC302-FDF5-400A-BD94-CC121DEB4B98}C:\users\user\videos\verschiedene dateien\microsoft.toolkit.v2.4.5\microsoft toolkit.exe] => C:\users\user\videos\verschiedene dateien\microsoft.toolkit.v2.4.5\microsoft toolkit.exe
FirewallRules: [UDP Query User{8E294404-07D9-4560-976C-116484006948}C:\users\user\appdata\local\temp\rarsfx1\bie_kms.exe] => C:\users\user\appdata\local\temp\rarsfx1\bie_kms.exe
FirewallRules: [TCP Query User{F3A413B2-7FE6-4631-B142-6345380951C6}C:\users\user\appdata\local\temp\rarsfx1\bie_kms.exe] => C:\users\user\appdata\local\temp\rarsfx1\bie_kms.exe
FirewallRules: [{85C48FC8-4EF1-4E9A-BBAF-66A0AD15EBA4}] => C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{08FCB043-8794-44E8-BEE3-7D6B2F853478}] => C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{B338BACE-2989-469B-AC27-813CA7C9866C}C:\users\user\appdata\local\temp\rarsfx0\bie_kms.exe] => C:\users\user\appdata\local\temp\rarsfx0\bie_kms.exe
FirewallRules: [TCP Query User{C3EDB401-6616-446D-8509-CD9E495A9217}C:\users\user\appdata\local\temp\rarsfx0\bie_kms.exe] => C:\users\user\appdata\local\temp\rarsfx0\bie_kms.exe
FirewallRules: [UDP Query User{1D80F0CD-CAE7-456F-9301-1D60FCD4A93B}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [TCP Query User{925EB48B-468C-4F0B-B3F7-4536392679F1}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [{8AB9F1BA-9F6E-4D3C-9DAE-B4FACC026426}] => C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C6DC0735-3082-4684-8F53-90F274FF9E17}] => C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0561741A-FD1C-4E3A-B4D4-6D175E9944DD}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CEF71AF0-42FE-4FCC-9B56-ABD2B7C82C48}] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{709AE15F-11E0-4593-BE57-0ADE7DA13666}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{73D03D39-EFE4-4CF6-BBE0-68B45DD5D2C2}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [TCP Query User{25F746E9-4161-445B-AE56-733C879C8948}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{FA6DB062-4B90-4DD0-9C5F-A182FCE42693}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{8A4FCC4E-EB73-4D7D-AB7B-E7B4AF284CF9}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6F94A576-8D06-4AFC-96DC-382D1BE1EE79}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{731806F7-B5F8-4BAA-A085-A38CE1ABC851}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CFA33571-2DE4-49D0-AC04-99CB1FD0A2C0}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D95582E7-6446-443F-819B-F3A8D4F43BA3}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6C64DCBF-C09C-4270-BAEC-298C5E2407BA}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{48863F50-98E6-4BBE-9975-BB0D8AEAFD01}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D7AE42B-7551-401E-BEC9-4E7894CD259E}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{64720FDC-E8E4-481B-B05D-66437B455F5A}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B5E23924-A6B5-4ABA-91C4-ED92B4F5C959}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F2B1FFE6-449F-4B16-A01A-772AE6497404}] => C:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales 2\Windows\BouT2.exe
FirewallRules: [{37C601B5-A6CD-4690-B6E2-2B64AE869B65}] => C:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales 2\Windows\BouT2.exe
FirewallRules: [{6EC84F94-7877-4132-8449-B75D1A103398}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B798D52D-9FB5-41F1-AF28-709428829D18}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{758A37CB-A743-462D-8EA9-89F6AE9E1BDE}] => C:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales 2\Windows\BouT2.exe
FirewallRules: [{62DDAAE0-49BC-4648-A417-F730CAAAE4C4}] => C:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales 2\Windows\BouT2.exe
FirewallRules: [TCP Query User{55E03C55-2BFF-4816-B134-467D5B5E2026}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{53DCDD63-2058-48BF-9974-17AFC74C2E07}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5C8447EC-4A5D-46E6-B149-FC7A144B41F7}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D977C42C-18DE-40BA-8B04-8F2229CD8F41}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Wiederherstellungspunkte =========================
17-11-2016 19:42:50 Windows Update
03-12-2016 21:39:47 Geplanter Prüfpunkt
13-12-2016 21:34:02 Geplanter Prüfpunkt
14-12-2016 15:42:24 Removed Adobe Acrobat XI Pro.
14-12-2016 15:48:05 Removed Microsoft Office Professional Plus 2010
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/14/2016 04:11:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1104
Startzeit: 01d2561baecea6fc
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\backgroundTaskHost.exe
Berichts-ID: a166ad9f-c20f-11e6-bf84-089e012cf948
Vollständiger Name des fehlerhaften Pakets: E046963F.LenovoCompanion_2.2.26.0_x86__k1h2ywk1493x8
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (12/14/2016 04:11:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 10fc
Startzeit: 01d2561baecea6fc
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\backgroundTaskHost.exe
Berichts-ID: a166868f-c20f-11e6-bf84-089e012cf948
Vollständiger Name des fehlerhaften Pakets: E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (12/14/2016 04:08:01 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/14/2016 04:07:58 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/14/2016 04:06:28 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Error: (12/14/2016 04:06:27 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (12/14/2016 04:06:27 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Error: (12/14/2016 03:50:12 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/14/2016 03:50:12 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/14/2016 03:46:32 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Systemfehler:
=============
Error: (12/14/2016 04:09:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (12/14/2016 04:07:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (12/14/2016 04:07:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error: (12/14/2016 04:06:41 PM) (Source: DCOM) (EventID: 10010) (User: IDEA-PC)
Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/14/2016 04:06:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
Die digitale Signatur dieser Datei kann nicht überprüft werden. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um böswillige Software aus einer unbekannten Quelle handelt, installiert.
Error: (12/14/2016 04:05:25 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/14/2016 04:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann den angegebenen Pfad nicht finden.
Error: (12/14/2016 04:03:25 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (12/14/2016 02:58:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Microsoft.BingMaps
Error: (12/14/2016 02:49:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
CodeIntegrity:
===================================
Date: 2016-12-14 16:06:25.716
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-14 14:47:00.502
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-11 21:36:16.998
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-11 18:37:30.604
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-09 21:05:57.061
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-08 21:52:35.405
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-07 21:01:23.461
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-05 08:25:47.326
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-05 08:09:45.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-04 19:59:47.382
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Prozentuale Nutzung des RAM: 50%
Installierter physikalischer RAM: 3954.72 MB
Verfügbarer physikalischer RAM: 1938.63 MB
Summe virtueller Speicher: 7922.72 MB
Verfügbarer virtueller Speicher: 5836.05 MB
==================== Laufwerke ================================
Drive c: (Windows8_OS) (Fixed) (Total:417.99 GB) (Free:199.21 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:18.69 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 22.4 GB) (Disk ID: E3B041A2)
Partition: GPT.
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: E3B041A1)
Partition: GPT.
==================== Ende von Addition.txt ============================
Geändert von cosinus (14.12.2016 um 16:42 Uhr) Grund: CODE-Tags |
|
14.12.2016, 16:42
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Generic - Entdeckt und desinfiziert durch Kaspersky 1. Schritt: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers 2. Schritt: Kaspersky TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.12.2016, 19:20
| #5 |
| | Malwarebytes Anti Rootkit Ok. Bei beiden nichts gefunden. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.12.14.10
rootkit: v2016.11.20.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18525
User :: IDEA-PC [administrator]
14.12.2016 17:19:27
mbar-log-2016-12-14 (17-19-27).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 418384
Time elapsed: 1 hour(s), 19 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 18:42:47.0780 0x0e98 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
18:42:47.0780 0x0e98 UEFI system
18:42:51.0740 0x0e98 ============================================================
18:42:51.0741 0x0e98 Current date / time: 2016/12/14 18:42:51.0740
18:42:51.0741 0x0e98 SystemInfo:
18:42:51.0741 0x0e98
18:42:51.0741 0x0e98 OS Version: 6.3.9600 ServicePack: 0.0
18:42:51.0741 0x0e98 Product type: Workstation
18:42:51.0741 0x0e98 ComputerName: IDEA-PC
18:42:51.0741 0x0e98 UserName: User
18:42:51.0741 0x0e98 Windows directory: C:\WINDOWS
18:42:51.0741 0x0e98 System windows directory: C:\WINDOWS
18:42:51.0741 0x0e98 Running under WOW64
18:42:51.0742 0x0e98 Processor architecture: Intel x64
18:42:51.0742 0x0e98 Number of processors: 4
18:42:51.0742 0x0e98 Page size: 0x1000
18:42:51.0742 0x0e98 Boot type: Normal boot
18:42:51.0742 0x0e98 CodeIntegrityOptions = 0x00000001
18:42:51.0742 0x0e98 ============================================================
18:42:52.0646 0x0e98 KLMD registered as C:\WINDOWS\system32\drivers\34290621.sys
18:42:52.0646 0x0e98 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.18505, osProperties = 0x19
18:42:53.0430 0x0e98 System UUID: {5EAB4688-A770-8FC0-398A-5BABE4960567}
18:42:55.0227 0x0e98 Drive \Device\Harddisk0\DR0 - Size: 0x5976F6000 ( 22.37 Gb ), SectorSize: 0x200, Cylinders: 0xB67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:42:55.0233 0x0e98 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:42:55.0268 0x0e98 ============================================================
18:42:55.0269 0x0e98 \Device\Harddisk0\DR0:
18:42:55.0269 0x0e98 GPT partitions:
18:42:55.0270 0x0e98 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {B8CB5058-C187-4719-BAF0-379CA2D4C97E}, UniqueGUID: {4613EE39-4727-4347-8134-173F590F716F}, Name: HFS, StartLBA 0x1000, BlocksNum 0x24B9800
18:42:55.0270 0x0e98 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {3D69FFA4-4D7E-4CB8-B656-27C65E4C9108}, Name: Basic data partition, StartLBA 0x24BB000, BlocksNum 0x800000
18:42:55.0271 0x0e98 MBR partitions:
18:42:55.0271 0x0e98 \Device\Harddisk1\DR1:
18:42:55.0271 0x0e98 GPT partitions:
18:42:55.0272 0x0e98 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F3F8A552-6E17-48E8-9CB0-0EB98F91D599}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
18:42:55.0272 0x0e98 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {69721D52-1F5E-4EF6-9489-DF2C3AE5EE1A}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
18:42:55.0272 0x0e98 \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {CDF33340-19B3-4551-A478-D039E5A3BEDE}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
18:42:55.0272 0x0e98 \Device\Harddisk1\DR1\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EDABEE49-F55F-449C-B726-8543BDEA4A3A}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
18:42:55.0272 0x0e98 \Device\Harddisk1\DR1\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {86156105-24EF-4A38-96DA-2B35D51E6453}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x343FA800
18:42:55.0272 0x0e98 \Device\Harddisk1\DR1\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5E896CB7-0115-49CB-86F5-7FC2489AD242}, Name: , StartLBA 0x348A5000, BlocksNum 0xE1000
18:42:55.0273 0x0e98 \Device\Harddisk1\DR1\Partition7: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {482FE812-934C-490D-9A51-9C9AA4EF2116}, Name: Basic data partition, StartLBA 0x34986000, BlocksNum 0x3200000
18:42:55.0273 0x0e98 \Device\Harddisk1\DR1\Partition8: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F5327A61-2B5E-4EF6-A132-E1D1B43CC899}, Name: Basic data partition, StartLBA 0x37B86000, BlocksNum 0x2800000
18:42:55.0273 0x0e98 MBR partitions:
18:42:55.0273 0x0e98 ============================================================
18:42:55.0345 0x0e98 C: <-> \Device\Harddisk1\DR1\Partition5
18:42:55.0401 0x0e98 D: <-> \Device\Harddisk1\DR1\Partition7
18:42:55.0432 0x0e98 ============================================================
18:42:55.0432 0x0e98 Initialize success
18:42:55.0432 0x0e98 ============================================================
18:44:28.0159 0x0b58 ============================================================
18:44:28.0159 0x0b58 Scan started
18:44:28.0159 0x0b58 Mode: Manual; SigCheck; TDLFS;
18:44:28.0159 0x0b58 ============================================================
18:44:28.0159 0x0b58 KSN ping started
18:44:28.0284 0x0b58 KSN ping finished: true
18:44:35.0113 0x0b58 ================ Scan system memory ========================
18:44:35.0113 0x0b58 System memory - ok
18:44:35.0113 0x0b58 ================ Scan services =============================
18:44:35.0300 0x0b58 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
18:44:35.0566 0x0b58 1394ohci - ok
18:44:35.0628 0x0b58 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
18:44:35.0659 0x0b58 3ware - ok
18:44:35.0769 0x0b58 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
18:44:35.0847 0x0b58 ACPI - ok
18:44:35.0894 0x0b58 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
18:44:35.0925 0x0b58 acpiex - ok
18:44:35.0941 0x0b58 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
18:44:35.0988 0x0b58 acpipagr - ok
18:44:36.0035 0x0b58 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
18:44:36.0113 0x0b58 AcpiPmi - ok
18:44:36.0128 0x0b58 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
18:44:36.0191 0x0b58 acpitime - ok
18:44:36.0238 0x0b58 [ 3B42D95D20CD2AACDB0564471AE43ED7, BF49568D7060159F61D5F6DE7ECDECCCD1F920A2881544BA83CF420C822F6653 ] ACPIVPC C:\WINDOWS\System32\drivers\AcpiVpc.sys
18:44:36.0285 0x0b58 ACPIVPC - ok
18:44:36.0394 0x0b58 [ A542C712794FB8FBD27E37271C730F36, 8C327BFAC10C7BBD48277D4FEB862D58CA1F22DC10F0632BB8B18CF54A507216 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:44:36.0410 0x0b58 AdobeARMservice - ok
18:44:36.0535 0x0b58 [ B79750091FC0842182FE49D263791294, 32FC260A74C9C45CD1E8998523642C285866378FCD9478FEFD15A0CC42EC0E0B ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:44:36.0581 0x0b58 AdobeFlashPlayerUpdateSvc - ok
18:44:36.0675 0x0b58 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
18:44:36.0769 0x0b58 ADP80XX - ok
18:44:36.0831 0x0b58 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
18:44:36.0894 0x0b58 AeLookupSvc - ok
18:44:36.0988 0x0b58 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD C:\WINDOWS\system32\drivers\afd.sys
18:44:37.0097 0x0b58 AFD - ok
18:44:37.0128 0x0b58 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
18:44:37.0160 0x0b58 agp440 - ok
18:44:37.0238 0x0b58 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
18:44:37.0332 0x0b58 ahcache - ok
18:44:37.0378 0x0b58 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
18:44:37.0441 0x0b58 ALG - ok
18:44:37.0472 0x0b58 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
18:44:37.0550 0x0b58 AmdK8 - ok
18:44:37.0582 0x0b58 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
18:44:37.0628 0x0b58 AmdPPM - ok
18:44:37.0644 0x0b58 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
18:44:37.0675 0x0b58 amdsata - ok
18:44:37.0722 0x0b58 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
18:44:37.0769 0x0b58 amdsbs - ok
18:44:37.0785 0x0b58 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
18:44:37.0816 0x0b58 amdxata - ok
18:44:37.0863 0x0b58 [ 4DE4BE679205B3A712562507AEE75227, 1C40F14A2BFFFB8E9646B57419D9F810A86D0DCD94F9DE9D9851D498F86F343E ] AMPPAL C:\WINDOWS\System32\drivers\AMPPAL.sys
18:44:37.0894 0x0b58 AMPPAL - ok
18:44:37.0910 0x0b58 [ 4DE4BE679205B3A712562507AEE75227, 1C40F14A2BFFFB8E9646B57419D9F810A86D0DCD94F9DE9D9851D498F86F343E ] AMPPALP C:\WINDOWS\system32\DRIVERS\amppal.sys
18:44:37.0941 0x0b58 AMPPALP - ok
18:44:38.0097 0x0b58 [ E307ED976D238B30B247108D1978A377, AF65336156897B0E28F2FA7306CEF2239FA0475C9542181003B44C643F19EC33 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
18:44:38.0160 0x0b58 AMPPALR3 - ok
18:44:38.0191 0x0b58 [ C7BE7FBB9B6BDE11E12A0F204384C1D6, 36A6387B90DFB2488ABF135198F0F9E19EE29F7A521818DF92E64B36A0BE0245 ] AmUStor C:\WINDOWS\system32\drivers\AmUStor.SYS
18:44:38.0222 0x0b58 AmUStor - ok
18:44:38.0269 0x0b58 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
18:44:38.0378 0x0b58 AppID - ok
18:44:38.0410 0x0b58 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
18:44:38.0457 0x0b58 AppIDSvc - ok
18:44:38.0503 0x0b58 [ 734622FBA766DBD65B1803549B24A04A, 3B6872B87A60D4DA265D3B8AB0561A929CFE2C097419183E93D3843422363C89 ] Appinfo C:\WINDOWS\System32\appinfo.dll
18:44:38.0613 0x0b58 Appinfo - ok
18:44:38.0691 0x0b58 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
18:44:38.0769 0x0b58 AppReadiness - ok
18:44:38.0894 0x0b58 [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
18:44:39.0066 0x0b58 AppXSvc - ok
18:44:39.0113 0x0b58 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
18:44:39.0144 0x0b58 arcsas - ok
18:44:39.0175 0x0b58 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
18:44:39.0207 0x0b58 atapi - ok
18:44:39.0238 0x0b58 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
18:44:39.0316 0x0b58 AudioEndpointBuilder - ok
18:44:39.0394 0x0b58 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
18:44:39.0519 0x0b58 Audiosrv - ok
18:44:39.0519 0x0b58 AvastVBoxSvc - ok
18:44:39.0738 0x0b58 [ 03B45C52179E8DAE51A0F685C30D06D6, E06F066B4BFE5344BBF5749B9B8B8CFBA0C02920FD2B9C73BDDA7E34F1785DA7 ] AVP17.0.0 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
18:44:39.0785 0x0b58 AVP17.0.0 - ok
18:44:39.0847 0x0b58 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
18:44:39.0941 0x0b58 AxInstSV - ok
18:44:40.0004 0x0b58 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
18:44:40.0066 0x0b58 b06bdrv - ok
18:44:40.0129 0x0b58 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
18:44:40.0175 0x0b58 BasicDisplay - ok
18:44:40.0191 0x0b58 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
18:44:40.0254 0x0b58 BasicRender - ok
18:44:40.0285 0x0b58 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
18:44:40.0300 0x0b58 bcmfn2 - ok
18:44:40.0379 0x0b58 [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC C:\WINDOWS\System32\bdesvc.dll
18:44:40.0457 0x0b58 BDESVC - ok
18:44:40.0504 0x0b58 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:44:40.0566 0x0b58 Beep - ok
18:44:40.0660 0x0b58 [ 5059D93764340D4EAEDF49C47133118F, 26C5779469E04BEAFD290B619CA355648F3911C66D41B22D2C3DCA909FCA0F6E ] BFE C:\WINDOWS\System32\bfe.dll
18:44:40.0800 0x0b58 BFE - ok
18:44:40.0894 0x0b58 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
18:44:41.0082 0x0b58 BITS - ok
18:44:41.0238 0x0b58 [ 13C358D27CBFAF537FA7CA48B9052CF3, BC6AD061DA6B348774E9B65750C986F43148B78E8F97CCBE9AA99EA7D8759620 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:44:41.0332 0x0b58 Bluetooth Device Monitor - ok
18:44:41.0410 0x0b58 [ 7525C93645FDA8E9D8F677FEA833798A, 9878B88C57119580EF1F5D1DF93C62A3CFFFD0AC4E764D9AC05C727D0D1B2EED ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:44:41.0504 0x0b58 Bluetooth OBEX Service - ok
18:44:41.0551 0x0b58 [ 4938A9236300A356F97E378491EE4844, 60D892960D48EEF48F8EC4DE4F174EBD0BC0E7B28B6D8723D554CD1979EB55B4 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
18:44:41.0660 0x0b58 bowser - ok
18:44:41.0722 0x0b58 [ B88EE070EAF51BA5BF3586145DF9A1F7, 98AFCBF2025EF7116DA55589E5E9C10E164FECB3334A79040B26F83759E9D3CA ] BrcmSetSecurity C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
18:44:41.0754 0x0b58 BrcmSetSecurity - ok
18:44:41.0785 0x0b58 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
18:44:41.0863 0x0b58 BrokerInfrastructure - ok
18:44:41.0941 0x0b58 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
18:44:42.0004 0x0b58 Browser - ok
18:44:42.0097 0x0b58 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
18:44:42.0160 0x0b58 BthAvrcpTg - ok
18:44:42.0207 0x0b58 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
18:44:42.0269 0x0b58 BthEnum - ok
18:44:42.0316 0x0b58 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
18:44:42.0379 0x0b58 BthHFEnum - ok
18:44:42.0426 0x0b58 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
18:44:42.0457 0x0b58 bthhfhid - ok
18:44:42.0566 0x0b58 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
18:44:42.0644 0x0b58 BthHFSrv - ok
18:44:42.0769 0x0b58 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
18:44:42.0863 0x0b58 BthLEEnum - ok
18:44:42.0879 0x0b58 [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
18:44:42.0926 0x0b58 BTHMODEM - ok
18:44:43.0004 0x0b58 [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
18:44:43.0082 0x0b58 BthPan - ok
18:44:43.0379 0x0b58 [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
18:44:43.0519 0x0b58 BTHPORT - ok
18:44:43.0582 0x0b58 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
18:44:43.0707 0x0b58 bthserv - ok
18:44:43.0738 0x0b58 [ D30286FF3C7B6318C024D2BC2955C1BF, 47863D046C94A5C19F7D4E0BA393E6FE1E249C78FAB9B8705F7DD2CD87EAC16C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
18:44:43.0754 0x0b58 BTHSSecurityMgr - ok
18:44:43.0816 0x0b58 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
18:44:43.0879 0x0b58 BTHUSB - ok
18:44:44.0004 0x0b58 [ 7B31A8A9DC95B3634D896FD0F2814F19, 8FD5FBC61968F4BB8C2BAD0D432D5B86DCFED38CCF6F559F9EFB71AADD25474F ] btmhsf C:\WINDOWS\system32\DRIVERS\btmhsf.sys
18:44:44.0176 0x0b58 btmhsf - ok
18:44:44.0207 0x0b58 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
18:44:44.0269 0x0b58 cdfs - ok
18:44:44.0301 0x0b58 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
18:44:44.0347 0x0b58 cdrom - ok
18:44:44.0410 0x0b58 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
18:44:44.0504 0x0b58 CertPropSvc - ok
18:44:44.0566 0x0b58 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
18:44:44.0598 0x0b58 circlass - ok
18:44:44.0676 0x0b58 [ 28D94419E856D61D7686ED942611D15E, AC9ED48AA09B09B854512B35E905C8C4C451B34F59951661367392AF64E8ADE7 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
18:44:44.0738 0x0b58 CLFS - ok
18:44:44.0785 0x0b58 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
18:44:44.0832 0x0b58 CmBatt - ok
18:44:44.0894 0x0b58 [ B29A764A1E76473CD9D64C9438705C19, CD0497EB84DE60E1E491CA495AF981A8DFC4949BB373C1978CAF1BCF4321D30E ] cm_km C:\WINDOWS\system32\DRIVERS\cm_km.sys
18:44:44.0926 0x0b58 cm_km - ok
18:44:45.0019 0x0b58 [ 5CBF8B3E27D824D2AA2A34AFB406F1D0, 955AF1307C02D2B4DEEB150F37F77B8631C0F3C450037C233E9E27D6571B0265 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
18:44:45.0098 0x0b58 CNG - ok
18:44:45.0238 0x0b58 [ 1F925AA990A6A446E8BA926B2D0A5201, F278C272E3F40C37D04935CE19938C4B63A4BC2AA378D0F56C32FE78308D6993 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys
18:44:45.0379 0x0b58 CnxtHdAudService - ok
18:44:45.0426 0x0b58 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
18:44:45.0473 0x0b58 CompositeBus - ok
18:44:45.0473 0x0b58 COMSysApp - ok
18:44:45.0504 0x0b58 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
18:44:45.0551 0x0b58 condrv - ok
18:44:45.0691 0x0b58 [ 15FBADDC84ED202E59A4F1B201CC692C, A50092155B18DAD51049A72503002F08C1BB2DFDA239C4D3555360C163F2F782 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
18:44:45.0738 0x0b58 cphs - ok
18:44:45.0785 0x0b58 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
18:44:45.0863 0x0b58 CryptSvc - ok
18:44:45.0894 0x0b58 [ 48AED45DF009081AF3F5144F7D624674, 4425C15EB9E1177EE5134A33F63DAF7FF876577946DBF1EAD92C5614025113BB ] CxAudMsg C:\WINDOWS\system32\CxAudMsg64.exe
18:44:45.0926 0x0b58 CxAudMsg - ok
18:44:45.0973 0x0b58 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
18:44:46.0004 0x0b58 dam - ok
18:44:46.0098 0x0b58 [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:44:46.0207 0x0b58 DcomLaunch - ok
18:44:46.0316 0x0b58 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
18:44:46.0441 0x0b58 defragsvc - ok
18:44:46.0519 0x0b58 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
18:44:46.0598 0x0b58 DeviceAssociationService - ok
18:44:46.0629 0x0b58 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
18:44:46.0676 0x0b58 DeviceInstall - ok
18:44:46.0738 0x0b58 [ FBFF94FC1FE0699A6BC5ACE270AB9EA1, 7D67E7BE539D9D515A1A6B9282C72114310E874DD1FE51E71F002DBB0E1439FB ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
18:44:46.0801 0x0b58 Dfsc - ok
18:44:46.0863 0x0b58 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
18:44:46.0957 0x0b58 Dhcp - ok
18:44:47.0113 0x0b58 [ 0AC9F83A5508935DE89C447473085EEA, 223782B17BACEFB0A663EB13514B68B919C95EF641CDDA7AC30CB239BC4307EC ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
18:44:47.0316 0x0b58 DiagTrack - ok
18:44:47.0473 0x0b58 [ 8B1E62881D5AC68E673CD94B136B34AC, A0C50F17041E43AC07B67A74F2C408820316201439F47CDEA37A4F5891CC0E6F ] disk C:\WINDOWS\system32\drivers\disk.sys
18:44:47.0520 0x0b58 disk - ok
18:44:47.0551 0x0b58 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
18:44:47.0645 0x0b58 dmvsc - ok
18:44:47.0738 0x0b58 [ 561CBB163EB3C8221D9B1D7D1E5CA477, 4D235E73CC127769A257B31A92180552276EC8DDD991F1106815FADEF385E72D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:44:47.0879 0x0b58 Dnscache - ok
18:44:48.0020 0x0b58 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
18:44:48.0113 0x0b58 dot3svc - ok
18:44:48.0191 0x0b58 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
18:44:48.0270 0x0b58 DPS - ok
18:44:48.0348 0x0b58 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:44:48.0379 0x0b58 drmkaud - ok
18:44:48.0457 0x0b58 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
18:44:48.0520 0x0b58 DsmSvc - ok
18:44:48.0879 0x0b58 [ F74B839FA0F4E6060CA1DA6B8DA17941, EF493E1F55FCD6A8C32B3D5D5809B7EFCCC9829E9A347522D1E6FE080D41BF37 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
18:44:49.0066 0x0b58 DXGKrnl - ok
18:44:49.0145 0x0b58 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
18:44:49.0223 0x0b58 Eaphost - ok
18:44:49.0442 0x0b58 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
18:44:49.0770 0x0b58 ebdrv - ok
18:44:49.0817 0x0b58 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
18:44:49.0848 0x0b58 EFS - ok
18:44:49.0895 0x0b58 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
18:44:49.0926 0x0b58 EhStorClass - ok
18:44:49.0942 0x0b58 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
18:44:49.0988 0x0b58 EhStorTcgDrv - ok
18:44:50.0004 0x0b58 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
18:44:50.0051 0x0b58 ErrDev - ok
18:44:50.0129 0x0b58 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
18:44:50.0270 0x0b58 EventSystem - ok
18:44:50.0363 0x0b58 [ C8559336BB21FF701CBEF14527D7660F, AE8CD6514C0B121B260D9101D76E6225599B832504EB5719FD110E348C9E6682 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:44:50.0426 0x0b58 EvtEng - ok
18:44:50.0488 0x0b58 [ D2EAA04AF43154B62FA85B08BAD0A7CA, B18F09CAD04AD61A1B8DCD3BBC70A82FB50008C147389D3245E39856BA940A87 ] excfs C:\WINDOWS\system32\DRIVERS\excfs.sys
18:44:50.0504 0x0b58 excfs - ok
18:44:50.0520 0x0b58 [ E6082A6C109238A725D83184724C4A36, 66F0D4798C357FFCC5A35E45BE8E5F0A97E7BCF98CFAA1BB2269F6D6B910A0A3 ] excsd C:\WINDOWS\system32\DRIVERS\excsd.sys
18:44:50.0551 0x0b58 excsd - ok
18:44:50.0582 0x0b58 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
18:44:50.0660 0x0b58 exfat - ok
18:44:50.0692 0x0b58 [ 68030FF4B7669E15916910885E2E6160, 324EC07A0135354A5D41ED841919D61C218ECA718DE8A8357B0D2AD0B621777B ] ExpressCache C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
18:44:50.0723 0x0b58 ExpressCache - ok
18:44:50.0754 0x0b58 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
18:44:50.0801 0x0b58 fastfat - ok
18:44:50.0879 0x0b58 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
18:44:50.0988 0x0b58 Fax - ok
18:44:51.0020 0x0b58 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
18:44:51.0067 0x0b58 fdc - ok
18:44:51.0113 0x0b58 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
18:44:51.0160 0x0b58 fdPHost - ok
18:44:51.0176 0x0b58 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
18:44:51.0223 0x0b58 FDResPub - ok
18:44:51.0270 0x0b58 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
18:44:51.0332 0x0b58 fhsvc - ok
18:44:51.0348 0x0b58 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
18:44:51.0395 0x0b58 FileInfo - ok
18:44:51.0426 0x0b58 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
18:44:51.0488 0x0b58 Filetrace - ok
18:44:51.0520 0x0b58 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
18:44:51.0567 0x0b58 flpydisk - ok
18:44:51.0598 0x0b58 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:44:51.0660 0x0b58 FltMgr - ok
18:44:51.0785 0x0b58 [ 1EFEF3B4EF2B241263F0F791EA128598, B6CADC254B0779E43E0D6AB6125A7E7ED8FF50C3158911681BA7B43160A08176 ] FontCache C:\WINDOWS\system32\FntCache.dll
18:44:51.0989 0x0b58 FontCache - ok
18:44:52.0145 0x0b58 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:44:52.0160 0x0b58 FontCache3.0.0.0 - ok
18:44:52.0473 0x0b58 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
18:44:52.0504 0x0b58 FsDepends - ok
18:44:52.0535 0x0b58 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:44:52.0567 0x0b58 Fs_Rec - ok
18:44:52.0645 0x0b58 [ D4AB6EE3D715BC44C00277FD934FAACF, DE8A8B14D7BA73BA1B5A833DE193CA65EDFE512A57D84F4F2CE19D9646D97F4E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
18:44:52.0723 0x0b58 fvevol - ok
18:44:52.0754 0x0b58 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
18:44:52.0785 0x0b58 FxPPM - ok
18:44:52.0817 0x0b58 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
18:44:52.0848 0x0b58 gagp30kx - ok
18:44:52.0895 0x0b58 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
18:44:52.0942 0x0b58 gencounter - ok
18:44:52.0973 0x0b58 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
18:44:53.0020 0x0b58 GPIOClx0101 - ok
18:44:53.0129 0x0b58 [ 9678FD4747A4F2E2318245EE6099482E, C76AE30E8BA77DC330F9CFE5ECEA58FAE0995396742923B564A2257DE24D7B32 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
18:44:53.0301 0x0b58 gpsvc - ok
18:44:53.0332 0x0b58 gupdate - ok
18:44:53.0348 0x0b58 gupdatem - ok
18:44:53.0379 0x0b58 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
18:44:53.0442 0x0b58 HDAudBus - ok
18:44:53.0473 0x0b58 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
18:44:53.0504 0x0b58 HidBatt - ok
18:44:53.0551 0x0b58 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
18:44:53.0614 0x0b58 HidBth - ok
18:44:53.0629 0x0b58 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
18:44:53.0692 0x0b58 hidi2c - ok
18:44:53.0770 0x0b58 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
18:44:53.0817 0x0b58 HidIr - ok
18:44:53.0864 0x0b58 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
18:44:53.0957 0x0b58 hidserv - ok
18:44:54.0020 0x0b58 [ 49676FEC898AB2A11B157F848269A56E, 011E6DDEF9570212520F92FEFD205E1F8104F198B57C40D11BE857FCBCC5F68D ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
18:44:54.0067 0x0b58 HidUsb - ok
18:44:54.0114 0x0b58 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
18:44:54.0192 0x0b58 hkmsvc - ok
18:44:54.0254 0x0b58 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
18:44:54.0317 0x0b58 HomeGroupListener - ok
18:44:54.0348 0x0b58 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
18:44:54.0426 0x0b58 HomeGroupProvider - ok
18:44:54.0457 0x0b58 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
18:44:54.0489 0x0b58 HpSAMD - ok
18:44:54.0598 0x0b58 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
18:44:54.0707 0x0b58 HTTP - ok
18:44:54.0754 0x0b58 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
18:44:54.0770 0x0b58 hwpolicy - ok
18:44:54.0801 0x0b58 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
18:44:54.0848 0x0b58 hyperkbd - ok
18:44:54.0879 0x0b58 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
18:44:54.0911 0x0b58 HyperVideo - ok
18:44:54.0957 0x0b58 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
18:44:55.0020 0x0b58 i8042prt - ok
18:44:55.0051 0x0b58 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
18:44:55.0067 0x0b58 iaLPSSi_GPIO - ok
18:44:55.0098 0x0b58 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
18:44:55.0129 0x0b58 iaLPSSi_I2C - ok
18:44:55.0239 0x0b58 [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
18:44:55.0286 0x0b58 iaStorA - ok
18:44:55.0364 0x0b58 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
18:44:55.0426 0x0b58 iaStorAV - ok
18:44:55.0536 0x0b58 [ 584068E03829BC5C63F54B05E6244E97, C075E8A4853C0DE09A9BF846338F9C8997FE7ACD604B4EC02AA89F0DAA1D985B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:44:55.0551 0x0b58 IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic ( 1 )
18:44:55.0645 0x0b58 Detect skipped due to KSN trusted
18:44:55.0645 0x0b58 IAStorDataMgrSvc - ok
18:44:55.0692 0x0b58 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
18:44:55.0754 0x0b58 iaStorV - ok
18:44:55.0801 0x0b58 [ 23E22B130EFE5A225E279467BE146317, 2302C119FE9C57F3A71DFE504489423B6F7140E2DFF5D501883AD971CB671CB4 ] iBtFltCoex C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys
18:44:55.0817 0x0b58 iBtFltCoex - ok
18:44:55.0832 0x0b58 IEEtwCollectorService - ok
18:44:56.0114 0x0b58 [ C38AFE18A40ADF005647090DD3AC24F3, 302810C31B005DD4C9143233AB5B4F332C62AD866A7C7AB0E8F8F81AE1766B11 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
18:44:56.0457 0x0b58 igfx - ok
18:44:56.0504 0x0b58 [ 7A510A9AFC7955DEE63F8DC243E31292, 13906F6212F4C116BE224F2A8AFFF089ACFED8F543E26FC6208FF38463366173 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
18:44:56.0551 0x0b58 igfxCUIService1.0.0.0 - ok
18:44:56.0629 0x0b58 [ 5697FD05EC6915A1E7193D658D8D6E05, 0179C3AF29880AA21F609CB471034EA5FA49324ACCE12736866675C037EBEC7A ] IKEEXT C:\WINDOWS\System32\ikeext.dll
18:44:56.0770 0x0b58 IKEEXT - ok
18:44:56.0801 0x0b58 [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
18:44:56.0833 0x0b58 intaud_WaveExtensible - ok
18:44:56.0879 0x0b58 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
18:44:56.0942 0x0b58 IntcDAud - ok
18:44:57.0067 0x0b58 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:44:57.0114 0x0b58 Intel(R) Capability Licensing Service Interface - ok
18:44:57.0239 0x0b58 [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
18:44:57.0270 0x0b58 Intel(R) ME Service - ok
18:44:57.0301 0x0b58 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
18:44:57.0333 0x0b58 intelide - ok
18:44:57.0364 0x0b58 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
18:44:57.0395 0x0b58 intelpep - ok
18:44:57.0473 0x0b58 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
18:44:57.0520 0x0b58 intelppm - ok
18:44:57.0551 0x0b58 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:44:57.0629 0x0b58 IpFilterDriver - ok
18:44:57.0754 0x0b58 [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
18:44:57.0879 0x0b58 iphlpsvc - ok
18:44:57.0926 0x0b58 [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
18:44:57.0989 0x0b58 IPMIDRV - ok
18:44:58.0051 0x0b58 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
18:44:58.0098 0x0b58 IPNAT - ok
18:44:58.0129 0x0b58 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
18:44:58.0176 0x0b58 IRENUM - ok
18:44:58.0239 0x0b58 [ 4D9B9A794F22415B8C3E0CCFBE61BC7A, 4CF01BC95F0AD7DC42AF8A0FCE032DF00610524A98CF52F531E9DE93137E7B87 ] irstrtdv C:\WINDOWS\System32\drivers\irstrtdv.sys
18:44:58.0254 0x0b58 irstrtdv - ok
18:44:58.0942 0x0b58 [ E145E934392E7A49FDC6775AC3A347F8, 8E5DBC8C34FB3B68851489E0860BA3ACE6CDF46BB5E2AEFD1DEF6E895566068B ] irstrtsv C:\WINDOWS\SysWOW64\irstrtsv.exe
18:44:58.0973 0x0b58 irstrtsv - ok
18:44:59.0005 0x0b58 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
18:44:59.0036 0x0b58 isapnp - ok
18:44:59.0176 0x0b58 [ AD3C1F4BD9167420F04052FDA197CF29, 82B687092DFC50E8885656AF06BFB7559930750F4905BC4DBDA3A5D334A443D1 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
18:44:59.0223 0x0b58 iScsiPrt - ok
18:44:59.0301 0x0b58 [ 622BF9C46A47CF17608C501320E8EFBD, 059F99D4306216324E100FCDAF02093B2CD662F2C6BE8565A4281E7760F8B575 ] iumsvc C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
18:44:59.0380 0x0b58 iumsvc - ok
18:44:59.0426 0x0b58 [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
18:44:59.0458 0x0b58 iwdbus - ok
18:44:59.0520 0x0b58 [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:44:59.0551 0x0b58 jhi_service - ok
18:44:59.0598 0x0b58 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
18:44:59.0630 0x0b58 kbdclass - ok
18:44:59.0645 0x0b58 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
18:44:59.0692 0x0b58 kbdhid - ok
18:44:59.0723 0x0b58 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
18:44:59.0770 0x0b58 kdnic - ok
18:44:59.0833 0x0b58 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
18:44:59.0864 0x0b58 KeyIso - ok
18:44:59.0926 0x0b58 [ 97E3E8F35632EECD0ABD2DE6519A9666, ABE96FDEB1076E380D7FB4975C020B43ED4E821097EFC6AFE8C75D764167D6E8 ] kl1 C:\WINDOWS\system32\DRIVERS\kl1.sys
18:44:59.0989 0x0b58 kl1 - ok
18:45:00.0036 0x0b58 [ B01AD8DA034EE42D4C2282F77FDB03AE, 3FF55F3CEE4A0E5D559F04F5A639297EA0F36580720E94CF9DD56DEBF2E98F39 ] klbackupdisk C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys
18:45:00.0067 0x0b58 klbackupdisk - ok
18:45:00.0098 0x0b58 [ 10549B5BFD9A3DCF4FFA6287236FA959, 6BDFA335A8E3A69425CB23230660D3168CB82911ACB3AAAF85C19263511EAF51 ] klbackupflt C:\WINDOWS\system32\DRIVERS\klbackupflt.sys
18:45:00.0130 0x0b58 klbackupflt - ok
18:45:00.0161 0x0b58 [ 7DAA9047F50BF5A3F8C147719FC520AF, 0740387075AF46DB1E9AEE3B12C65A06EDFE58EADB8B562C36CB1FEFF9905C26 ] kldisk C:\WINDOWS\system32\DRIVERS\kldisk.sys
18:45:00.0192 0x0b58 kldisk - ok
18:45:00.0223 0x0b58 [ 5766A27C85EE813029831D125D2EFB45, BB5BAFD5A58E80C7F0B8D24121352E0386B3422FFC16B56F1D1B1C6A482AC9F0 ] klelam C:\WINDOWS\system32\DRIVERS\klelam.sys
18:45:00.0255 0x0b58 klelam - ok
18:45:00.0301 0x0b58 [ 63FD545876EF4248BE3C8788D8270758, 5FF6529F8D7F94848E68142D8B2CAA446342AF95644C9223E689E303E8AB7336 ] klflt C:\WINDOWS\system32\DRIVERS\klflt.sys
18:45:00.0333 0x0b58 klflt - ok
18:45:00.0395 0x0b58 [ 3524D3B8F5BEF8C01EAF7EEFFA5EAB3F, 0908A6E3E62017F7099900850D58A1B775D808F7DC0951B09781689DF3994DA2 ] klhk C:\WINDOWS\system32\DRIVERS\klhk.sys
18:45:00.0442 0x0b58 klhk - ok
18:45:00.0505 0x0b58 klids - ok
18:45:00.0598 0x0b58 [ 2CE22F21119A089277B067A1B1BDC592, 7CDE229899B6344967098FB03C7C1C360CC3DC2DCC096F8AAC6CC96536FF1AE9 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
18:45:00.0692 0x0b58 KLIF - ok
18:45:00.0723 0x0b58 [ 6357C533C30650361110DBAF59A25DF8, FA8CF6292CCBC7E23527D968E54CD773706CF091E35563B0CF9F8A1DF0B724B9 ] KLIM6 C:\WINDOWS\system32\DRIVERS\klim6.sys
18:45:00.0755 0x0b58 KLIM6 - ok
18:45:00.0786 0x0b58 [ 5480CC93737F48282552C84FA7EBA59B, B7D92424399B647132F6B9409FE75EAA310C984F796FC0B65BBE2EA180110968 ] klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
18:45:00.0817 0x0b58 klkbdflt - ok
18:45:00.0833 0x0b58 [ FD47C92A63B6EADEA830BFA96C06EAEE, C15C39B6FA53CBD01A2F95243845C4B706B4229F8FFB75C7128819B9CEE5B2CB ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
18:45:00.0864 0x0b58 klmouflt - ok
18:45:00.0895 0x0b58 [ 6B0C605591C892CBB683F63EA47822DC, E74C0A0501A1B4B56B417402108521F34DA6A23FCD1C05E4E524E41EBA0906FF ] klpd C:\WINDOWS\system32\DRIVERS\klpd.sys
18:45:00.0926 0x0b58 klpd - ok
18:45:00.0989 0x0b58 [ 828B042A95F055648DA190DF6C7AB1B6, 0457B0EF03BCB4CC1297EB25A25C162937F456BF406EC7B1A5E9A0AA13A9BCD7 ] kltap C:\WINDOWS\system32\DRIVERS\kltap.sys
18:45:01.0020 0x0b58 kltap - ok
18:45:01.0067 0x0b58 [ 4C5305295B51BA72FC9C8CDAB32F95C3, 0E5850AC4CA14D971E7B04FED23CB2F6CEEE2796E905AADA0104677982ECD58A ] klwfp C:\WINDOWS\system32\DRIVERS\klwfp.sys
18:45:01.0098 0x0b58 klwfp - ok
18:45:01.0130 0x0b58 [ EF1AFCADCA485B3846D7A8B71F87509B, C27B579742389ACD8804EC372CBA3C4FDFFB1A8AA6280AE1353BC089E8E34C76 ] Klwtp C:\WINDOWS\system32\DRIVERS\klwtp.sys
18:45:01.0161 0x0b58 Klwtp - ok
18:45:01.0192 0x0b58 [ 67EFD862ACEFCB9687523832C62FA584, B3C9A36C535B706EB19E5C5437705E8C5EC71F45115A2C97E1348462EC2A3922 ] kneps C:\WINDOWS\system32\DRIVERS\kneps.sys
18:45:01.0223 0x0b58 kneps - ok
18:45:01.0395 0x0b58 [ EFF5EA6088DB81C6EF6EDCDA5EE79909, 4D364B0BF012C335FA3B25BDF042D4AF672D961B9B48CB7C5BE34FCFD1D64979 ] KSDE1.0.0 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
18:45:01.0426 0x0b58 KSDE1.0.0 - ok
18:45:01.0489 0x0b58 [ 304DA394D958BC3B62AF6DF514005B01, 8D17777C82F034E800181E82D30FCED800CBC46CD659AE2E0D972CA1381BD4C2 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
18:45:01.0520 0x0b58 KSecDD - ok
18:45:01.0583 0x0b58 [ 3D4AE520CD6F6FFE549DD195C1F515BE, 2AD3E07F504CE50956C391FD4633D20B354A854C940B3563A67B79BB6E40218F ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
18:45:01.0645 0x0b58 KSecPkg - ok
18:45:01.0677 0x0b58 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
18:45:01.0708 0x0b58 ksthunk - ok
18:45:01.0786 0x0b58 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
18:45:01.0848 0x0b58 KtmRm - ok
18:45:01.0880 0x0b58 [ 61959D7B5A83C524909325AE751F19F9, 1D6AC527C36E9986CDE7B852B11DC9DC8DE367CEEDE0AE481B1FB5C6E4F26C26 ] LAD C:\WINDOWS\System32\drivers\LAD.sys
18:45:01.0942 0x0b58 LAD - ok
18:45:02.0005 0x0b58 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
18:45:02.0114 0x0b58 LanmanServer - ok
18:45:02.0192 0x0b58 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
18:45:02.0255 0x0b58 LanmanWorkstation - ok
18:45:02.0364 0x0b58 [ 93138543A4D836E97543BA2B857BDBFF, 23B4C52AFDCA16D5DC49F08FE755B1AF457BEBBE1599EF7B9C310C105639384B ] Lenovo Smart Update Service C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe
18:45:02.0395 0x0b58 Lenovo Smart Update Service - ok
18:45:02.0552 0x0b58 [ 4DC782F7AE5774BA202DB1193D44D09F, 117F4155323F4B6562A4B662BF119D4E216FF12874C4B55EDE2A49CD125B9B58 ] Lenovo System Agent Service C:\Program Files\Lenovo\iMController\SystemAgentService.exe
18:45:02.0614 0x0b58 Lenovo System Agent Service - ok
18:45:02.0692 0x0b58 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
18:45:02.0802 0x0b58 lfsvc - ok
18:45:02.0848 0x0b58 [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr C:\WINDOWS\system32\DRIVERS\LhdX64.sys
18:45:02.0880 0x0b58 LHDmgr - ok
18:45:02.0942 0x0b58 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
18:45:02.0973 0x0b58 lltdio - ok
18:45:03.0083 0x0b58 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
18:45:03.0145 0x0b58 lltdsvc - ok
18:45:03.0192 0x0b58 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
18:45:03.0270 0x0b58 lmhosts - ok
18:45:03.0348 0x0b58 [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:45:03.0380 0x0b58 LMS - ok
18:45:03.0427 0x0b58 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
18:45:03.0473 0x0b58 LSI_SAS - ok
18:45:03.0489 0x0b58 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
18:45:03.0520 0x0b58 LSI_SAS2 - ok
18:45:03.0552 0x0b58 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
18:45:03.0583 0x0b58 LSI_SAS3 - ok
18:45:03.0598 0x0b58 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
18:45:03.0645 0x0b58 LSI_SSS - ok
18:45:03.0739 0x0b58 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
18:45:03.0833 0x0b58 LSM - ok
18:45:03.0864 0x0b58 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
18:45:03.0942 0x0b58 luafv - ok
18:45:03.0989 0x0b58 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
18:45:04.0020 0x0b58 megasas - ok
18:45:04.0067 0x0b58 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
18:45:04.0130 0x0b58 megasr - ok
18:45:04.0177 0x0b58 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
18:45:04.0192 0x0b58 MEIx64 - ok
18:45:04.0239 0x0b58 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
18:45:04.0349 0x0b58 MMCSS - ok
18:45:04.0395 0x0b58 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
18:45:04.0427 0x0b58 Modem - ok
18:45:04.0458 0x0b58 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
18:45:04.0552 0x0b58 monitor - ok
18:45:04.0567 0x0b58 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
18:45:04.0599 0x0b58 mouclass - ok
18:45:04.0645 0x0b58 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
18:45:04.0692 0x0b58 mouhid - ok
18:45:04.0739 0x0b58 [ 24DABC0A77FAFDC0E379AB3B30F61BB6, E66624ABBF1D742879035F9161F9D3713DE7B759B3D3CF8B96C9E397A02FCF82 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
18:45:04.0786 0x0b58 mountmgr - ok
18:45:04.0849 0x0b58 [ E464A0A92E2E354D07DDA713D3E10DE4, D5CF213F03DF54EF9933027A7A7D4413371C1ECBFF61E4DE818D50FA72C8C5FC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:45:04.0880 0x0b58 MozillaMaintenance - ok
18:45:04.0927 0x0b58 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
18:45:05.0036 0x0b58 mpsdrv - ok
18:45:05.0145 0x0b58 [ D1418745A5472F3930A288E05B9E2C05, 95785F0FA7EE239459C0288DB37E9E54648029FD6FE45A61E6343526D67FFA32 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
18:45:05.0255 0x0b58 MpsSvc - ok
18:45:05.0427 0x0b58 [ 3F818C1518DA702C8F10259095C9BDE0, B98C1A6F9A3C01A10503B2B2C45CC89AFF17B346B15990F4DB4820F68BDC62C8 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
18:45:05.0567 0x0b58 MRxDAV - ok
18:45:05.0645 0x0b58 [ 3AF30CEB99E581E2FADA0B5FC4B551D8, 59BDE83C10D6F31E13B81FC317F1DE0E00793FBA288EAF844E29CFA0EB184502 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:45:05.0817 0x0b58 mrxsmb - ok
18:45:05.0927 0x0b58 [ 15D7AF1A26CCEBA32DF21A8E2098F463, 84390806AD3A9651DAB803E9257EEE851B898ED2AB56D8936E8C9F6B41967243 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
18:45:06.0145 0x0b58 mrxsmb10 - ok
18:45:06.0208 0x0b58 [ 0790EEB1EC199F8BE8259E47B373ED23, F9330F43B40675CCB60804182EF04BFBA3837ED14C798788A4B27D65A646D1C7 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
18:45:06.0255 0x0b58 mrxsmb20 - ok
18:45:06.0302 0x0b58 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
18:45:06.0349 0x0b58 MsBridge - ok
18:45:06.0380 0x0b58 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
18:45:06.0427 0x0b58 MSDTC - ok
18:45:06.0458 0x0b58 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:45:06.0505 0x0b58 Msfs - ok
18:45:06.0552 0x0b58 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
18:45:06.0583 0x0b58 msgpiowin32 - ok
18:45:06.0599 0x0b58 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
18:45:06.0630 0x0b58 mshidkmdf - ok
18:45:06.0646 0x0b58 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
18:45:06.0677 0x0b58 mshidumdf - ok
18:45:06.0708 0x0b58 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
18:45:06.0739 0x0b58 msisadrv - ok
18:45:06.0817 0x0b58 [ A06142B3850B06972F1C89748FAA2C02, B1CCC5C8D100FEB384FCC85FED2A77F47DA4C9BA5F6889A130F4D73E30ACAA78 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
18:45:06.0942 0x0b58 MSiSCSI - ok
18:45:06.0958 0x0b58 msiserver - ok
18:45:06.0989 0x0b58 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:45:07.0021 0x0b58 MSKSSRV - ok
18:45:07.0067 0x0b58 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
18:45:07.0161 0x0b58 MsLldp - ok
18:45:07.0177 0x0b58 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:45:07.0208 0x0b58 MSPCLOCK - ok
18:45:07.0255 0x0b58 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:45:07.0286 0x0b58 MSPQM - ok
18:45:07.0333 0x0b58 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
18:45:07.0380 0x0b58 MsRPC - ok
18:45:07.0411 0x0b58 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
18:45:07.0442 0x0b58 mssmbios - ok
18:45:07.0474 0x0b58 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:45:07.0505 0x0b58 MSTEE - ok
18:45:07.0536 0x0b58 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
18:45:07.0583 0x0b58 MTConfig - ok
18:45:07.0630 0x0b58 [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup C:\WINDOWS\system32\Drivers\mup.sys
18:45:07.0661 0x0b58 Mup - ok
18:45:07.0692 0x0b58 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
18:45:07.0724 0x0b58 mvumis - ok
18:45:07.0849 0x0b58 [ 50E1967C1C2A2BBF4E361DE1A6DD9A5E, 914650EE73313FF15F778F9002D8A1F43D9850D3D1086282B408CD71AC3874D0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:45:07.0896 0x0b58 MyWiFiDHCPDNS - ok
18:45:07.0974 0x0b58 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
18:45:08.0067 0x0b58 napagent - ok
18:45:08.0177 0x0b58 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
18:45:08.0302 0x0b58 NativeWifiP - ok
18:45:08.0317 0x0b58 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
18:45:08.0427 0x0b58 NcaSvc - ok
18:45:08.0458 0x0b58 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
18:45:08.0599 0x0b58 NcbService - ok
18:45:08.0646 0x0b58 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
18:45:08.0724 0x0b58 NcdAutoSetup - ok
18:45:08.0833 0x0b58 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
18:45:08.0958 0x0b58 NDIS - ok
18:45:09.0036 0x0b58 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
18:45:09.0068 0x0b58 NdisCap - ok
18:45:09.0099 0x0b58 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
18:45:09.0193 0x0b58 NdisImPlatform - ok
18:45:09.0239 0x0b58 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:45:09.0286 0x0b58 NdisTapi - ok
18:45:09.0318 0x0b58 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:45:09.0380 0x0b58 Ndisuio - ok
18:45:09.0396 0x0b58 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
18:45:09.0443 0x0b58 NdisVirtualBus - ok
18:45:09.0474 0x0b58 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:45:09.0583 0x0b58 NdisWan - ok
18:45:09.0614 0x0b58 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:45:09.0646 0x0b58 NdisWanLegacy - ok
18:45:09.0677 0x0b58 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:45:09.0724 0x0b58 NDProxy - ok
|
|
14.12.2016, 19:21
| #6 |
| | Kaspersky TDSS Killer 2 von 2Code:
ATTFilter 18:45:09.0771 0x0b58 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
18:45:09.0896 0x0b58 Ndu - ok
18:45:09.0927 0x0b58 [ 8B1B6E2520C3F95541504F60841C2C5A, 0B370C56BBFF827D7F4092945C30EC755107EB89CCCE2D65FCFECA0593AEB6D2 ] NEOFLTR_7117_28099 C:\WINDOWS\system32\Drivers\NEOFLTR_7117_28099.SYS
18:45:09.0958 0x0b58 NEOFLTR_7117_28099 - ok
18:45:09.0989 0x0b58 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:45:10.0036 0x0b58 NetBIOS - ok
18:45:10.0099 0x0b58 [ 9DC17B7D9D84C37C102D379FCC7D4942, D522022ED4395686837E96F57EE29F8065FB749D1195B60D2A406FB33F696C09 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:45:10.0208 0x0b58 NetBT - ok
18:45:10.0224 0x0b58 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
18:45:10.0255 0x0b58 Netlogon - ok
18:45:10.0286 0x0b58 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
18:45:10.0349 0x0b58 Netman - ok
18:45:10.0411 0x0b58 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
18:45:10.0489 0x0b58 netprofm - ok
18:45:10.0568 0x0b58 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:45:10.0677 0x0b58 NetTcpPortSharing - ok
18:45:10.0739 0x0b58 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
18:45:10.0833 0x0b58 netvsc - ok
18:45:11.0099 0x0b58 [ 4E28478C4CE7A0258BAE7127F8CE1AD6, 985C566978478F6A8DF79F58892119E75E60A0C0BFBA6E15707FE58D136E9EFC ] NETwNe64 C:\WINDOWS\system32\DRIVERS\Netwew00.sys
18:45:11.0411 0x0b58 NETwNe64 - ok
18:45:11.0490 0x0b58 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
18:45:11.0599 0x0b58 NlaSvc - ok
18:45:11.0630 0x0b58 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:45:11.0693 0x0b58 Npfs - ok
18:45:11.0740 0x0b58 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
18:45:11.0833 0x0b58 npsvctrig - ok
18:45:11.0880 0x0b58 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
18:45:12.0005 0x0b58 nsi - ok
18:45:12.0068 0x0b58 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
18:45:12.0115 0x0b58 nsiproxy - ok
18:45:12.0349 0x0b58 [ 9980B262DBE439AE6BDC91AA985F19EE, E998E4CAE9CD103ADA9CA3C737C4DAD017D056828BFA42A41C7B4E4E108FB13C ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:45:12.0630 0x0b58 Ntfs - ok
18:45:12.0677 0x0b58 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
18:45:12.0724 0x0b58 Null - ok
18:45:12.0740 0x0b58 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
18:45:12.0786 0x0b58 nvraid - ok
18:45:12.0818 0x0b58 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
18:45:12.0865 0x0b58 nvstor - ok
18:45:12.0896 0x0b58 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
18:45:12.0943 0x0b58 nv_agp - ok
18:45:13.0036 0x0b58 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
18:45:13.0177 0x0b58 p2pimsvc - ok
18:45:13.0224 0x0b58 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
18:45:13.0318 0x0b58 p2psvc - ok
18:45:13.0365 0x0b58 [ 57DCE4FB0467986AE78E1C6FC5240D32, F7F3ADD1B48E4D6BB0A664A2FE556F71ED7453054B4FB667A29BE050C845045B ] Parport C:\WINDOWS\System32\drivers\parport.sys
18:45:13.0568 0x0b58 Parport - ok
18:45:13.0615 0x0b58 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
18:45:13.0646 0x0b58 partmgr - ok
18:45:13.0708 0x0b58 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
18:45:13.0787 0x0b58 PcaSvc - ok
18:45:13.0849 0x0b58 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
18:45:13.0927 0x0b58 pci - ok
18:45:13.0958 0x0b58 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
18:45:13.0990 0x0b58 pciide - ok
18:45:14.0037 0x0b58 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
18:45:14.0068 0x0b58 pcmcia - ok
18:45:14.0099 0x0b58 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
18:45:14.0130 0x0b58 pcw - ok
18:45:14.0224 0x0b58 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
18:45:14.0255 0x0b58 pdc - ok
18:45:14.0552 0x0b58 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
18:45:14.0693 0x0b58 PEAUTH - ok
18:45:15.0240 0x0b58 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
18:45:15.0302 0x0b58 PerfHost - ok
18:45:15.0458 0x0b58 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
18:45:15.0646 0x0b58 pla - ok
18:45:15.0693 0x0b58 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
18:45:15.0740 0x0b58 PlugPlay - ok
18:45:15.0755 0x0b58 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
18:45:15.0802 0x0b58 PNRPAutoReg - ok
18:45:15.0833 0x0b58 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
18:45:15.0896 0x0b58 PNRPsvc - ok
18:45:15.0943 0x0b58 [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
18:45:16.0037 0x0b58 PolicyAgent - ok
18:45:16.0099 0x0b58 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
18:45:16.0209 0x0b58 Power - ok
18:45:16.0459 0x0b58 [ F6EA63145C20A23732AD2CA1EBA65FA1, 0DD1164D37C1500258E9CCCE458778A3DA196D9A65919B2672E3C88383068F52 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:45:16.0787 0x0b58 PrintNotify - ok
18:45:16.0834 0x0b58 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
18:45:16.0896 0x0b58 Processor - ok
18:45:16.0974 0x0b58 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\WINDOWS\system32\profsvc.dll
18:45:17.0099 0x0b58 ProfSvc - ok
18:45:17.0162 0x0b58 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
18:45:17.0224 0x0b58 Psched - ok
18:45:17.0302 0x0b58 [ E0EDF82FED4CF4DDF86FF63A5E086E48, 0CC2B41A67618E7357E54A44A26B175975CBB5F89D03A843689E5C7BE1B12E52 ] ptservice C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe
18:45:17.0318 0x0b58 ptservice - ok
18:45:17.0349 0x0b58 [ D8EB393983B644879DE0546122CC16DF, 4A11DDFB016B560E770660183AF1ADA4831D97DAEAF560E60259F81F2727CBFC ] ptun0901 C:\WINDOWS\system32\DRIVERS\ptun0901.sys
18:45:17.0380 0x0b58 ptun0901 - ok
18:45:17.0412 0x0b58 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
18:45:17.0474 0x0b58 QWAVE - ok
18:45:17.0505 0x0b58 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
18:45:17.0568 0x0b58 QWAVEdrv - ok
18:45:17.0584 0x0b58 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:45:17.0630 0x0b58 RasAcd - ok
18:45:17.0662 0x0b58 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:45:17.0693 0x0b58 RasAuto - ok
18:45:17.0787 0x0b58 [ 15C0034561FE5B03FA376F1A6232478B, 0F9B5C2BD7D8803FF3C5ED957D3F0859F2A59B74510E4659FBF05EDCBF230208 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:45:17.0896 0x0b58 RasMan - ok
18:45:17.0943 0x0b58 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:45:17.0990 0x0b58 RasPppoe - ok
18:45:18.0068 0x0b58 [ D67ED4AB59D1EF66B05AD1A81AC28B26, 72E750A9A6B484D8BEDE52FA6DABEF4D95765DE491152E1F6C856D0590B50C28 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:45:18.0177 0x0b58 rdbss - ok
18:45:18.0224 0x0b58 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
18:45:18.0302 0x0b58 rdpbus - ok
18:45:18.0334 0x0b58 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
18:45:18.0427 0x0b58 RDPDR - ok
18:45:18.0474 0x0b58 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
18:45:18.0521 0x0b58 RdpVideoMiniport - ok
18:45:18.0584 0x0b58 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
18:45:18.0631 0x0b58 rdyboost - ok
18:45:18.0740 0x0b58 [ 759FB47B96FA0A9D767B3269F76E5E25, B19EF75D2ECC9041F2578D6D4574302A06A12E551CE6211C049CD642E92D4D3E ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
18:45:18.0849 0x0b58 ReFS - ok
18:45:18.0974 0x0b58 [ 7256A19A9397E71FADC46E23E11B1609, AF403728F751C3ECFBA68D05C1E9672CB7B52CB078DE85CB16EAEC5230BBD5BC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:45:19.0006 0x0b58 RegSrvc - ok
18:45:19.0084 0x0b58 [ DF78648AC3C8DC9D70E6714AF785382F, 56E104939ED0AB5B26AE07BAB1BBB7D15828DBD3A2AD35361423D7ADDA4BA551 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:45:19.0131 0x0b58 RemoteAccess - ok
18:45:19.0193 0x0b58 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:45:19.0271 0x0b58 RemoteRegistry - ok
18:45:19.0365 0x0b58 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
18:45:19.0490 0x0b58 RFCOMM - ok
18:45:19.0506 0x0b58 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
18:45:19.0568 0x0b58 RpcEptMapper - ok
18:45:19.0599 0x0b58 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
18:45:19.0646 0x0b58 RpcLocator - ok
18:45:19.0927 0x0b58 [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:45:20.0037 0x0b58 RpcSs - ok
18:45:20.0084 0x0b58 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
18:45:20.0177 0x0b58 rspndr - ok
18:45:20.0396 0x0b58 [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
18:45:20.0490 0x0b58 RTL8168 - ok
18:45:20.0521 0x0b58 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
18:45:20.0568 0x0b58 s3cap - ok
18:45:20.0615 0x0b58 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
18:45:20.0646 0x0b58 SamSs - ok
18:45:20.0802 0x0b58 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
18:45:20.0834 0x0b58 sbp2port - ok
18:45:20.0881 0x0b58 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
18:45:20.0959 0x0b58 SCardSvr - ok
18:45:21.0053 0x0b58 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
18:45:21.0115 0x0b58 ScDeviceEnum - ok
18:45:21.0146 0x0b58 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
18:45:21.0193 0x0b58 scfilter - ok
18:45:21.0506 0x0b58 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:45:21.0724 0x0b58 Schedule - ok
18:45:21.0771 0x0b58 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
18:45:21.0803 0x0b58 SCPolicySvc - ok
18:45:21.0959 0x0b58 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
18:45:22.0006 0x0b58 sdbus - ok
18:45:22.0037 0x0b58 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
18:45:22.0068 0x0b58 sdstor - ok
18:45:22.0146 0x0b58 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
18:45:22.0240 0x0b58 secdrv - ok
18:45:22.0271 0x0b58 [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon C:\WINDOWS\system32\seclogon.dll
18:45:22.0396 0x0b58 seclogon - ok
18:45:22.0474 0x0b58 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
18:45:22.0506 0x0b58 SENS - ok
18:45:22.0662 0x0b58 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
18:45:22.0787 0x0b58 SensrSvc - ok
18:45:22.0818 0x0b58 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
18:45:22.0849 0x0b58 SerCx - ok
18:45:22.0896 0x0b58 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
18:45:22.0943 0x0b58 SerCx2 - ok
18:45:23.0021 0x0b58 [ 1F0135949A6AD6025F363F80FE268251, DB2D503863143F2251E589F7B0B3E9FBF997D7333D54C55856590B5080B5513D ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
18:45:23.0084 0x0b58 Serenum - ok
18:45:23.0115 0x0b58 [ 81633C87B42B63BA484A6177179AC750, A22BA40E9EC74E88D8098CBDC954E1D63B832FCB789E3C7B731DE5DA39BEE2CA ] Serial C:\WINDOWS\System32\drivers\serial.sys
18:45:23.0193 0x0b58 Serial - ok
18:45:23.0240 0x0b58 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
18:45:23.0318 0x0b58 sermouse - ok
18:45:23.0475 0x0b58 [ 389458EA0B5FAEBA325FAC47B9ED589E, F7F37A1F1E912069F65E4629FF733F080AE675DF6FE255AF48F5E23EB47D0622 ] SessionEnv C:\WINDOWS\system32\sessenv.dll
18:45:23.0646 0x0b58 SessionEnv - ok
18:45:23.0678 0x0b58 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
18:45:23.0709 0x0b58 sfloppy - ok
18:45:23.0803 0x0b58 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:45:23.0881 0x0b58 SharedAccess - ok
18:45:23.0943 0x0b58 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:45:24.0084 0x0b58 ShellHWDetection - ok
18:45:24.0131 0x0b58 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
18:45:24.0162 0x0b58 SiSRaid2 - ok
18:45:24.0209 0x0b58 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
18:45:24.0240 0x0b58 SiSRaid4 - ok
18:45:24.0506 0x0b58 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:45:24.0553 0x0b58 SkypeUpdate - ok
18:45:24.0646 0x0b58 [ 23D6E5B073B9848D6B9973306A1E9591, 169F690898D4E85E3129C9C2FBD53D9A40DF68BDBDE7FE0E394808989173B649 ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
18:45:24.0662 0x0b58 SmbDrvI - ok
18:45:24.0709 0x0b58 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
18:45:24.0990 0x0b58 smphost - ok
18:45:25.0021 0x0b58 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
18:45:25.0053 0x0b58 SNMPTRAP - ok
18:45:25.0303 0x0b58 [ B312191DCBECE3C07DF9A99DE433B126, D9D9028331C703CE9B9EC75772D29BB04FE43B3A7895F8CBB3AC701CA0548F8D ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
18:45:25.0381 0x0b58 spaceport - ok
18:45:25.0475 0x0b58 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
18:45:25.0506 0x0b58 SpbCx - ok
18:45:25.0771 0x0b58 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\WINDOWS\System32\spoolsv.exe
18:45:25.0959 0x0b58 Spooler - ok
18:45:26.0709 0x0b58 [ F264662C057A54AA2DE41B3C7551712F, 2C123C6ACD967CDF1AD2855187CF3D8357B16A4FD9C2F18AE54CFA384165FA11 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
18:45:27.0240 0x0b58 sppsvc - ok
18:45:27.0334 0x0b58 [ 36B082C7A764A34FB1DC72D975870B61, 572CB632D9FDC1183F7BF8BFCBC51765C647945E0C13D1C91ADE3D0E76DF83BC ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:45:27.0459 0x0b58 srv - ok
18:45:27.0522 0x0b58 [ F5849909D4B29B4E3D4445F943E5C7E3, 3FCA1423753716FE1AFDD27EE1E13C4D779A3C976185B5C998EF1A9A39BFC186 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
18:45:27.0631 0x0b58 srv2 - ok
18:45:27.0693 0x0b58 [ FABC49666708EA562549E78E6FBF3191, BE1FEBFC259308B39C727915C41A67CD50720A6E2A68D148F4F2F926AED43B02 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
18:45:27.0740 0x0b58 srvnet - ok
18:45:27.0787 0x0b58 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:45:27.0850 0x0b58 SSDPSRV - ok
18:45:27.0897 0x0b58 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
18:45:27.0959 0x0b58 SstpSvc - ok
18:45:27.0990 0x0b58 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
18:45:28.0022 0x0b58 stexstor - ok
18:45:28.0100 0x0b58 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
18:45:28.0256 0x0b58 stisvc - ok
18:45:28.0287 0x0b58 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
18:45:28.0319 0x0b58 storahci - ok
18:45:28.0365 0x0b58 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
18:45:28.0397 0x0b58 storflt - ok
18:45:28.0444 0x0b58 [ 0EDD1F4D470C775740625B06A60C9DD5, 94964D0A793B1C984E87095249EE383A5E669D05BA6BF9F655587887E6CE3C19 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
18:45:28.0475 0x0b58 stornvme - ok
18:45:28.0522 0x0b58 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
18:45:28.0600 0x0b58 StorSvc - ok
18:45:28.0631 0x0b58 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
18:45:28.0662 0x0b58 storvsc - ok
18:45:28.0694 0x0b58 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
18:45:28.0740 0x0b58 svsvc - ok
18:45:28.0787 0x0b58 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
18:45:28.0803 0x0b58 swenum - ok
18:45:28.0897 0x0b58 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
18:45:28.0990 0x0b58 swprv - ok
18:45:29.0037 0x0b58 [ EC3D443A4D29AA584DB8FD44C27E3262, F45711B62939B4F666251B3F949CDA55FAD6A0D7B52B424963C98585892013F4 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:45:29.0084 0x0b58 SynTP - ok
18:45:29.0194 0x0b58 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\WINDOWS\system32\sysmain.dll
18:45:29.0381 0x0b58 SysMain - ok
18:45:29.0444 0x0b58 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
18:45:29.0553 0x0b58 SystemEventsBroker - ok
18:45:29.0600 0x0b58 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
18:45:29.0678 0x0b58 TabletInputService - ok
18:45:29.0756 0x0b58 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:45:29.0865 0x0b58 TapiSrv - ok
18:45:30.0053 0x0b58 [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
18:45:30.0303 0x0b58 Tcpip - ok
18:45:30.0475 0x0b58 [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:45:30.0694 0x0b58 TCPIP6 - ok
18:45:30.0756 0x0b58 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
18:45:30.0850 0x0b58 tcpipreg - ok
18:45:30.0897 0x0b58 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
18:45:30.0944 0x0b58 tdx - ok
18:45:30.0991 0x0b58 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
18:45:31.0022 0x0b58 terminpt - ok
18:45:31.0147 0x0b58 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
18:45:31.0319 0x0b58 TermService - ok
18:45:31.0350 0x0b58 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
18:45:31.0381 0x0b58 Themes - ok
18:45:31.0444 0x0b58 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
18:45:31.0475 0x0b58 THREADORDER - ok
18:45:31.0506 0x0b58 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
18:45:31.0631 0x0b58 TimeBroker - ok
18:45:31.0678 0x0b58 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
18:45:31.0725 0x0b58 TPM - ok
18:45:31.0741 0x0b58 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
18:45:31.0787 0x0b58 TrkWks - ok
18:45:31.0834 0x0b58 [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt C:\WINDOWS\system32\drivers\truecrypt.sys
18:45:31.0881 0x0b58 truecrypt - ok
18:45:31.0912 0x0b58 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
18:45:32.0006 0x0b58 TrustedInstaller - ok
18:45:32.0053 0x0b58 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
18:45:32.0131 0x0b58 TsUsbFlt - ok
18:45:32.0178 0x0b58 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
18:45:32.0256 0x0b58 TsUsbGD - ok
18:45:32.0303 0x0b58 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
18:45:32.0397 0x0b58 tunnel - ok
18:45:32.0428 0x0b58 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
18:45:32.0459 0x0b58 uagp35 - ok
18:45:32.0491 0x0b58 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
18:45:32.0522 0x0b58 UASPStor - ok
18:45:32.0584 0x0b58 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
18:45:32.0631 0x0b58 UCX01000 - ok
18:45:32.0694 0x0b58 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
18:45:32.0834 0x0b58 udfs - ok
18:45:32.0850 0x0b58 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
18:45:32.0881 0x0b58 UEFI - ok
18:45:32.0959 0x0b58 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
18:45:33.0022 0x0b58 UI0Detect - ok
18:45:33.0053 0x0b58 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
18:45:33.0084 0x0b58 uliagpkx - ok
18:45:33.0100 0x0b58 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
18:45:33.0147 0x0b58 umbus - ok
18:45:33.0163 0x0b58 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
18:45:33.0209 0x0b58 UmPass - ok
18:45:33.0272 0x0b58 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
18:45:33.0366 0x0b58 UmRdpService - ok
18:45:33.0506 0x0b58 [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:45:33.0538 0x0b58 UNS - ok
18:45:33.0600 0x0b58 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:45:33.0678 0x0b58 upnphost - ok
18:45:33.0725 0x0b58 [ 73E350C9099837826A08792D3E96E189, D4C07C70E8140FFCB5F98EF377B7851D8CA01E1C2FAE9852FF3286E8C8337180 ] usb3Hub C:\WINDOWS\System32\drivers\usb3Hub.sys
18:45:33.0756 0x0b58 usb3Hub - ok
18:45:33.0819 0x0b58 [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:45:33.0881 0x0b58 usbaudio - ok
18:45:33.0928 0x0b58 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
18:45:33.0975 0x0b58 usbccgp - ok
18:45:34.0022 0x0b58 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
18:45:34.0069 0x0b58 usbcir - ok
18:45:34.0131 0x0b58 [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
18:45:34.0178 0x0b58 usbehci - ok
18:45:34.0256 0x0b58 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
18:45:34.0319 0x0b58 usbhub - ok
18:45:34.0381 0x0b58 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
18:45:34.0459 0x0b58 USBHUB3 - ok
18:45:34.0491 0x0b58 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
18:45:34.0663 0x0b58 usbohci - ok
18:45:34.0694 0x0b58 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
18:45:34.0788 0x0b58 usbprint - ok
18:45:34.0834 0x0b58 [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
18:45:34.0866 0x0b58 USBSTOR - ok
18:45:34.0944 0x0b58 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
18:45:34.0991 0x0b58 usbuhci - ok
18:45:35.0084 0x0b58 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
18:45:35.0131 0x0b58 USBXHCI - ok
18:45:35.0163 0x0b58 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
18:45:35.0194 0x0b58 VaultSvc - ok
18:45:35.0194 0x0b58 VBoxAswDrv - ok
18:45:35.0225 0x0b58 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
18:45:35.0256 0x0b58 vdrvroot - ok
18:45:35.0381 0x0b58 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
18:45:35.0538 0x0b58 vds - ok
18:45:35.0569 0x0b58 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
18:45:35.0616 0x0b58 VerifierExt - ok
18:45:35.0788 0x0b58 [ 8ABB4BABF59F092DF0B43778D8FD1884, 94C2100CE86448543A8DD586AD4A128AB9EB37959238D70F33EF59202270AC6C ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
18:45:35.0866 0x0b58 vhdmp - ok
18:45:35.0897 0x0b58 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
18:45:35.0928 0x0b58 viaide - ok
18:45:36.0038 0x0b58 [ A87EA7A4ABC27B8F22F905C2C386A9C2, 91C7B8B7A257F1A8B624BF89FFA52B9F9B32350B6467A12F086450B7BA84A24F ] vm331avs C:\WINDOWS\System32\Drivers\vm331avs.sys
18:45:36.0163 0x0b58 vm331avs - ok
18:45:36.0210 0x0b58 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
18:45:36.0241 0x0b58 vmbus - ok
18:45:36.0272 0x0b58 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
18:45:36.0319 0x0b58 VMBusHID - ok
18:45:36.0397 0x0b58 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
18:45:36.0460 0x0b58 vmicguestinterface - ok
18:45:36.0506 0x0b58 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
18:45:36.0569 0x0b58 vmicheartbeat - ok
18:45:36.0600 0x0b58 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
18:45:36.0663 0x0b58 vmickvpexchange - ok
18:45:36.0694 0x0b58 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
18:45:36.0756 0x0b58 vmicrdv - ok
18:45:36.0803 0x0b58 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
18:45:36.0850 0x0b58 vmicshutdown - ok
18:45:36.0897 0x0b58 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
18:45:36.0960 0x0b58 vmictimesync - ok
18:45:37.0006 0x0b58 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
18:45:37.0053 0x0b58 vmicvss - ok
18:45:37.0131 0x0b58 [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
18:45:37.0163 0x0b58 volmgr - ok
18:45:37.0210 0x0b58 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
18:45:37.0272 0x0b58 volmgrx - ok
18:45:37.0335 0x0b58 [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
18:45:37.0413 0x0b58 volsnap - ok
18:45:37.0475 0x0b58 [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
18:45:37.0506 0x0b58 vpci - ok
18:45:37.0553 0x0b58 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
18:45:37.0585 0x0b58 vsmraid - ok
18:45:37.0694 0x0b58 [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS C:\WINDOWS\system32\vssvc.exe
18:45:37.0928 0x0b58 VSS - ok
18:45:37.0975 0x0b58 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
18:45:38.0022 0x0b58 VSTXRAID - ok
18:45:38.0085 0x0b58 [ 71066FF95C487327E44C8AF1B72EBE8B, EA2729126B452CAE0C80D07501779D804B08E47F1217B61D53277B40869FEC25 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
18:45:38.0288 0x0b58 vwifibus - ok
18:45:38.0303 0x0b58 [ 29AB43937FFDA0B0FB56984226E698C6, 6A1A559964FE5D594E54988C46149969E6FFD5A8D5A6862E14648B608794CC29 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
18:45:38.0366 0x0b58 vwififlt - ok
18:45:38.0382 0x0b58 [ 8B8624A93E3F88CB923AEB05B6313227, 2856B63CD376BF2B1A9129581E7B9207588D4EAFD29A2C8D98F176FEAFDE26A9 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
18:45:38.0428 0x0b58 vwifimp - ok
18:45:38.0507 0x0b58 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
18:45:38.0632 0x0b58 W32Time - ok
18:45:38.0647 0x0b58 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
18:45:38.0694 0x0b58 WacomPen - ok
18:45:38.0819 0x0b58 [ 841345442390953CBC8801B95D3D0540, FD4F9FD2C4C60A1A580177FFF2E9035009AC6A38E78D4236B0ED4773E3B263EE ] wbengine C:\WINDOWS\system32\wbengine.exe
18:45:39.0085 0x0b58 wbengine - ok
18:45:39.0163 0x0b58 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
18:45:39.0288 0x0b58 WbioSrvc - ok
18:45:39.0335 0x0b58 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
18:45:39.0397 0x0b58 Wcmsvc - ok
18:45:39.0444 0x0b58 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
18:45:39.0507 0x0b58 wcncsvc - ok
18:45:39.0538 0x0b58 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
18:45:39.0647 0x0b58 WcsPlugInService - ok
18:45:39.0694 0x0b58 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
18:45:39.0725 0x0b58 WdBoot - ok
18:45:39.0819 0x0b58 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
18:45:39.0897 0x0b58 Wdf01000 - ok
18:45:39.0960 0x0b58 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
18:45:40.0007 0x0b58 WdFilter - ok
18:45:40.0054 0x0b58 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
18:45:40.0116 0x0b58 WdiServiceHost - ok
18:45:40.0116 0x0b58 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
18:45:40.0163 0x0b58 WdiSystemHost - ok
18:45:40.0225 0x0b58 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
18:45:40.0257 0x0b58 WdNisDrv - ok
18:45:40.0288 0x0b58 WdNisSvc - ok
18:45:40.0350 0x0b58 [ A70CAF5EA36CBA5FCA24244306D4D5C6, 76C3E20B62B89D9699A1E817377FAD70B144B877BCC5C850A5B64CC68184D8DA ] WebClient C:\WINDOWS\System32\webclnt.dll
18:45:40.0413 0x0b58 WebClient - ok
18:45:40.0491 0x0b58 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
18:45:40.0554 0x0b58 Wecsvc - ok
18:45:40.0600 0x0b58 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
18:45:40.0632 0x0b58 WEPHOSTSVC - ok
18:45:40.0663 0x0b58 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
18:45:40.0788 0x0b58 wercplsupport - ok
18:45:40.0850 0x0b58 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
18:45:40.0897 0x0b58 WerSvc - ok
18:45:40.0960 0x0b58 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
18:45:41.0007 0x0b58 WFPLWFS - ok
18:45:41.0022 0x0b58 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
18:45:41.0069 0x0b58 WiaRpc - ok
18:45:41.0116 0x0b58 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
18:45:41.0147 0x0b58 WIMMount - ok
18:45:41.0147 0x0b58 WinDefend - ok
18:45:41.0257 0x0b58 [ 0E70990EC2E5D2331AA5E88DB0CFB826, 79DFF565C3FCBC691E8FEB669CEC00E340FD2A2AFA4488D23A7CC63A2A98A5C1 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
18:45:41.0413 0x0b58 WinHttpAutoProxySvc - ok
18:45:41.0475 0x0b58 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:45:41.0569 0x0b58 Winmgmt - ok
18:45:41.0772 0x0b58 [ 427873F889F2F508BE8BE982219CE578, CA8DCFB774BF0F747295A7A0CB46A6177DE12AD6BD58266182206C41A3C9001E ] WinRM C:\WINDOWS\system32\WsmSvc.dll
18:45:42.0069 0x0b58 WinRM - ok
18:45:42.0116 0x0b58 [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15BF5D0C66F26F2C2 ] WinUsb C:\WINDOWS\System32\drivers\WinUsb.sys
18:45:42.0210 0x0b58 WinUsb - ok
18:45:42.0366 0x0b58 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
18:45:42.0522 0x0b58 WlanSvc - ok
18:45:42.0679 0x0b58 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
18:45:42.0866 0x0b58 wlidsvc - ok
18:45:42.0897 0x0b58 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
18:45:42.0944 0x0b58 WmiAcpi - ok
18:45:42.0991 0x0b58 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
18:45:43.0038 0x0b58 wmiApSrv - ok
18:45:43.0069 0x0b58 WMPNetworkSvc - ok
18:45:43.0116 0x0b58 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
18:45:43.0163 0x0b58 Wof - ok
18:45:43.0304 0x0b58 [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
18:45:43.0507 0x0b58 workfolderssvc - ok
18:45:43.0554 0x0b58 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
18:45:43.0585 0x0b58 wpcfltr - ok
18:45:43.0647 0x0b58 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
18:45:43.0726 0x0b58 WPCSvc - ok
18:45:43.0757 0x0b58 [ DBDCE2378F65F0A07D4644AC103037E7, 99714F0CD31297C9831BAF04768F467F6E0BF710C859CEDCA83069226BF1A68A ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
18:45:43.0866 0x0b58 WPDBusEnum - ok
18:45:43.0913 0x0b58 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
18:45:43.0944 0x0b58 WpdUpFltr - ok
18:45:43.0991 0x0b58 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
18:45:44.0022 0x0b58 ws2ifsl - ok
18:45:44.0085 0x0b58 [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc C:\WINDOWS\System32\wscsvc.dll
18:45:44.0194 0x0b58 wscsvc - ok
18:45:44.0210 0x0b58 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
18:45:44.0257 0x0b58 WSDPrintDevice - ok
18:45:44.0257 0x0b58 WSearch - ok
18:45:44.0507 0x0b58 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
18:45:44.0866 0x0b58 WSService - ok
18:45:44.0929 0x0b58 [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd C:\WINDOWS\system32\DRIVERS\wsvd.sys
18:45:44.0944 0x0b58 wsvd - ok
18:45:45.0210 0x0b58 [ F3F60C88A6BBC8D0C68FE5B1C91181AF, AF9A4D282CD4BB1127BC3F48AB89DC294408D96F7906553C636F37D1503CFA48 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
18:45:45.0585 0x0b58 wuauserv - ok
18:45:45.0648 0x0b58 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
18:45:45.0757 0x0b58 WudfPf - ok
18:45:45.0788 0x0b58 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
18:45:45.0835 0x0b58 WUDFRd - ok
18:45:45.0866 0x0b58 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
18:45:45.0913 0x0b58 wudfsvc - ok
18:45:45.0944 0x0b58 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
18:45:45.0976 0x0b58 WUDFWpdFs - ok
18:45:46.0007 0x0b58 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
18:45:46.0038 0x0b58 WUDFWpdMtp - ok
18:45:46.0132 0x0b58 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
18:45:46.0226 0x0b58 WwanSvc - ok
18:45:46.0288 0x0b58 [ 6FDEE5E0741A3FFA5E5772C6C94E3F64, 859EBC7F8FF3CE9F3301B5BF93CF0C84C2A4271F205B67D9B8DC463DC67DE661 ] XHCIPort C:\WINDOWS\System32\drivers\XHCIPort.sys
18:45:46.0319 0x0b58 XHCIPort - ok
18:45:46.0741 0x0b58 [ 19137CA32DA7AA6F4936514721AA53BA, E9E5E6F05A1D529D19339F0C71AA5F9D412F6D3AE4BF84CF340C8569BA367D51 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
18:45:47.0054 0x0b58 ZeroConfigService - ok
18:45:47.0116 0x0b58 ================ Scan global ===============================
18:45:47.0226 0x0b58 [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\WINDOWS\system32\basesrv.dll
18:45:47.0257 0x0b58 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
18:45:47.0320 0x0b58 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
18:45:47.0413 0x0b58 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
18:45:47.0444 0x0b58 [ Global ] - ok
18:45:47.0444 0x0b58 ================ Scan MBR ==================================
18:45:47.0444 0x0b58 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:45:47.0538 0x0b58 \Device\Harddisk0\DR0 - ok
18:45:47.0585 0x0b58 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:45:47.0726 0x0b58 \Device\Harddisk1\DR1 - ok
18:45:47.0726 0x0b58 ================ Scan VBR ==================================
18:45:47.0741 0x0b58 [ 4442C0A6C04745FB6E5882AD4133A05F ] \Device\Harddisk0\DR0\Partition1
18:45:47.0741 0x0b58 \Device\Harddisk0\DR0\Partition1 - ok
18:45:47.0741 0x0b58 [ AC607753B96B4587C92FF2FF5503E808 ] \Device\Harddisk0\DR0\Partition2
18:45:47.0741 0x0b58 \Device\Harddisk0\DR0\Partition2 - ok
18:45:47.0773 0x0b58 [ 76CC484D0CAA49F4D50C584CF967E974 ] \Device\Harddisk1\DR1\Partition1
18:45:47.0788 0x0b58 \Device\Harddisk1\DR1\Partition1 - ok
18:45:47.0788 0x0b58 [ DAE4439249C21061911BDDB1B74AE6E7 ] \Device\Harddisk1\DR1\Partition2
18:45:47.0788 0x0b58 \Device\Harddisk1\DR1\Partition2 - ok
18:45:47.0804 0x0b58 [ 650ACCBCFCD81614D062EDFB7B5144A5 ] \Device\Harddisk1\DR1\Partition3
18:45:47.0804 0x0b58 \Device\Harddisk1\DR1\Partition3 - ok
18:45:47.0835 0x0b58 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition4
18:45:47.0835 0x0b58 \Device\Harddisk1\DR1\Partition4 - ok
18:45:47.0851 0x0b58 [ 0ACA1C6A74A1AF1DD0281278FE6EADD1 ] \Device\Harddisk1\DR1\Partition5
18:45:47.0866 0x0b58 \Device\Harddisk1\DR1\Partition5 - ok
18:45:47.0898 0x0b58 [ 7CC7DB040BAD17579915D6B5686DA394 ] \Device\Harddisk1\DR1\Partition6
18:45:47.0898 0x0b58 \Device\Harddisk1\DR1\Partition6 - ok
18:45:47.0913 0x0b58 [ 95046D726C216A090CD0E23C42B029EA ] \Device\Harddisk1\DR1\Partition7
18:45:47.0913 0x0b58 \Device\Harddisk1\DR1\Partition7 - ok
18:45:47.0945 0x0b58 [ 2CAC975649A7A2C4294A8E33A8177574 ] \Device\Harddisk1\DR1\Partition8
18:45:47.0945 0x0b58 \Device\Harddisk1\DR1\Partition8 - ok
18:45:47.0945 0x0b58 ================ Scan generic autorun ======================
18:45:47.0960 0x0b58 BTMTrayAgent - ok
18:45:48.0070 0x0b58 [ 552894CB0AB64664A48E544F4B50FEA2, 3C8B89444D5B32E01284C9C02448995E41FA4A29EE789170A43679AA119F7395 ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
18:45:48.0101 0x0b58 AmIcoSinglun64 - ok
18:45:48.0288 0x0b58 [ DD8C5A331E1F83510C5A788CB9AA8727, BDEDB9B9D3B0C16B217A67B9B02C9E339E133E4FE05E144DCB344D80C6786078 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
18:45:48.0351 0x0b58 cAudioFilterAgent - ok
18:45:48.0366 0x0b58 [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe
18:45:48.0382 0x0b58 ForteConfig - ok
18:45:48.0398 0x0b58 SynLenovoGestureMgr - ok
18:45:49.0585 0x0b58 [ 65EE16AACAEBAF3D8EDEA422177B2DA0, D15F841043D04ACE2F3D376F0EA2A3F42B4FAAE78C82913529EB8576608D0B22 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
18:45:50.0663 0x0b58 Energy Management - ok
18:45:50.0742 0x0b58 [ 5EAF38FC08B9DE07AE8A3D814A3CF959, F9F1844F20106EE77664B848A056D6E06105647C61FC2F2B64BDFD05F76E7E3D ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
18:45:50.0773 0x0b58 EnergyUtility - ok
18:45:50.0773 0x0b58 SynTPEnh - ok
18:45:50.0929 0x0b58 [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SAII\SACpl.exe
18:45:51.0117 0x0b58 SmartAudio - detected UnsignedFile.Multi.Generic ( 1 )
18:45:51.0210 0x0b58 Detect skipped due to KSN trusted
18:45:51.0210 0x0b58 SmartAudio - ok
18:45:51.0288 0x0b58 [ 3E8F4A9876EC2CE97C9E58A61CB16B40, 86AE785F005C42E276C9D8FC1158B6BBD7F3C321A1E9E8CF600C4F9AFAE8D82D ] C:\Program Files (x86)\USB Camera\VM331STI.EXE
18:45:51.0351 0x0b58 331BigDog - ok
18:45:51.0460 0x0b58 [ 50D1476C84446135A990F4939DC2DC1D, D062F92863E32EC075BD672F3C185CE8C9329F8B679D5508C396131B1DB30EF7 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
18:45:51.0523 0x0b58 Dolby Home Theater v4 - ok
18:45:51.0601 0x0b58 [ A1741C3B79F9DF8895E05EF43579E74B, 446094FDBA93518ABE1CDEC50E24AB60BC7CA78022A289AF5C21461778FD8001 ] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
18:45:51.0632 0x0b58 YouCam Mirage - ok
18:45:51.0663 0x0b58 [ 79EDDBCBFFC23585BC1495AFC03CC4D7, 325A6C067A52BAD7070C1C758EA69645FD8083AC6D0ABA8340BDBE1A712E005F ] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
18:45:51.0679 0x0b58 YouCam Tray - ok
18:45:51.0898 0x0b58 [ E77D7E64EF93D0DFA5C3EC560B02FC0C, 4EE508B1D5A16AF71AC5E9C45F7A712A13EA25D6C8ED8B1FC4F1D1DF093F9BD5 ] C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe
18:45:52.0054 0x0b58 Smart Update - ok
18:45:52.0054 0x0b58 mcui_exe - ok
18:45:52.0148 0x0b58 [ 43E946AAD268FEAFB1E286677E70CB5D, 7798926B3CF11D1CF7DFF9B3D67AD3DC67010A62F3132CAEA273EB299A61B176 ] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
18:45:52.0179 0x0b58 Intel AppUp(SM) center - ok
18:45:52.0304 0x0b58 [ 70685AC6E02E9C2DFB88D4851954F5B4, AEB63D2482652ED91C9E1F6C638F0BA4A83E74BA69731E2E0AEC614EB1E70B4D ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:45:52.0382 0x0b58 Adobe ARM - ok
18:45:52.0476 0x0b58 [ 5153C06FC9D4D094D1A785545928B134, 0037C935722663F9EF028F841DE222FC6418E9D60939AB60C965807E67A458DC ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:45:52.0538 0x0b58 SunJavaUpdateSched - ok
18:45:52.0570 0x0b58 OfficeSyncProcess - ok
18:45:52.0679 0x0b58 [ 059C2F55E82C8EDB20E8F26B2A7D2B19, BC323A8B8E0C3A5C2ABF23EDA0314A6117B9C2BC417A66CA5D6B25773E84E8F1 ] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
18:45:52.0773 0x0b58 WinPatrol - ok
18:45:52.0882 0x0b58 [ 77C01F1850E55373280A1B865D824F58, EE1535A11A49BF578FC4D00096508FFD0C4E20EC164B3ABB92ED6E2800F831C8 ] C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
18:45:52.0914 0x0b58 BingSvc - ok
18:45:53.0039 0x0b58 [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
18:45:53.0070 0x0b58 Dropbox Update - ok
18:45:53.0117 0x0b58 Skype - ok
18:45:53.0195 0x0b58 [ 369993D4B8C009393A2F9BCBB7BD2587, DD9FBF8C32BB3A29F7062BABA23B84FB9F7395A4AB3FB7001071154CDE92F7D5 ] C:\Program Files (x86)\Windows Mail\wab.exe
18:45:53.0320 0x0b58 WAB Migrate - ok
18:45:53.0335 0x0b58 Waiting for KSN requests completion. In queue: 174
18:45:54.0476 0x0b58 AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\wmiav.exe ( 17.0.0.611 ), 0x41000 ( enabled : updated )
18:45:54.0507 0x0b58 FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\wmiav.exe ( 17.0.0.611 ), 0x41010 ( enabled )
18:45:54.0664 0x0b58 ============================================================
18:45:54.0664 0x0b58 Scan finished
18:45:54.0664 0x0b58 ============================================================
18:45:54.0679 0x15a0 Detected object count: 0
18:45:54.0679 0x15a0 Actual detected object count: 0
|
|
14.12.2016, 20:16
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Generic - Entdeckt und desinfiziert durch Kaspersky Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.12.2016, 21:03
| #8 |
| | JRTCode:
ATTFilter # AdwCleaner v6.040 - Logfile created 14/12/2016 at 20:51:20
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-14.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : User - IDEA-PC
# Running from : C:\Users\User\Desktop\AdwCleaner_6.040(1).exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
No malicious task found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1060 Bytes] - [15/07/2016 22:08:47]
C:\AdwCleaner\AdwCleaner[C2].txt - [1114 Bytes] - [05/12/2016 08:21:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [875 Bytes] - [15/07/2016 22:01:11]
C:\AdwCleaner\AdwCleaner[S2].txt - [1282 Bytes] - [05/12/2016 08:20:32]
C:\AdwCleaner\AdwCleaner[S3].txt - [1277 Bytes] - [14/12/2016 20:51:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1350 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 8.1 x64
Ran by User (Administrator) on 14.12.2016 at 20:56:03,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 1
Successfully deleted: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6khcpd89.default-1462037983612\user.js (File)
Registry: 3
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E38825B-8815-42CF-9126-C58BC28D4591} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E38825B-8815-42CF-9126-C58BC28D4591} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{093F479D-712E-46CD-9E06-62E734A05F68} (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.12.2016 at 21:00:18,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
15.12.2016, 09:17
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Generic - Entdeckt und desinfiziert durch Kaspersky Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.12.2016, 10:08
| #10 |
| | Frisches FRST FRST txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
durchgeführt von User (Administrator) auf IDEA-PC (15-12-2016 09:43:19)
Gestartet von C:\Users\User\Downloads
Geladene Profile: User (Verfügbare Profile: User & Bernd & Administrator)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptcore.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Inc.) C:\ProgramData\Kaspersky Lab\AVP17.0.0\Data\patchmanagement\download_storage\107dfe42ebc506f5874db6c5b4e9aa8723a89cf22c181a5a934b7b5413893b8a_AdobeAIRInstaller.exe
(Adobe Systems Inc.) C:\Windows\Temp\AIRFBA7.tmp\Adobe AIR Installer.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-29] (Alcor Micro Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-29] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-05-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-05-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2012-05-01] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe [1706576 2012-07-23] (Lenovo)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998088 2015-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [OfficeSyncProcess] => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [Dropbox Update] => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\MountPoints2: {0871a019-6dd7-11e4-be9d-84a6c8643f47} - "E:\IronKey.exe"
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk [2015-04-16]
ShortcutTarget: PrivateTunnel.lnk -> C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\PrivateTunnel.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-07-26]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{02588863-A3D3-4E9A-B006-C06DDEB9CAED}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5D5EB5BF-6C15-48C3-9169-6F5D07611D78}: [DhcpNameServer] 10.9.0.1 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-20] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6khcpd89.default-1462037983612 [2016-12-14]
FF Extension: (Adblock Plus) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6khcpd89.default-1462037983612\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-11]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2014-04-24] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-08-13] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 Lenovo Smart Update Service; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [66640 2012-07-18] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 ptservice; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe [17816 2015-01-29] (OpenVPN Technologies, Inc)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-08-13] (Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [435032 2016-12-11] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-11] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-11] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-11] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 LAD; C:\WINDOWS\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: <Company name>)
R1 NEOFLTR_7117_28099; C:\WINDOWS\system32\Drivers\NEOFLTR_7117_28099.SYS [99632 2013-11-22] (Juniper Networks)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew00.sys [3349984 2014-02-25] (Intel Corporation)
R3 ptun0901; C:\WINDOWS\system32\DRIVERS\ptun0901.sys [27136 2014-04-24] (The OpenVPN Project)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [204184 2014-03-04] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [975104 2012-08-23] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 klids; \??\C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-12-14 21:00 - 2016-12-14 21:00 - 00001134 _____ C:\Users\User\Desktop\JRT.txt
2016-12-14 20:52 - 2016-12-14 20:53 - 01631928 _____ (Malwarebytes) C:\Users\User\Desktop\JRT.exe
2016-12-14 20:37 - 2016-12-14 20:37 - 03968464 _____ C:\Users\User\Desktop\AdwCleaner_6.040(1).exe
2016-12-14 18:42 - 2016-12-14 19:22 - 00243458 _____ C:\TDSSKiller.3.1.0.12_14.12.2016_18.42.47_log.txt
2016-12-14 18:41 - 2016-12-14 18:41 - 04747704 _____ (AO Kaspersky Lab) C:\Users\User\Desktop\tdsskiller.exe
2016-12-14 17:19 - 2016-12-14 18:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-14 17:18 - 2016-12-14 18:40 - 00000000 ____D C:\Users\User\Desktop\mbar
2016-12-14 17:14 - 2016-12-14 17:15 - 16563352 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.09.3.1001.exe
2016-12-12 13:04 - 2016-12-14 16:13 - 00042648 _____ C:\Users\User\Downloads\Addition.txt
2016-12-12 13:01 - 2016-12-15 09:43 - 00024745 _____ C:\Users\User\Downloads\FRST.txt
2016-12-12 13:01 - 2016-12-15 09:43 - 00000000 ____D C:\FRST
2016-12-12 13:00 - 2016-12-12 13:01 - 02420224 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-12-11 18:39 - 2016-12-11 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-12-11 18:39 - 2016-12-11 01:34 - 00002229 _____ C:\Users\Public\Desktop\Sicherer Zahlungsverkehr.lnk
2016-12-11 18:39 - 2016-12-11 01:34 - 00002167 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-12-11 18:23 - 2016-12-11 18:23 - 00000904 _____ C:\Users\User\Desktop\jdw Kasp 11_12_16.txt
2016-12-11 01:38 - 2016-12-11 21:30 - 00001427 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2016-12-11 01:38 - 2016-12-11 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-12-11 01:35 - 2016-12-11 21:23 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-04 23:01 - 2016-12-04 23:01 - 00310728 _____ C:\WINDOWS\Minidump\120416-23921-01.dmp
2016-12-01 21:17 - 2016-12-01 21:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-27 11:50 - 2016-11-27 11:50 - 00441629 _____ C:\Users\User\Desktop\FLT_CSO1OK57129_0.pdf
2016-11-19 10:27 - 2016-12-14 22:03 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2016-11-18 21:45 - 2016-12-14 16:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-12-15 09:48 - 2015-08-18 20:50 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-12-15 09:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-15 09:41 - 2016-02-13 15:13 - 00000000 ___RD C:\Users\User\OneDrive
2016-12-15 09:40 - 2015-08-26 18:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-14 23:43 - 2015-02-02 20:39 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2016-12-14 23:16 - 2016-11-05 21:00 - 00001236 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001UA.job
2016-12-14 23:12 - 2013-11-27 22:20 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-14 21:16 - 2015-09-30 09:27 - 00001184 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001Core.job
2016-12-14 20:51 - 2016-07-15 21:55 - 00000000 ____D C:\AdwCleaner
2016-12-14 17:19 - 2015-03-19 14:28 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-14 17:18 - 2015-03-19 14:27 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-12-14 17:09 - 2013-11-24 11:23 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1705235364-331925899-3810876140-1001
2016-12-14 16:44 - 2014-07-26 11:40 - 00000000 ____D C:\Program Files (x86)\WISO
2016-12-14 16:43 - 2013-05-29 06:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-14 16:42 - 2014-09-04 20:33 - 00000000 ____D C:\Users\User\AppData\Roaming\DVDVideoSoft
2016-12-14 16:38 - 2014-12-27 09:33 - 00001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-14 16:38 - 2014-12-27 09:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 16:37 - 2014-03-18 11:03 - 01564806 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-14 16:37 - 2014-03-18 10:25 - 00661900 _____ C:\WINDOWS\system32\perfh007.dat
2016-12-14 16:37 - 2014-03-18 10:25 - 00135098 _____ C:\WINDOWS\system32\perfc007.dat
2016-12-14 16:37 - 2013-11-27 22:20 - 00003766 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-14 16:37 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-12-14 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-14 16:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-14 16:03 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-14 16:02 - 2013-08-22 15:44 - 00477704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-14 15:58 - 2013-12-01 19:56 - 00000000 ____D C:\Program Files\Microsoft Office
2016-12-14 15:58 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-14 15:56 - 2014-08-27 22:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-12-14 15:53 - 2014-03-18 10:40 - 00000000 ____D C:\WINDOWS\ShellNew
2016-12-14 15:52 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2016-12-14 15:52 - 2012-07-26 06:26 - 00000112 _____ C:\WINDOWS\win.ini
2016-12-14 15:46 - 2013-12-02 21:46 - 00000000 ____D C:\ProgramData\Adobe
2016-12-14 15:46 - 2013-12-02 21:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-14 01:03 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-12-13 21:40 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-13 18:03 - 2013-09-26 19:31 - 00000000 ____D C:\Users\User\Documents\Auto
2016-12-12 12:29 - 2014-01-01 19:37 - 00000000 ____D C:\Users\User\Documents\Wohnung
2016-12-12 12:16 - 2016-03-30 11:51 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-12-11 21:28 - 2016-07-28 19:56 - 01019616 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-12-11 21:28 - 2016-06-20 23:41 - 00057424 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2016-12-11 21:28 - 2015-12-03 10:12 - 00134880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2016-12-11 21:27 - 2016-06-20 17:54 - 00435032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-12-11 18:39 - 2015-08-26 18:35 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-12-11 18:20 - 2013-11-24 12:00 - 00000000 ____D C:\Users\User\AppData\Local\JDownloader v2.0
2016-12-11 01:34 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-12-11 01:33 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-12-07 22:06 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-04 23:01 - 2013-11-24 11:14 - 824054486 _____ C:\WINDOWS\MEMORY.DMP
2016-12-03 23:26 - 2014-08-30 22:38 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-02 18:30 - 2013-06-07 09:08 - 03947520 ___SH C:\Users\User\Desktop\Thumbs.db
2016-12-01 21:17 - 2013-12-08 13:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2016-12-01 21:11 - 2016-11-05 21:00 - 00004180 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001UA
2016-12-01 21:11 - 2016-11-05 21:00 - 00003800 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001Core
2016-11-19 11:25 - 2014-03-11 21:18 - 00000000 ____D C:\Users\User\Documents\Beruf
2016-11-19 11:25 - 2013-06-17 10:30 - 00000000 ____D C:\Users\User\Documents\Uni
2016-11-17 23:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2016-11-17 20:04 - 2013-11-24 15:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-17 19:46 - 2013-11-24 15:40 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-11-22 22:15 - 2013-11-24 11:27 - 0002004 _____ () C:\Users\User\AppData\Roaming\AbsoluteReminder.xml
2014-09-21 10:12 - 2014-09-21 10:12 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-03 13:05 - 2014-08-03 13:10 - 0037691 _____ () C:\Users\User\AppData\Local\WiDiSetupLog.20140803.140526.wdl
2013-05-29 06:47 - 2013-05-29 06:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
C:\Users\User\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\User\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\User\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\User\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\User\AppData\Local\Temp\proxy_vole7142710015461310899.dll
C:\Users\User\AppData\Local\Temp\vlc-2.2.4-win32.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-12-14 16:34
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 07-12-2016
durchgeführt von User (15-12-2016 09:49:09)
Gestartet von C:\Users\User\Downloads
Windows 8.1 (Update) (X64) (2014-08-27 21:38:25)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1705235364-331925899-3810876140-500 - Administrator - Disabled) => C:\Users\Administrator
Bernd (S-1-5-21-1705235364-331925899-3810876140-1021 - Administrator - Enabled) => C:\Users\Bernd
Gast (S-1-5-21-1705235364-331925899-3810876140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1705235364-331925899-3810876140-1003 - Limited - Enabled)
User (S-1-5-21-1705235364-331925899-3810876140-1001 - Administrator - Enabled) => C:\Users\User
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.2.3042.61510 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.2.3042.61510 - Alcor Micro Corp.) Hidden
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
calibre 64bit (HKLM\...\{022ED169-3871-4D3E-963E-322226C5F455}) (Version: 2.13.0 - Kovid Goyal)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{9C798E99-094E-4289-A6C8-1D5EE63AFFE3}) (Version: 4.2.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Juniper Networks Host Checker (HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Neoteris_Host_Checker) (Version: 7.1.17.28099 - Juniper Networks)
Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 7.1.17.28099 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\Juniper_Setup_Client) (Version: 7.1.17.41283 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.12.824.1 - Vimicro)
Lenovo MediaShow6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.4019 - CyberLink Corp.)
Lenovo MediaShow6 (x32 Version: 6.0.4019 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.5.75 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 de)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
myphotobook.de (x32 Version: 1.6.0 - myphotobook GmbH) Hidden
Plex Media Server (HKLM-x32\...\{9eb61479-6f2f-43c4-bfe8-12a7ea9d1acb}) (Version: 0.9.914 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.914 - Plex, Inc.) Hidden
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.4.2.4 - OpenVPN Technologies)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.15 - Synaptics Incorporated)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Lenovo Corporation (LAD) System (06/08/2012 1.0.0.3) (HKLM\...\C48768A2A32F4649238F7DCF737A260911895FDE) (Version: 06/08/2012 1.0.0.3 - Lenovo Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 5.40 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.3 - win.rar GmbH)
WISO Steuer 2014 (HKLM-x32\...\{90FBD066-7FAB-4698-AF88-E136F62CA853}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO steuer:Start 2016 (HKLM-x32\...\{05FBB017-9FB8-4CDD-9569-EA85C263E4E2}) (Version: 23.00.1146 - Buhl Data Service GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1705235364-331925899-3810876140-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01763BFF-E7F9-43D7-96F6-1EEFD6C43290} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001Core => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {09F5DE1B-3F48-4516-B8CA-2AF2A10D282A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {0CBA7208-89B1-41F0-8E7D-47DBB48B6C3D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {21942AF5-9839-4D23-BA8D-9363DEC591FC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-18] (Lenovo)
Task: {4AC36279-3B9C-401B-9EF3-FE1982F4E670} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {740E76F3-EFAB-4C75-B6FB-597383EB2406} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001UA => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {7A00E54B-2E2F-46E3-91F4-897B05EDB75B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {A3ED5BFD-5EB9-4538-9D0A-90D4F29D17E7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {A9D09BB0-DAE7-47A0-8CEC-2DAA6874BCB0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {B53498BC-A5F7-4DED-A490-25AF73409A43} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-08-13] (Intel)
Task: {B633137E-EF1A-4BE5-9AFC-6986F6A8DBC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D04CDC14-EA6A-40AF-847F-FE41F5846A5F} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001Core.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1705235364-331925899-3810876140-1001UA.job => C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d001aaea758086.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d042b0f7740a83.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-05-29 06:45 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2015-01-26 18:29 - 2015-01-26 18:29 - 00113664 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\lzo2.dll
2015-01-26 18:29 - 2015-01-26 18:29 - 01034752 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\libxml2.dll
2016-07-17 11:47 - 2016-07-17 11:47 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\5cc2cf6e9f5e45736eb5075f8c0329a2\PSIClient.ni.dll
2013-05-29 06:31 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-12-14 15:28 - 2015-12-14 15:28 - 00078808 _____ () C:\Program Files\Lenovo\iMController\AutoUpdate.exe
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Temp:AD022376 [125]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2016-02-07 16:17 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\StartupFolder: => "PrivateTunnel.lnk"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "Smart Update"
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1705235364-331925899-3810876140-1001\...\StartupApproved\Run: => "Skype"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{2CB2A4ED-B51B-4DFD-B9BE-713486DF5046}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [UDP Query User{3470FDDA-E8C0-4B64-B071-01CB6EB470B6}C:\users\user\videos\verschiedene dateien\microsoft.toolkit.v2.4.5\microsoft toolkit.exe] => C:\users\user\videos\verschiedene dateien\microsoft.toolkit.v2.4.5\microsoft toolkit.exe
FirewallRules: [TCP Query User{8DCBC302-FDF5-400A-BD94-CC121DEB4B98}C:\users\user\videos\verschiedene dateien\microsoft.toolkit.v2.4.5\microsoft toolkit.exe] => C:\users\user\videos\verschiedene dateien\microsoft.toolkit.v2.4.5\microsoft toolkit.exe
FirewallRules: [UDP Query User{8E294404-07D9-4560-976C-116484006948}C:\users\user\appdata\local\temp\rarsfx1\bie_kms.exe] => C:\users\user\appdata\local\temp\rarsfx1\bie_kms.exe
FirewallRules: [TCP Query User{F3A413B2-7FE6-4631-B142-6345380951C6}C:\users\user\appdata\local\temp\rarsfx1\bie_kms.exe] => C:\users\user\appdata\local\temp\rarsfx1\bie_kms.exe
FirewallRules: [{85C48FC8-4EF1-4E9A-BBAF-66A0AD15EBA4}] => C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{08FCB043-8794-44E8-BEE3-7D6B2F853478}] => C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{B338BACE-2989-469B-AC27-813CA7C9866C}C:\users\user\appdata\local\temp\rarsfx0\bie_kms.exe] => C:\users\user\appdata\local\temp\rarsfx0\bie_kms.exe
FirewallRules: [TCP Query User{C3EDB401-6616-446D-8509-CD9E495A9217}C:\users\user\appdata\local\temp\rarsfx0\bie_kms.exe] => C:\users\user\appdata\local\temp\rarsfx0\bie_kms.exe
FirewallRules: [UDP Query User{1D80F0CD-CAE7-456F-9301-1D60FCD4A93B}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [TCP Query User{925EB48B-468C-4F0B-B3F7-4536392679F1}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [{8AB9F1BA-9F6E-4D3C-9DAE-B4FACC026426}] => C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C6DC0735-3082-4684-8F53-90F274FF9E17}] => C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0561741A-FD1C-4E3A-B4D4-6D175E9944DD}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{CEF71AF0-42FE-4FCC-9B56-ABD2B7C82C48}] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{709AE15F-11E0-4593-BE57-0ADE7DA13666}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{73D03D39-EFE4-4CF6-BBE0-68B45DD5D2C2}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [TCP Query User{25F746E9-4161-445B-AE56-733C879C8948}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{FA6DB062-4B90-4DD0-9C5F-A182FCE42693}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{8A4FCC4E-EB73-4D7D-AB7B-E7B4AF284CF9}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6F94A576-8D06-4AFC-96DC-382D1BE1EE79}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{731806F7-B5F8-4BAA-A085-A38CE1ABC851}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CFA33571-2DE4-49D0-AC04-99CB1FD0A2C0}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D95582E7-6446-443F-819B-F3A8D4F43BA3}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6C64DCBF-C09C-4270-BAEC-298C5E2407BA}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{48863F50-98E6-4BBE-9975-BB0D8AEAFD01}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D7AE42B-7551-401E-BEC9-4E7894CD259E}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{64720FDC-E8E4-481B-B05D-66437B455F5A}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B5E23924-A6B5-4ABA-91C4-ED92B4F5C959}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F2B1FFE6-449F-4B16-A01A-772AE6497404}] => C:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales 2\Windows\BouT2.exe
FirewallRules: [{37C601B5-A6CD-4690-B6E2-2B64AE869B65}] => C:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales 2\Windows\BouT2.exe
FirewallRules: [{6EC84F94-7877-4132-8449-B75D1A103398}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B798D52D-9FB5-41F1-AF28-709428829D18}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{758A37CB-A743-462D-8EA9-89F6AE9E1BDE}] => C:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales 2\Windows\BouT2.exe
FirewallRules: [{62DDAAE0-49BC-4648-A417-F730CAAAE4C4}] => C:\Program Files (x86)\Steam\steamapps\common\The Book of Unwritten Tales 2\Windows\BouT2.exe
FirewallRules: [TCP Query User{55E03C55-2BFF-4816-B134-467D5B5E2026}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{53DCDD63-2058-48BF-9974-17AFC74C2E07}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5C8447EC-4A5D-46E6-B149-FC7A144B41F7}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D977C42C-18DE-40BA-8B04-8F2229CD8F41}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Wiederherstellungspunkte =========================
17-11-2016 19:42:50 Windows Update
03-12-2016 21:39:47 Geplanter Prüfpunkt
13-12-2016 21:34:02 Geplanter Prüfpunkt
14-12-2016 15:42:24 Removed Adobe Acrobat XI Pro.
14-12-2016 15:48:05 Removed Microsoft Office Professional Plus 2010
14-12-2016 20:56:04 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/15/2016 09:45:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_PcaSvc, Version: 6.3.9600.17415, Zeitstempel: 0x54504177
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000008
Fehleroffset: 0x00000000000925fa
ID des fehlerhaften Prozesses: 0x4d8
Startzeit der fehlerhaften Anwendung: 0x01d2561b37c268f6
Pfad der fehlerhaften Anwendung: C:\WINDOWS\System32\svchost.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: da7c5e62-c2a2-11e6-bf84-089e012cf948
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/14/2016 06:56:19 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/14/2016 06:56:18 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/14/2016 06:50:41 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/14/2016 06:50:39 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/14/2016 05:15:22 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/14/2016 05:15:21 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/14/2016 05:09:44 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/14/2016 05:09:43 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (12/14/2016 04:11:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.17415 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1104
Startzeit: 01d2561baecea6fc
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\backgroundTaskHost.exe
Berichts-ID: a166ad9f-c20f-11e6-bf84-089e012cf948
Vollständiger Name des fehlerhaften Pakets: E046963F.LenovoCompanion_2.2.26.0_x86__k1h2ywk1493x8
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Systemfehler:
=============
Error: (12/15/2016 09:51:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Microsoft.BingMaps
Error: (12/14/2016 09:16:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Microsoft.BingMaps
Error: (12/14/2016 08:40:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Microsoft.BingMaps
Error: (12/14/2016 04:09:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (12/14/2016 04:07:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (12/14/2016 04:07:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error: (12/14/2016 04:06:41 PM) (Source: DCOM) (EventID: 10010) (User: IDEA-PC)
Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/14/2016 04:06:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
Die digitale Signatur dieser Datei kann nicht überprüft werden. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um böswillige Software aus einer unbekannten Quelle handelt, installiert.
Error: (12/14/2016 04:05:25 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/14/2016 04:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann den angegebenen Pfad nicht finden.
CodeIntegrity:
===================================
Date: 2016-12-14 16:06:25.716
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-14 14:47:00.502
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-11 21:36:16.998
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-11 18:37:30.604
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-09 21:05:57.061
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-08 21:52:35.405
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-07 21:01:23.461
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-05 08:25:47.326
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-05 08:09:45.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-12-04 19:59:47.382
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Prozentuale Nutzung des RAM: 53%
Installierter physikalischer RAM: 3954.72 MB
Verfügbarer physikalischer RAM: 1832.83 MB
Summe virtueller Speicher: 7922.72 MB
Verfügbarer virtueller Speicher: 5337.29 MB
==================== Laufwerke ================================
Drive c: (Windows8_OS) (Fixed) (Total:417.99 GB) (Free:199.23 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:18.69 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 22.4 GB) (Disk ID: E3B041A2)
Partition: GPT.
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: E3B041A1)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
15.12.2016, 11:23
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Generic - Entdeckt und desinfiziert durch Kaspersky FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => Keine Datei
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => Keine Datei
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
C:\Program Files\AVAST Software
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.12.2016, 12:10
| #12 |
| | FRST FixlogCode:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 07-12-2016
durchgeführt von User (15-12-2016 11:45:04) Run:1
Gestartet von C:\Users\User\Downloads
Geladene Profile: User (Verfügbare Profile: User & Bernd & Administrator)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => Keine Datei
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll => Keine Datei
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
C:\Program Files\AVAST Software
emptytemp:
*****************
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Schlüssel nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Schlüssel erfolgreich entfernt
"HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Schlüssel erfolgreich entfernt
"HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Schlüssel erfolgreich entfernt
AvastVBoxSvc => Dienst erfolgreich entfernt
gupdate => Dienst erfolgreich entfernt
gupdatem => Dienst erfolgreich entfernt
VBoxAswDrv => Dienst erfolgreich entfernt
"C:\Program Files\AVAST Software" => nicht gefunden.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 107892714 B
Java, Flash, Steam htmlcache => 11632292 B
Windows/system/drivers => 63989841 B
Edge => 0 B
Chrome => 0 B
Firefox => 379908879 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 95708 B
NetworkService => 0 B
User => 181978692 B
Bernd => 0 B
Administrator => 0 B
RecycleBin => 0 B
EmptyTemp: => 719 MB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 11:46:10 ====
|
|
15.12.2016, 13:13
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Generic - Entdeckt und desinfiziert durch Kaspersky Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte: 1. Schritt: MBAM Downloade Dir bitte  Malwarebytes Anti-Malware
2. Schritt: ESET ESET Online Scanner
3. Schritt: SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.12.2016, 10:53
| #14 |
| | Mbam 15.12.2016Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 15.12.2016 Suchlaufzeit: 21:57 Protokolldatei: mbam151216.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.12.15.17 Rootkit-Datenbank: v2016.11.20.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: User Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 415144 Abgelaufene Zeit: 38 Min., 36 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=57c5239acfd1524aa004551b3310a56c
# end=init
# utc_time=2016-12-15 10:21:12
# local_time=2016-12-15 11:21:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 31749
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=57c5239acfd1524aa004551b3310a56c
# end=updated
# utc_time=2016-12-15 10:24:40
# local_time=2016-12-15 11:24:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=57c5239acfd1524aa004551b3310a56c
# engine=31749
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-12-16 03:11:04
# local_time=2016-12-16 04:11:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1313 16777213 100 100 62356 14788398 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 23427313 83575532 0 0
# scanned=436540
# found=1
# cleaned=0
# scan_time=17184
sh=1447092BA29779C726829611180994E17718C412 ft=1 fh=23f22b72eb3a5b90 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="D:\Application\PDFCreator-1_7_2_setup_offline.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.009
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 111
Java version 32-bit out of Date!
Adobe Flash Player 24.0.0.186
Mozilla Firefox (50.1.0)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Secure Connection 1.0 ksde.exe
Kaspersky Lab Kaspersky Secure Connection 1.0 ksdeui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Also Java Updaten und die Pdf-Creator Setup entfernen? Dachte Windows 8 wäre ein 64-Bit System. Bin gerade aber auch noch etwas verschlafen. Der Pdf-Creator war/ist Freeware. Noch aus der Zeit, da ich kein Office hatte mit dem ich direkt als pdf abspeichern konnte. Was ich heute früh vergessen hatte zu schreiben:
Seit dem Hochfahren nach dem Security Check wird Firefox in der Taskleiste als weißes Blatt dargestellt. Auch ein Neustarten und lösen von der Taskleiste haben nicht geholfen. Soll ich Firefox neuinstallieren? |
|
16.12.2016, 17:24
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Generic - Entdeckt und desinfiziert durch Kaspersky Probleme im Firefox stecken zu oft im Profil, neu installieren bringt daher wenig bis garnix. Erstell dir mal ein neues Profil und teste: Firefox => http://support.mozilla.com/de/kb/Profile%20verwalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojan.Win32.Generic - Entdeckt und desinfiziert durch Kaspersky |
| computer, converter, desktop, device driver, firefox, flash player, home, internet, internet explorer, kaspersky, mozilla, mp3, proxy, prozesse, registry, rundll, scan, security, starten, svchost.exe, system, trojaner, updates, usb, windows, wiso |
Linear-Darstellung
