| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner AnzeichenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
17.02.2017, 02:07
| #1 |
 |  GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen und hier der zweite Teil von TDS Killer Code:
ATTFilter
19:58:42.0663 0x1d8c PNRPsvc - ok
19:58:42.0673 0x1d8c [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:58:42.0693 0x1d8c PolicyAgent - ok
19:58:42.0699 0x1d8c [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power C:\Windows\system32\umpo.dll
19:58:42.0711 0x1d8c Power - ok
19:58:42.0716 0x1d8c [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport C:\Windows\System32\drivers\raspptp.sys
19:58:42.0730 0x1d8c PptpMiniport - ok
19:58:42.0787 0x1d8c [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
19:58:42.0877 0x1d8c PrintNotify - ok
19:58:42.0886 0x1d8c [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor C:\Windows\System32\drivers\processr.sys
19:58:42.0897 0x1d8c Processor - ok
19:58:42.0908 0x1d8c [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc C:\Windows\system32\profsvc.dll
19:58:42.0927 0x1d8c ProfSvc - ok
19:58:42.0932 0x1d8c [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched C:\Windows\system32\drivers\pacer.sys
19:58:42.0942 0x1d8c Psched - ok
19:58:42.0983 0x1d8c [ 75FFEA6D90AE32FCFB618A8CE39BA151, ABB0CABF6F6A9B7EF0D39BCEEFBAAAB1DB79EDFECE3099803D96CAFAD4276A61 ] Qcamain10x64 C:\Windows\System32\drivers\Qcamain10x64.sys
19:58:43.0040 0x1d8c Qcamain10x64 - ok
19:58:43.0051 0x1d8c [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE C:\Windows\system32\qwave.dll
19:58:43.0072 0x1d8c QWAVE - ok
19:58:43.0077 0x1d8c [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:58:43.0089 0x1d8c QWAVEdrv - ok
19:58:43.0094 0x1d8c [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:58:43.0106 0x1d8c RasAcd - ok
19:58:43.0117 0x1d8c [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn C:\Windows\System32\drivers\AgileVpn.sys
19:58:43.0131 0x1d8c RasAgileVpn - ok
19:58:43.0137 0x1d8c [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto C:\Windows\System32\rasauto.dll
19:58:43.0151 0x1d8c RasAuto - ok
19:58:43.0156 0x1d8c [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp C:\Windows\System32\drivers\rasl2tp.sys
19:58:43.0171 0x1d8c Rasl2tp - ok
19:58:43.0188 0x1d8c [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan C:\Windows\System32\rasmans.dll
19:58:43.0214 0x1d8c RasMan - ok
19:58:43.0219 0x1d8c [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe C:\Windows\System32\drivers\raspppoe.sys
19:58:43.0230 0x1d8c RasPppoe - ok
19:58:43.0237 0x1d8c [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp C:\Windows\System32\drivers\rassstp.sys
19:58:43.0254 0x1d8c RasSstp - ok
19:58:43.0267 0x1d8c [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:58:43.0285 0x1d8c rdbss - ok
19:58:43.0290 0x1d8c [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
19:58:43.0300 0x1d8c rdpbus - ok
19:58:43.0309 0x1d8c [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:58:43.0323 0x1d8c RDPDR - ok
19:58:43.0332 0x1d8c [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:58:43.0342 0x1d8c RdpVideoMiniport - ok
19:58:43.0351 0x1d8c [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:58:43.0366 0x1d8c rdyboost - ok
19:58:43.0388 0x1d8c [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1 C:\Windows\system32\drivers\ReFSv1.sys
19:58:43.0416 0x1d8c ReFSv1 - ok
19:58:43.0428 0x1d8c [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:58:43.0449 0x1d8c RemoteAccess - ok
19:58:43.0455 0x1d8c [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:58:43.0472 0x1d8c RemoteRegistry - ok
19:58:43.0486 0x1d8c [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo C:\Windows\system32\RDXService.dll
19:58:43.0512 0x1d8c RetailDemo - ok
19:58:43.0520 0x1d8c [ E82F3B1918C6A5FE6EB761CDF1E772AF, 0C993FCB7BFD6E01B70A1821E0DEAFA2CB241AF8C2E6D4CC120F59C1B5F6FF5F ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
19:58:43.0535 0x1d8c RFCOMM - ok
19:58:43.0542 0x1d8c [ 7ADF6A8AB2596FD91C08E8F387266FD0, CDC58ED2B15B7209A46E0523F8F061D5A638B19CEFFC4010E5D3E3A071221B51 ] RfeCoSvc C:\Windows\system32\DRIVERS\RfeCo10X64.sys
19:58:43.0548 0x1d8c RfeCoSvc - ok
19:58:43.0558 0x1d8c [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc C:\Windows\System32\RMapi.dll
19:58:43.0574 0x1d8c RmSvc - ok
19:58:43.0581 0x1d8c [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:58:43.0597 0x1d8c RpcEptMapper - ok
19:58:43.0602 0x1d8c [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator C:\Windows\system32\locator.exe
19:58:43.0615 0x1d8c RpcLocator - ok
19:58:43.0634 0x1d8c [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs C:\Windows\system32\rpcss.dll
19:58:43.0668 0x1d8c RpcSs - ok
19:58:43.0674 0x1d8c [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr C:\Windows\system32\drivers\rspndr.sys
19:58:43.0685 0x1d8c rspndr - ok
19:58:43.0701 0x1d8c [ 96CB7822C76EC1F24909D58350DA7DA7, 9F98CA000E24C40EBB2CE89D9547D05AF9D871E231BA30D6FD613D19F97A7355 ] RTSPER C:\Windows\system32\DRIVERS\RtsPer.sys
19:58:43.0720 0x1d8c RTSPER - ok
19:58:43.0724 0x1d8c [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
19:58:43.0733 0x1d8c s3cap - ok
19:58:43.0736 0x1d8c [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs C:\Windows\system32\lsass.exe
19:58:43.0745 0x1d8c SamSs - ok
19:58:43.0751 0x1d8c [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:58:43.0759 0x1d8c sbp2port - ok
19:58:43.0768 0x1d8c [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:58:43.0784 0x1d8c SCardSvr - ok
19:58:43.0790 0x1d8c [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
19:58:43.0805 0x1d8c ScDeviceEnum - ok
19:58:43.0808 0x1d8c [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:58:43.0818 0x1d8c scfilter - ok
19:58:43.0837 0x1d8c [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule C:\Windows\system32\schedsvc.dll
19:58:43.0874 0x1d8c Schedule - ok
19:58:43.0879 0x1d8c [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus C:\Windows\system32\drivers\scmbus.sys
19:58:43.0888 0x1d8c scmbus - ok
19:58:43.0894 0x1d8c [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101 C:\Windows\System32\drivers\scmdisk0101.sys
19:58:43.0905 0x1d8c scmdisk0101 - ok
19:58:43.0911 0x1d8c [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:58:43.0925 0x1d8c SCPolicySvc - ok
19:58:43.0933 0x1d8c [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus C:\Windows\System32\drivers\sdbus.sys
19:58:43.0945 0x1d8c sdbus - ok
19:58:43.0952 0x1d8c [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:58:43.0966 0x1d8c SDRSVC - ok
19:58:43.0970 0x1d8c [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor C:\Windows\System32\drivers\sdstor.sys
19:58:43.0981 0x1d8c sdstor - ok
19:58:43.0984 0x1d8c [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon C:\Windows\system32\seclogon.dll
19:58:43.0994 0x1d8c seclogon - ok
19:58:43.0998 0x1d8c [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS C:\Windows\System32\sens.dll
19:58:44.0017 0x1d8c SENS - ok
19:58:44.0052 0x1d8c [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\Windows\System32\SensorDataService.exe
19:58:44.0096 0x1d8c SensorDataService - ok
19:58:44.0110 0x1d8c [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService C:\Windows\system32\SensorService.dll
19:58:44.0129 0x1d8c SensorService - ok
19:58:44.0136 0x1d8c [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:58:44.0149 0x1d8c SensrSvc - ok
19:58:44.0154 0x1d8c [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx C:\Windows\system32\drivers\SerCx.sys
19:58:44.0161 0x1d8c SerCx - ok
19:58:44.0167 0x1d8c [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
19:58:44.0176 0x1d8c SerCx2 - ok
19:58:44.0179 0x1d8c [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum C:\Windows\System32\drivers\serenum.sys
19:58:44.0188 0x1d8c Serenum - ok
19:58:44.0192 0x1d8c [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial C:\Windows\System32\drivers\serial.sys
19:58:44.0203 0x1d8c Serial - ok
19:58:44.0206 0x1d8c [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse C:\Windows\System32\drivers\sermouse.sys
19:58:44.0214 0x1d8c sermouse - ok
19:58:44.0228 0x1d8c [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv C:\Windows\system32\sessenv.dll
19:58:44.0246 0x1d8c SessionEnv - ok
19:58:44.0251 0x1d8c [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
19:58:44.0260 0x1d8c sfloppy - ok
19:58:44.0271 0x1d8c [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:58:44.0293 0x1d8c SharedAccess - ok
19:58:44.0308 0x1d8c [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:58:44.0337 0x1d8c ShellHWDetection - ok
19:58:44.0343 0x1d8c [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc C:\Windows\system32\Windows.SharedPC.AccountManager.dll
19:58:44.0357 0x1d8c shpamsvc - ok
19:58:44.0361 0x1d8c [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:58:44.0369 0x1d8c SiSRaid2 - ok
19:58:44.0372 0x1d8c [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:58:44.0382 0x1d8c SiSRaid4 - ok
19:58:44.0390 0x1d8c [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:58:44.0402 0x1d8c SkypeUpdate - ok
19:58:44.0409 0x1d8c [ DDACBE2EFD5143E24EE59B0F460F25BA, 6637E0D664DA4BA2BFDB0B95545F902DC20527EE89D42C84579182A4553DD126 ] SmbDrv C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
19:58:44.0415 0x1d8c SmbDrv - ok
19:58:44.0418 0x1d8c [ 6E8FFE699A6374DEE76056E907841EA4, 5C0098287251B91A38A1992E6FBCCA2540892D44E4A0D85CD7990E860531F35A ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
19:58:44.0423 0x1d8c SmbDrvI - ok
19:58:44.0427 0x1d8c [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost C:\Windows\System32\smphost.dll
19:58:44.0437 0x1d8c smphost - ok
19:58:44.0451 0x1d8c [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter C:\Windows\system32\SmsRouterSvc.dll
19:58:44.0476 0x1d8c SmsRouter - ok
19:58:44.0481 0x1d8c [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:58:44.0491 0x1d8c SNMPTRAP - ok
19:58:44.0503 0x1d8c [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport C:\Windows\system32\drivers\spaceport.sys
19:58:44.0521 0x1d8c spaceport - ok
19:58:44.0527 0x1d8c [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
19:58:44.0536 0x1d8c SpbCx - ok
19:58:44.0552 0x1d8c [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler C:\Windows\System32\spoolsv.exe
19:58:44.0581 0x1d8c Spooler - ok
19:58:44.0673 0x1d8c [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc C:\Windows\system32\sppsvc.exe
19:58:44.0786 0x1d8c sppsvc - ok
19:58:44.0802 0x1d8c [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv C:\Windows\system32\DRIVERS\srv.sys
19:58:44.0820 0x1d8c srv - ok
19:58:44.0836 0x1d8c [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:58:44.0862 0x1d8c srv2 - ok
19:58:44.0870 0x1d8c [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:58:44.0886 0x1d8c srvnet - ok
19:58:44.0890 0x1d8c [ AFC159BDB8CD5A804D015D8A3624ECC6, 863150170D7F84D793C7CECD40439A5B46D337A8B904183ED8C53FDA9FB71091 ] ssdevfactory C:\Windows\System32\drivers\ssdevfactory.sys
19:58:44.0895 0x1d8c ssdevfactory - ok
19:58:44.0904 0x1d8c [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:58:44.0919 0x1d8c SSDPSRV - ok
19:58:44.0923 0x1d8c [ EB6CA2EC412203040E8C4A1438FE06CA, DB11D1956B6D5AED66A1E7F98EF889529137714E6FE697FAEE50CFBA3BD4011A ] sshid C:\Windows\System32\drivers\sshid.sys
19:58:44.0928 0x1d8c sshid - ok
19:58:44.0933 0x1d8c [ 7A99510EFC61C305CF61F44B6859E075, 7C97189B52A142E3EED7ED121D1629D4F1A015B04EFCB008FA822FDE14666468 ] ssps2 C:\Windows\System32\drivers\ssps2.sys
19:58:44.0938 0x1d8c ssps2 - ok
19:58:44.0944 0x1d8c [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:58:44.0959 0x1d8c SstpSvc - ok
19:58:45.0030 0x1d8c [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\Windows\system32\windows.staterepository.dll
19:58:45.0142 0x1d8c StateRepository - ok
19:58:45.0176 0x1d8c [ 596DC69BB40A96FCA4B19D9D1E221E34, 3469D3B2E9A88E39C14AE2E3DD5EC3D91FBB88CA568D794555B397B50E64AB15 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:58:45.0203 0x1d8c Steam Client Service - ok
19:58:45.0207 0x1d8c [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:58:45.0216 0x1d8c stexstor - ok
19:58:45.0230 0x1d8c [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc C:\Windows\System32\wiaservc.dll
19:58:45.0256 0x1d8c stisvc - ok
19:58:45.0262 0x1d8c [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci C:\Windows\system32\drivers\storahci.sys
19:58:45.0271 0x1d8c storahci - ok
19:58:45.0275 0x1d8c [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:58:45.0284 0x1d8c storflt - ok
19:58:45.0288 0x1d8c [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme C:\Windows\system32\drivers\stornvme.sys
19:58:45.0297 0x1d8c stornvme - ok
19:58:45.0301 0x1d8c [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt C:\Windows\system32\drivers\storqosflt.sys
19:58:45.0311 0x1d8c storqosflt - ok
19:58:45.0322 0x1d8c [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc C:\Windows\system32\storsvc.dll
19:58:45.0341 0x1d8c StorSvc - ok
19:58:45.0344 0x1d8c [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs C:\Windows\system32\drivers\storufs.sys
19:58:45.0352 0x1d8c storufs - ok
19:58:45.0355 0x1d8c [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:58:45.0362 0x1d8c storvsc - ok
19:58:45.0366 0x1d8c [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc C:\Windows\system32\svsvc.dll
19:58:45.0378 0x1d8c svsvc - ok
19:58:45.0381 0x1d8c [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum C:\Windows\System32\drivers\swenum.sys
19:58:45.0389 0x1d8c swenum - ok
19:58:45.0400 0x1d8c [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv C:\Windows\System32\swprv.dll
19:58:45.0423 0x1d8c swprv - ok
19:58:45.0427 0x1d8c [ E542C084F75E441550FB5D27B3557E96, 61691BD0587CD11DBA674F1C48F4C50049D964DC1C8B949925EA51097B89AA14 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:58:45.0434 0x1d8c SymEvent - ok
19:58:45.0438 0x1d8c [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc C:\Windows\System32\drivers\Synth3dVsc.sys
19:58:45.0448 0x1d8c Synth3dVsc - ok
19:58:45.0466 0x1d8c [ CF5FA695682D9C3305C67FD2A1B22478, DB8B28D569B9CE36A4816C3FC5E63BDCA1847C1CE061FC2AC37FCBCA6D2E036B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:58:45.0486 0x1d8c SynTP - ok
19:58:45.0494 0x1d8c [ 7C5A6BDF05A77BFB37FB0071E3810E65, E67A601405B77550547ABD4B6FB1A99ADFA956314BFF9A3C35B42945B00175A2 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
19:58:45.0503 0x1d8c SynTPEnhService - ok
19:58:45.0522 0x1d8c [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain C:\Windows\system32\sysmain.dll
19:58:45.0559 0x1d8c SysMain - ok
19:58:45.0569 0x1d8c [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
19:58:45.0589 0x1d8c SystemEventsBroker - ok
19:58:45.0594 0x1d8c [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:58:45.0607 0x1d8c TabletInputService - ok
19:58:45.0615 0x1d8c [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:58:45.0633 0x1d8c TapiSrv - ok
19:58:45.0674 0x1d8c [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:58:45.0729 0x1d8c Tcpip - ok
19:58:45.0774 0x1d8c [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6 C:\Windows\system32\drivers\tcpip.sys
19:58:45.0827 0x1d8c Tcpip6 - ok
19:58:45.0835 0x1d8c [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:58:45.0845 0x1d8c tcpipreg - ok
19:58:45.0852 0x1d8c [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:58:45.0864 0x1d8c tdx - ok
19:58:45.0868 0x1d8c [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt C:\Windows\System32\drivers\terminpt.sys
19:58:45.0876 0x1d8c terminpt - ok
19:58:45.0894 0x1d8c [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService C:\Windows\System32\termsrv.dll
19:58:45.0929 0x1d8c TermService - ok
19:58:45.0935 0x1d8c [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes C:\Windows\system32\themeservice.dll
19:58:45.0951 0x1d8c Themes - ok
19:58:45.0959 0x1d8c [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\Windows\system32\TieringEngineService.exe
19:58:45.0979 0x1d8c TieringEngineService - ok
19:58:45.0991 0x1d8c [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\Windows\system32\tileobjserver.dll
19:58:46.0015 0x1d8c tiledatamodelsvc - ok
19:58:46.0021 0x1d8c [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc C:\Windows\System32\TimeBrokerServer.dll
19:58:46.0034 0x1d8c TimeBrokerSvc - ok
19:58:46.0040 0x1d8c [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM C:\Windows\System32\drivers\tpm.sys
19:58:46.0053 0x1d8c TPM - ok
19:58:46.0057 0x1d8c [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks C:\Windows\System32\trkwks.dll
19:58:46.0070 0x1d8c TrkWks - ok
19:58:46.0074 0x1d8c [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:58:46.0085 0x1d8c TrustedInstaller - ok
19:58:46.0091 0x1d8c [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt C:\Windows\system32\drivers\TsUsbFlt.sys
19:58:46.0100 0x1d8c tsusbflt - ok
19:58:46.0103 0x1d8c [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
19:58:46.0112 0x1d8c TsUsbGD - ok
19:58:46.0117 0x1d8c [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel C:\Windows\System32\drivers\tunnel.sys
19:58:46.0129 0x1d8c tunnel - ok
19:58:46.0134 0x1d8c [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate C:\Windows\system32\tzautoupdate.dll
19:58:46.0145 0x1d8c tzautoupdate - ok
19:58:46.0150 0x1d8c [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
19:58:46.0158 0x1d8c UASPStor - ok
19:58:46.0162 0x1d8c [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101 C:\Windows\system32\Drivers\UcmCx.sys
19:58:46.0172 0x1d8c UcmCx0101 - ok
19:58:46.0176 0x1d8c [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101 C:\Windows\system32\Drivers\UcmTcpciCx.sys
19:58:46.0187 0x1d8c UcmTcpciCx0101 - ok
19:58:46.0190 0x1d8c [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi C:\Windows\System32\drivers\UcmUcsi.sys
19:58:46.0200 0x1d8c UcmUcsi - ok
19:58:46.0206 0x1d8c [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000 C:\Windows\system32\drivers\ucx01000.sys
19:58:46.0217 0x1d8c Ucx01000 - ok
19:58:46.0220 0x1d8c [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx C:\Windows\system32\drivers\udecx.sys
19:58:46.0229 0x1d8c UdeCx - ok
19:58:46.0238 0x1d8c [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:58:46.0257 0x1d8c udfs - ok
19:58:46.0260 0x1d8c [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI C:\Windows\System32\drivers\UEFI.sys
19:58:46.0268 0x1d8c UEFI - ok
19:58:46.0275 0x1d8c [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000 C:\Windows\system32\drivers\ufx01000.sys
19:58:46.0287 0x1d8c Ufx01000 - ok
19:58:46.0291 0x1d8c [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea C:\Windows\System32\drivers\UfxChipidea.sys
19:58:46.0300 0x1d8c UfxChipidea - ok
19:58:46.0305 0x1d8c [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys C:\Windows\System32\drivers\ufxsynopsys.sys
19:58:46.0314 0x1d8c ufxsynopsys - ok
19:58:46.0320 0x1d8c [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:58:46.0332 0x1d8c UI0Detect - ok
19:58:46.0335 0x1d8c [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus C:\Windows\System32\drivers\umbus.sys
19:58:46.0345 0x1d8c umbus - ok
19:58:46.0348 0x1d8c [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass C:\Windows\System32\drivers\umpass.sys
19:58:46.0357 0x1d8c UmPass - ok
19:58:46.0365 0x1d8c [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService C:\Windows\System32\umrdp.dll
19:58:46.0380 0x1d8c UmRdpService - ok
19:58:46.0408 0x1d8c [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc C:\Windows\System32\unistore.dll
19:58:46.0451 0x1d8c UnistoreSvc - ok
19:58:46.0464 0x1d8c [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost C:\Windows\System32\upnphost.dll
19:58:46.0489 0x1d8c upnphost - ok
19:58:46.0494 0x1d8c [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea C:\Windows\System32\drivers\urschipidea.sys
19:58:46.0501 0x1d8c UrsChipidea - ok
19:58:46.0505 0x1d8c [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000 C:\Windows\system32\drivers\urscx01000.sys
19:58:46.0514 0x1d8c UrsCx01000 - ok
19:58:46.0517 0x1d8c [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys C:\Windows\System32\drivers\urssynopsys.sys
19:58:46.0524 0x1d8c UrsSynopsys - ok
19:58:46.0530 0x1d8c [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
19:58:46.0539 0x1d8c usbccgp - ok
19:58:46.0544 0x1d8c [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir C:\Windows\System32\drivers\usbcir.sys
19:58:46.0555 0x1d8c usbcir - ok
19:58:46.0559 0x1d8c [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci C:\Windows\System32\drivers\usbehci.sys
19:58:46.0568 0x1d8c usbehci - ok
19:58:46.0579 0x1d8c [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub C:\Windows\System32\drivers\usbhub.sys
19:58:46.0595 0x1d8c usbhub - ok
19:58:46.0608 0x1d8c [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
19:58:46.0628 0x1d8c USBHUB3 - ok
19:58:46.0633 0x1d8c [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci C:\Windows\System32\drivers\usbohci.sys
19:58:46.0641 0x1d8c usbohci - ok
19:58:46.0644 0x1d8c [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint C:\Windows\System32\drivers\usbprint.sys
19:58:46.0653 0x1d8c usbprint - ok
19:58:46.0657 0x1d8c [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser C:\Windows\System32\drivers\usbser.sys
19:58:46.0667 0x1d8c usbser - ok
19:58:46.0671 0x1d8c [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
19:58:46.0681 0x1d8c USBSTOR - ok
19:58:46.0685 0x1d8c [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
19:58:46.0693 0x1d8c usbuhci - ok
19:58:46.0700 0x1d8c [ B4F448F2424492F99F83D3676A453553, 42F1396616EA93BF91EA847B185C321B189F1A5138CA19D22397E8DB6D576973 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:58:46.0716 0x1d8c usbvideo - ok
19:58:46.0725 0x1d8c [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
19:58:46.0740 0x1d8c USBXHCI - ok
19:58:46.0766 0x1d8c [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc C:\Windows\System32\userdataservice.dll
19:58:46.0812 0x1d8c UserDataSvc - ok
19:58:46.0834 0x1d8c [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager C:\Windows\System32\usermgr.dll
19:58:46.0870 0x1d8c UserManager - ok
19:58:46.0882 0x1d8c [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc C:\Windows\system32\usocore.dll
19:58:46.0906 0x1d8c UsoSvc - ok
19:58:46.0910 0x1d8c [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc C:\Windows\system32\lsass.exe
19:58:46.0918 0x1d8c VaultSvc - ok
19:58:46.0922 0x1d8c [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:58:46.0930 0x1d8c vdrvroot - ok
19:58:46.0944 0x1d8c [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds C:\Windows\System32\vds.exe
19:58:46.0972 0x1d8c vds - ok
19:58:46.0981 0x1d8c [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
19:58:46.0991 0x1d8c VerifierExt - ok
19:58:47.0006 0x1d8c [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
19:58:47.0027 0x1d8c vhdmp - ok
19:58:47.0031 0x1d8c [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf C:\Windows\System32\drivers\vhf.sys
19:58:47.0040 0x1d8c vhf - ok
19:58:47.0044 0x1d8c [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:58:47.0053 0x1d8c vmbus - ok
19:58:47.0056 0x1d8c [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
19:58:47.0065 0x1d8c VMBusHID - ok
19:58:47.0068 0x1d8c [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid C:\Windows\System32\drivers\vmgid.sys
19:58:47.0076 0x1d8c vmgid - ok
19:58:47.0084 0x1d8c [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\Windows\System32\icsvc.dll
19:58:47.0104 0x1d8c vmicguestinterface - ok
19:58:47.0115 0x1d8c [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat C:\Windows\System32\icsvc.dll
19:58:47.0133 0x1d8c vmicheartbeat - ok
19:58:47.0141 0x1d8c [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\Windows\System32\icsvc.dll
19:58:47.0158 0x1d8c vmickvpexchange - ok
19:58:47.0168 0x1d8c [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv C:\Windows\System32\icsvcext.dll
19:58:47.0190 0x1d8c vmicrdv - ok
19:58:47.0200 0x1d8c [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown C:\Windows\System32\icsvc.dll
19:58:47.0218 0x1d8c vmicshutdown - ok
19:58:47.0226 0x1d8c [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync C:\Windows\System32\icsvc.dll
19:58:47.0242 0x1d8c vmictimesync - ok
19:58:47.0249 0x1d8c [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession C:\Windows\System32\icsvc.dll
19:58:47.0265 0x1d8c vmicvmsession - ok
19:58:47.0273 0x1d8c [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss C:\Windows\System32\icsvcext.dll
19:58:47.0291 0x1d8c vmicvss - ok
19:58:47.0297 0x1d8c [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:58:47.0306 0x1d8c volmgr - ok
19:58:47.0316 0x1d8c [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:58:47.0329 0x1d8c volmgrx - ok
19:58:47.0338 0x1d8c [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:58:47.0352 0x1d8c volsnap - ok
19:58:47.0355 0x1d8c [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume C:\Windows\system32\drivers\volume.sys
19:58:47.0362 0x1d8c volume - ok
19:58:47.0367 0x1d8c [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci C:\Windows\System32\drivers\vpci.sys
19:58:47.0377 0x1d8c vpci - ok
19:58:47.0384 0x1d8c [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:58:47.0394 0x1d8c vsmraid - ok
19:58:47.0420 0x1d8c [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS C:\Windows\system32\vssvc.exe
19:58:47.0467 0x1d8c VSS - ok
19:58:47.0477 0x1d8c [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
19:58:47.0490 0x1d8c VSTXRAID - ok
19:58:47.0493 0x1d8c [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:58:47.0503 0x1d8c vwifibus - ok
19:58:47.0507 0x1d8c [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt C:\Windows\system32\drivers\vwififlt.sys
19:58:47.0517 0x1d8c vwififlt - ok
19:58:47.0521 0x1d8c [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp C:\Windows\System32\drivers\vwifimp.sys
19:58:47.0530 0x1d8c vwifimp - ok
19:58:47.0541 0x1d8c [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time C:\Windows\system32\w32time.dll
19:58:47.0564 0x1d8c W32Time - ok
19:58:47.0568 0x1d8c [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
19:58:47.0577 0x1d8c WacomPen - ok
19:58:47.0587 0x1d8c [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService C:\Windows\system32\WalletService.dll
19:58:47.0606 0x1d8c WalletService - ok
19:58:47.0610 0x1d8c [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:58:47.0626 0x1d8c wanarp - ok
19:58:47.0629 0x1d8c [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:58:47.0644 0x1d8c wanarpv6 - ok
19:58:47.0674 0x1d8c [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine C:\Windows\system32\wbengine.exe
19:58:47.0720 0x1d8c wbengine - ok
19:58:47.0740 0x1d8c [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:58:47.0770 0x1d8c WbioSrvc - ok
19:58:47.0775 0x1d8c [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs C:\Windows\system32\drivers\wcifs.sys
19:58:47.0784 0x1d8c wcifs - ok
19:58:47.0799 0x1d8c [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
19:58:47.0830 0x1d8c Wcmsvc - ok
19:58:47.0842 0x1d8c [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:58:47.0861 0x1d8c wcncsvc - ok
19:58:47.0866 0x1d8c [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs C:\Windows\system32\drivers\wcnfs.sys
19:58:47.0876 0x1d8c wcnfs - ok
19:58:47.0879 0x1d8c [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
19:58:47.0888 0x1d8c WdBoot - ok
19:58:47.0905 0x1d8c [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:58:47.0925 0x1d8c Wdf01000 - ok
19:58:47.0933 0x1d8c [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
19:58:47.0945 0x1d8c WdFilter - ok
19:58:47.0952 0x1d8c [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:58:47.0966 0x1d8c WdiServiceHost - ok
19:58:47.0970 0x1d8c [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:58:47.0984 0x1d8c WdiSystemHost - ok
19:58:48.0000 0x1d8c [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi C:\Windows\system32\DRIVERS\wdiwifi.sys
19:58:48.0026 0x1d8c wdiwifi - ok
19:58:48.0033 0x1d8c [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
19:58:48.0042 0x1d8c WdNisDrv - ok
19:58:48.0044 0x1d8c WdNisSvc - ok
19:58:48.0051 0x1d8c [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient C:\Windows\System32\webclnt.dll
19:58:48.0070 0x1d8c WebClient - ok
19:58:48.0076 0x1d8c [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:58:48.0093 0x1d8c Wecsvc - ok
19:58:48.0096 0x1d8c [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
19:58:48.0108 0x1d8c WEPHOSTSVC - ok
19:58:48.0112 0x1d8c [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:58:48.0127 0x1d8c wercplsupport - ok
19:58:48.0132 0x1d8c [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc C:\Windows\System32\WerSvc.dll
19:58:48.0147 0x1d8c WerSvc - ok
19:58:48.0153 0x1d8c [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS C:\Windows\system32\drivers\wfplwfs.sys
19:58:48.0163 0x1d8c WFPLWFS - ok
19:58:48.0168 0x1d8c [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc C:\Windows\System32\wiarpc.dll
19:58:48.0180 0x1d8c WiaRpc - ok
19:58:48.0184 0x1d8c [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:58:48.0192 0x1d8c WIMMount - ok
19:58:48.0194 0x1d8c WinDefend - ok
19:58:48.0204 0x1d8c [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\Windows\system32\drivers\WindowsTrustedRT.sys
19:58:48.0213 0x1d8c WindowsTrustedRT - ok
19:58:48.0216 0x1d8c [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\Windows\system32\drivers\WindowsTrustedRTProxy.sys
19:58:48.0224 0x1d8c WindowsTrustedRTProxy - ok
19:58:48.0241 0x1d8c [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
19:58:48.0272 0x1d8c WinHttpAutoProxySvc - ok
19:58:48.0277 0x1d8c [ E815503BDE35026051EB701ACA72B296, 5541FBDA961B403F88BAF720840AB8DF2C96A382CDF97132A5C6A05A5F105E70 ] WINIO C:\Program Files (x86)\MSI\Dragon Center\winio64.sys
19:58:48.0282 0x1d8c WINIO - ok
19:58:48.0285 0x1d8c [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad C:\Windows\System32\drivers\winmad.sys
19:58:48.0292 0x1d8c WinMad - ok
19:58:48.0303 0x1d8c [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:58:48.0318 0x1d8c Winmgmt - ok
19:58:48.0365 0x1d8c [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM C:\Windows\system32\WsmSvc.dll
19:58:48.0443 0x1d8c WinRM - ok
19:58:48.0455 0x1d8c [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB C:\Windows\System32\drivers\WinUSB.SYS
19:58:48.0466 0x1d8c WINUSB - ok
19:58:48.0470 0x1d8c [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs C:\Windows\System32\drivers\winverbs.sys
19:58:48.0477 0x1d8c WinVerbs - ok
19:58:48.0492 0x1d8c [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc C:\Windows\system32\flightsettings.dll
19:58:48.0517 0x1d8c wisvc - ok
19:58:48.0557 0x1d8c [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc C:\Windows\System32\wlansvc.dll
19:58:48.0627 0x1d8c WlanSvc - ok
19:58:48.0667 0x1d8c [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc C:\Windows\system32\wlidsvc.dll
19:58:48.0727 0x1d8c wlidsvc - ok
19:58:48.0734 0x1d8c [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
19:58:48.0743 0x1d8c WmiAcpi - ok
19:58:48.0751 0x1d8c [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:58:48.0765 0x1d8c wmiApSrv - ok
19:58:48.0767 0x1d8c WMPNetworkSvc - ok
19:58:48.0773 0x1d8c [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof C:\Windows\system32\drivers\Wof.sys
19:58:48.0785 0x1d8c Wof - ok
19:58:48.0819 0x1d8c [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
19:58:48.0873 0x1d8c workfolderssvc - ok
19:58:48.0880 0x1d8c [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:58:48.0892 0x1d8c WPDBusEnum - ok
19:58:48.0895 0x1d8c [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
19:58:48.0904 0x1d8c WpdUpFltr - ok
19:58:48.0911 0x1d8c [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService C:\Windows\system32\WpnService.dll
19:58:48.0926 0x1d8c WpnService - ok
19:58:48.0930 0x1d8c [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService C:\Windows\System32\WpnUserService.dll
19:58:48.0942 0x1d8c WpnUserService - ok
19:58:48.0948 0x1d8c [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:58:48.0956 0x1d8c ws2ifsl - ok
19:58:48.0963 0x1d8c [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc C:\Windows\System32\wscsvc.dll
19:58:48.0976 0x1d8c wscsvc - ok
19:58:48.0979 0x1d8c WSearch - ok
19:58:48.0984 0x1d8c [ 89DCE82232B4C03A7E0ED75CD663B653, D1996163EB971E6A10583E7D97097AE514702DBEDCEC0F76C3A3758BBA7C8034 ] WtfEngineDrv C:\Windows\system32\DRIVERS\WtfEngineDrv.sys
19:58:48.0989 0x1d8c WtfEngineDrv - ok
19:58:49.0030 0x1d8c [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv C:\Windows\system32\wuaueng.dll
19:58:49.0098 0x1d8c wuauserv - ok
19:58:49.0106 0x1d8c [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:58:49.0118 0x1d8c WudfPf - ok
19:58:49.0126 0x1d8c [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
19:58:49.0140 0x1d8c WUDFRd - ok
19:58:49.0145 0x1d8c [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:58:49.0159 0x1d8c wudfsvc - ok
19:58:49.0165 0x1d8c [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:49.0180 0x1d8c WUDFWpdFs - ok
19:58:49.0204 0x1d8c [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:58:49.0246 0x1d8c WwanSvc - ok
19:58:49.0270 0x1d8c [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager C:\Windows\System32\XblAuthManager.dll
19:58:49.0305 0x1d8c XblAuthManager - ok
19:58:49.0328 0x1d8c [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave C:\Windows\System32\XblGameSave.dll
19:58:49.0367 0x1d8c XblGameSave - ok
19:58:49.0376 0x1d8c [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip C:\Windows\System32\drivers\xboxgip.sys
19:58:49.0390 0x1d8c xboxgip - ok
19:58:49.0409 0x1d8c [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc C:\Windows\system32\XboxNetApiSvc.dll
19:58:49.0450 0x1d8c XboxNetApiSvc - ok
19:58:49.0454 0x1d8c [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid C:\Windows\System32\drivers\xinputhid.sys
19:58:49.0464 0x1d8c xinputhid - ok
19:58:49.0469 0x1d8c [ C1D83317310C9470DF3CD7BB22AA874E, 33BABFB957363DA1D333745033F655DD8EAA1DABEBCA09FC728FF1A87622BE52 ] XTU3SERVICE C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
19:58:49.0474 0x1d8c XTU3SERVICE - ok
19:58:49.0479 0x1d8c [ 127702D90B07657E8421817D2D50A097, 3969817D67C21D7D4E146BC137557C62AB22FEC2FA55D36177D781BE83D3573B ] XtuAcpiDriver C:\Windows\System32\drivers\XtuAcpiDriver.sys
19:58:49.0490 0x1d8c XtuAcpiDriver - ok
19:58:49.0491 0x1d8c ================ Scan global ===============================
19:58:49.0496 0x1d8c [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\Windows\system32\basesrv.dll
19:58:49.0502 0x1d8c [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\Windows\system32\winsrv.dll
19:58:49.0509 0x1d8c [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\Windows\system32\sxssrv.dll
19:58:49.0520 0x1d8c [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\Windows\system32\services.exe
19:58:49.0528 0x1d8c [ Global ] - ok
19:58:49.0528 0x1d8c ================ Scan MBR ==================================
19:58:49.0530 0x1d8c [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:58:49.0554 0x1d8c \Device\Harddisk0\DR0 - ok
19:58:49.0568 0x1d8c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:58:50.0663 0x1d8c \Device\Harddisk1\DR1 - ok
19:58:50.0663 0x1d8c ================ Scan VBR ==================================
19:58:50.0666 0x1d8c [ 98342AEFBE984560E273C31CA4A17042 ] \Device\Harddisk0\DR0\Partition1
19:58:50.0667 0x1d8c \Device\Harddisk0\DR0\Partition1 - ok
19:58:50.0668 0x1d8c [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
19:58:50.0668 0x1d8c \Device\Harddisk0\DR0\Partition2 - ok
19:58:50.0670 0x1d8c [ 372D49346D46FEA56E7B008861927C81 ] \Device\Harddisk0\DR0\Partition3
19:58:50.0671 0x1d8c \Device\Harddisk0\DR0\Partition3 - ok
19:58:50.0673 0x1d8c [ F03D8EEFBE7274A51D94BAA027679D58 ] \Device\Harddisk0\DR0\Partition4
19:58:50.0674 0x1d8c \Device\Harddisk0\DR0\Partition4 - ok
19:58:50.0689 0x1d8c [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
19:58:50.0695 0x1d8c \Device\Harddisk1\DR1\Partition1 - ok
19:58:50.0720 0x1d8c [ 82E26109428D2ED80F754B25D729DD0C ] \Device\Harddisk1\DR1\Partition2
19:58:50.0766 0x1d8c \Device\Harddisk1\DR1\Partition2 - ok
19:58:50.0766 0x1d8c ================ Scan generic autorun ======================
19:58:50.0907 0x1d8c [ 5F50B8C8BF2C8F50A819086F1EBB4CAD, BDD9D1B02EC909DD84890ADF0759D395CB06EF9FB7C2F81D1C5304837355F538 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
19:58:51.0052 0x1d8c RTHDVCPL - ok
19:58:51.0064 0x1d8c [ 6A20A9BFDCCF75CC83514B431E97C3F9, 5C0A232C44231DFC02B4E6E3D442A65B860209C8FF3C795D2D54830F19793CBD ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
19:58:51.0071 0x1d8c IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
19:58:51.0864 0x1d8c Detect skipped due to KSN trusted
19:58:51.0864 0x1d8c IAStorIcon - ok
19:58:51.0880 0x1d8c [ 7964BF8D70539ABAEE812C26B308F4C3, 70E5CCF22F501B414CAC5D9C2F014BA8AAC5E6727E52D2AE920F26955B6E9E06 ] C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
19:58:51.0896 0x1d8c Nahimic2UILauncher - ok
19:58:51.0971 0x1d8c [ 1034796691CCBC39F4F4413497AA82D8, 390B33324108E3340B0C9B073DDAB78EC253CB3B0BAA0FBDD2A58BA6B4D81640 ] C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
19:58:52.0047 0x1d8c MsiTrueColor - ok
19:58:52.0057 0x1d8c [ 7C037BA077E9783C26E89544674927D9, 248406171AA6F53A91918A30A4DAD4D38979087B220CDC1AC0632ED2A19D0F1E ] C:\Program Files (x86)\SCM\SCM.exe
19:58:52.0066 0x1d8c SCM - ok
19:58:52.0069 0x1d8c [ C7645D43451C6D94D87F4D07BDE59C89, 495BBA47FC43EE23054FCD419F2F00457162D1C04296900C6AEA551102A810F3 ] C:\Windows\system32\rundll32.exe
19:58:52.0085 0x1d8c ShadowPlay - ok
19:58:52.0085 0x1d8c WindowsDefender - ok
19:58:52.0129 0x1d8c [ A6A21A7D544675E98C040DA18904CF50, AACB578C297C7AC9FEBDAB4AD20235E5CFF6E3F260E76E6AE18D43DC57D69672 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
19:58:52.0174 0x1d8c Malwarebytes TrayApp - ok
19:58:52.0181 0x1d8c [ 98BF3BE28076A0ACEE2082C4C9080D6D, 576D4BE0533F0ED491206722A36D4E8F01E900ADB545FAE9A65D669B512A2A39 ] C:\Users\ADMINI~1\AppData\Local\Temp\DeleteOnReboot.bat
19:58:52.0196 0x1d8c DeleteOnReboot - detected UnsignedFile.Multi.Generic ( 1 )
19:58:52.0987 0x1d8c DeleteOnReboot ( UnsignedFile.Multi.Generic ) - warning
19:58:54.0136 0x1d8c [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
19:58:54.0276 0x1d8c OneDriveSetup - ok
19:58:54.0421 0x1d8c [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
19:58:54.0563 0x1d8c OneDriveSetup - ok
19:58:54.0709 0x1d8c [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
19:58:54.0854 0x1d8c OneDriveSetup - ok
19:58:54.0889 0x1d8c [ CD7DC286D2FDFACB965C3E10967B2199, 30FFB133E70D694BE6968E86E999C797EE7349DCC4E9ACFB338412C039374388 ] C:\Users\MarkStrong\AppData\Local\Microsoft\OneDrive\OneDrive.exe
19:58:54.0920 0x1d8c OneDrive - ok
19:58:54.0947 0x1d8c [ 44348495F9D6ED21F4EFB3FF80677D99, 05B76248764B2BF7F9229626D7EFAFF96B724D38A82969EBE376CBE879E30450 ] C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
19:58:54.0975 0x1d8c OneDrive - ok
19:58:54.0980 0x1d8c Skype - ok
19:58:54.0982 0x1d8c [ D246A5F3AC19B579D432D5CD88FAC845, 42976C6797A8426107B428E64309466EF32F438B459432D5FFB310F1F6D7DD42 ] C:\AdwCleaner\AdwCleaner[C0].txt
19:58:54.0985 0x1d8c Report - detected UnsignedFile.Multi.Generic ( 1 )
19:58:56.0392 0x1d8c Report ( UnsignedFile.Multi.Generic ) - warning
19:58:57.0141 0x1d8c Waiting for KSN requests completion. In queue: 240
19:58:58.0154 0x1d8c Waiting for KSN requests completion. In queue: 240
19:58:59.0178 0x1d8c AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
19:58:59.0184 0x1d8c Win FW state via NFP2: enabled ( trusted )
19:58:59.0655 0x1d8c ============================================================
19:58:59.0655 0x1d8c Scan finished
19:58:59.0655 0x1d8c ============================================================
19:58:59.0665 0x1a98 Detected object count: 2
19:58:59.0665 0x1a98 Actual detected object count: 2
20:02:22.0102 0x1a98 DeleteOnReboot ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:22.0102 0x1a98 DeleteOnReboot ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:02:22.0102 0x1a98 Report ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:22.0102 0x1a98 Report ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.02.2017, 20:46
| #2 |
| /// TB-Ausbilder   | GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen Servus,
__________________wenn du schon Tools wie AdwCleaner und MBAM ausführst, dann solltest du das
Bitte nachreichen. Welche aktuellen Probleme hast du? |
|
18.02.2017, 14:07
| #3 |
| | GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen Hallo,
__________________Adw Cleaner hat nichts gefunden. Hier unten ein aktueller Suchlauf. Ich habe einen neuen MSI Laptop auf dem alle meine seit 20 Jahren eingescannten und gesammelten Bilder und Dokumente (1,2TB) sind die mir extrem viel bedeuten. Auf diesem neuen MSI habe Ich den Anhang der GEZ Email geöffnet und das Makro aktiviert. Man spuert bislang aber nichts vom Trojaner oder Virus. Nach dem Oeffnen der GEZ-Mail habe Ich die 1,2TB Daten auf eine externe Festplatte kopiert und von da an meinen alten ASUS Laptop angeschlossen um auf Viren zu pruefen. Der Rechner war dabei ca. 18 Std ans Internet angeschlossen. Anschliessend liessen sich bestimmte hilfreiche Internet Seiten nicht mehr Oeffnen und er ist jetzt extrem langsam. Die Dateien die Ich Dir geschickt habe stammen vom MSI Laptop, denn dieser ist fuer mich sehr wichtig wegen der Daten. Nach der Heilung des MSI wollte Ich den ASUS Laptop komplett neu aufsetzen und auch die externe Festplatte formatieren um eine saubere Umgebung zu haben. Soll Ich FRST und TDS Killer auf dem ASUS ausfuehren und darf ich Dir die Ergebnisse hier posten? Gruesse Tobias AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.043 - Bericht erstellt am 18/02/2017 um 07:57:40
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-02-13.1 [Lokal]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Administrator - MSI
# Gestartet von : C:\Users\MarkStrong\Desktop\AdwCleaner_6.043.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Keine schädlichen Dienste gefunden.
***** [ Ordner ] *****
Keine schädlichen Ordner gefunden.
***** [ Dateien ] *****
Keine schädlichen Dateien gefunden.
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Keine schädlichen Aufgaben gefunden.
***** [ Registrierungsdatenbank ] *****
Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
\AdwCleaner\AdwCleaner[C0].txt - [3554 Bytes] - [15/02/2017 20:50:54]
\AdwCleaner\AdwCleaner[S0].txt - [3324 Bytes] - [15/02/2017 20:49:09]
\AdwCleaner\AdwCleaner[S1].txt - [1484 Bytes] - [18/02/2017 07:41:48]
\AdwCleaner\AdwCleaner[S2].txt - [1407 Bytes] - [18/02/2017 07:57:40]
########## EOF - \AdwCleaner\AdwCleaner[S2].txt - [1478 Bytes] ##########
|
|
18.02.2017, 14:58
| #4 | |
| /// TB-Ausbilder | GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen Servus, wir beschränken uns jetzt auf den MSI Laptop, von dem du bereits die FRST Logdateien geschickt hast. Wieso führst du AdwCleaner nochmal aus?  Zitat:
Du hast AdwCleaner bereits am 15.02. und MBAM am 13.02. selbst ausgeführt. Von diesen Suchläufen möchte ich gerne die Logdateien mit den Funden sehen... denn dort wurde bestimmt etwas gefunden (bei AdwCleaner wurde am 15.02. auf jeden Fall etwas gefunden, weil dein Rechner dabei neugestartet wurde). Da du sowohl AdwCleaner als auch MBAM noch installiert hast, solltest du mir die Logdateien vom 15.02. (Adw) bzw. 13.02. (MBAM) ohne Probleme nachreichen können. Außerdem bitte ich dich, MBAM und FRST nochmal auszuführen: Schritt 1
Schritt 2
Bitte poste mit deiner nächsten Antwort
|
|
18.02.2017, 23:22
| #5 |
| | GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen Hallo, vielen Dank fuer die schnelle Antwort. Hier ist das ADW-Cleaner File vom 15.02 ... AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.043 - Bericht erstellt am 15/02/2017 um 20:49:09
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-02-13.1 [Server]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Administrator - MSI
# Gestartet von : C:\Users\MarkStrong\Desktop\AdwCleaner_6.043.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Keine schädlichen Dienste gefunden.
***** [ Ordner ] *****
Ordner Gefunden: C:\Program Files\Reimage
Ordner Gefunden: C:\Program Files\reimage
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
***** [ Dateien ] *****
Datei Gefunden: C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
Datei Gefunden: C:\Windows\Reimage.ini
Datei Gefunden: C:\Users\ADMINI~1\AppData\Local\Temp\reimage.log
Datei Gefunden: C:\Users\ADMINI~1\AppData\Local\Temp\ReimagePackage.exe
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Aufgabe Gefunden: Reimage Reminder
Aufgabe Gefunden: Reimage Reminder
Aufgabe Gefunden: reimage reminder
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gefunden: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gefunden: HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Reimage
Schlüssel Gefunden: HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Schlüssel Gefunden: HKCU\Software\Reimage
Schlüssel Gefunden: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Schlüssel Gefunden: [x64] HKCU\Software\Reimage
Schlüssel Gefunden: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
\AdwCleaner\AdwCleaner[S0].txt - [3152 Bytes] - [15/02/2017 20:49:09]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3223 Bytes] ##########
[/CODE] Hallo, hier ist der Bericht von Malwarebytes vom 13.02. Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 13.02.17
Scan-Zeit: 20:04
Protokolldatei:
Administrator: Nein
-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.50
Version des Aktualisierungspakets: 1.0.1064
Lizenz: Kostenlos
-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: MSI\MarkStrong
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 444463
Abgelaufene Zeit: 1 Min., 7 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 1
PUP.Optional.DownloadSponsor, C:\USERS\MARKSTRONG\DOWNLOADS\STEAM - CHIP-INSTALLER.EXE, In Quarantäne, [643], [349501],1.0.1064
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
es war mir nicht moeglich die Malwarebytes-Datei als .txt auf dem Desktop zu Speichern. Ich erhalte beim Speichern zwar keine Fehlermeldung aber die Datei ist im Desktop nicht auffindbar. Ich kann das Protokoll nur als Zwischenablage hier einfuegen. Hier der aktuelle Malwarebytes Scan Code:
ATTFilter
Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 18.02.17
Scan-Zeit: 17:10
Protokolldatei:
Administrator: Nein
-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.50
Version des Aktualisierungspakets: 1.0.1295
Lizenz: Kostenlos
-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: MSI\MarkStrong
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 449123
Abgelaufene Zeit: 2 Min., 11 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
hier das aktuelle FRST File ... FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017 01
durchgeführt von Administrator (Administrator) auf MSI (18-02-2017 17:19:11)
Gestartet von C:\Users\MarkStrong\Desktop
Geladene Profile: MarkStrong & Administrator (Verfügbare Profile: defaultuser0 & MarkStrong & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-20] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [693432 2016-10-07] ()
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [4811048 2016-09-09] (Portrait Displays, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2016-08-19] (MSI)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\Administrator\AppData\Local\Temp\DeleteOnReboot.bat [480 2017-02-15] () <===== ACHTUNG
HKU\S-1-5-21-4218886898-41493801-728894-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-4218886898-41493801-728894-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2016-10-20]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-10-20]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{44c729b7-3a09-4761-bb9e-6fb3853c3b3d}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-4218886898-41493801-728894-1001 -> DefaultScope {FFD7DB1D-3F65-4AC8-A7C6-562077F48108} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-07] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [1951456 2016-09-29] (Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-08-19] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [180520 2016-09-09] (Portrait Displays, Inc.)
S2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [58296 2016-08-12] (Micro-Star INT'L CO., LTD.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362568 2015-06-18] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2016-12-12] (NVIDIA Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266328 2016-12-04] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys [173808 2015-06-24] (Symantec Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-16] (Qualcomm Atheros, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-17] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_85330ff976332cdb\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-12-12] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [35272 2016-10-20] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2016-12-12] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2403248 2016-09-06] (Qualcomm Atheros, Inc.)
R2 RfeCoSvc; C:\Windows\system32\DRIVERS\RfeCo10X64.sys [87904 2016-09-29] (Rivet Networks, LLC.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-10-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42088 2016-10-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-10-20] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2016-06-14] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [52960 2016-10-04] (SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [33896 2016-06-14] (SteelSeries ApS)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-14] (Symantec Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()
R2 WtfEngineDrv; C:\Windows\system32\DRIVERS\WtfEngineDrv.sys [27904 2016-02-01] (AAA Internet Publishing, Inc.)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\EX64.SYS [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-18 17:18 - 2017-02-18 17:18 - 00000000 ____D C:\Users\MarkStrong\Desktop\FRST-OlderVersion
2017-02-18 17:13 - 2017-02-18 17:13 - 00001234 _____ C:\Users\Administrator\Desktop\mbam.txt
2017-02-18 17:07 - 2017-02-18 17:07 - 00001339 _____ C:\Users\Administrator\Desktop\Malwarebytes 13.02.txt
2017-02-18 14:52 - 2017-02-18 14:52 - 00000000 ___HD C:\OneDriveTemp
2017-02-16 19:56 - 2017-02-16 20:18 - 00272742 _____ C:\TDSSKiller.3.1.0.12_16.02.2017_19.56.31_log.txt
2017-02-15 21:20 - 2017-02-15 21:21 - 00270548 _____ C:\TDSSKiller.3.1.0.12_15.02.2017_21.20.37_log.txt
2017-02-15 20:56 - 2017-02-15 20:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\MarkStrong\Desktop\tdsskiller.exe
2017-02-15 20:55 - 2017-02-18 17:19 - 00018108 _____ C:\Users\MarkStrong\Desktop\FRST.txt
2017-02-15 20:55 - 2017-02-18 17:19 - 00000000 ____D C:\FRST
2017-02-15 20:55 - 2017-02-16 19:51 - 00059140 _____ C:\Users\MarkStrong\Desktop\Addition.txt
2017-02-15 20:54 - 2017-02-18 17:18 - 02422784 _____ (Farbar) C:\Users\MarkStrong\Desktop\FRST64.exe
2017-02-15 20:46 - 2017-02-18 07:57 - 00000000 ____D C:\AdwCleaner
2017-02-15 20:46 - 2017-02-15 20:46 - 04015056 _____ C:\Users\MarkStrong\Desktop\AdwCleaner_6.043.exe
2017-02-14 00:51 - 2017-02-14 00:52 - 00000000 ____D C:\ProgramData\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2015
2017-02-13 20:03 - 2017-02-17 09:38 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 20:03 - 2017-02-13 20:03 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 20:03 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-13 18:58 - 2017-02-13 18:52 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-13 18:00 - 2017-02-13 18:00 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\WinZip
2017-02-10 14:35 - 2017-02-10 14:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 14:35 - 2017-01-20 09:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-10 14:35 - 2016-12-15 19:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00266528 _____ C:\Windows\system32\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-10 14:35 - 2016-12-15 19:32 - 00125728 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-10 14:33 - 2017-01-23 19:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00944224 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00719160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00618232 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00609216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00573120 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00447800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-10 09:21 - 2017-02-10 09:23 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-02-03 15:55 - 2017-02-03 15:55 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Microsoft Help
2017-01-25 08:59 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-25 08:59 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-18 16:53 - 2016-08-01 17:28 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-18 16:39 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Skype
2017-02-18 16:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-18 14:56 - 2016-12-14 12:08 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-18 14:56 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 14:54 - 2016-12-20 18:36 - 00004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5ECB8719-0C45-4D0B-9E23-341326ED26A6}
2017-02-18 14:52 - 2016-12-14 10:14 - 00000000 ___RD C:\Users\MarkStrong\OneDrive
2017-02-18 14:52 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-18 14:51 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong
2017-02-18 09:59 - 2016-08-01 18:06 - 00615274 _____ C:\Windows\system32\perfh019.dat
2017-02-18 09:59 - 2016-08-01 18:06 - 00220106 _____ C:\Windows\system32\perfc019.dat
2017-02-18 09:59 - 2016-08-01 18:02 - 00723478 _____ C:\Windows\system32\prfh0816.dat
2017-02-18 09:59 - 2016-08-01 18:02 - 00241444 _____ C:\Windows\system32\prfc0816.dat
2017-02-18 09:59 - 2016-08-01 17:58 - 00746338 _____ C:\Windows\system32\perfh013.dat
2017-02-18 09:59 - 2016-08-01 17:58 - 00248602 _____ C:\Windows\system32\perfc013.dat
2017-02-18 09:59 - 2016-08-01 17:50 - 00724734 _____ C:\Windows\system32\perfh010.dat
2017-02-18 09:59 - 2016-08-01 17:50 - 00236370 _____ C:\Windows\system32\perfc010.dat
2017-02-18 09:59 - 2016-08-01 17:47 - 00744582 _____ C:\Windows\system32\perfh00C.dat
2017-02-18 09:59 - 2016-08-01 17:47 - 00242524 _____ C:\Windows\system32\perfc00C.dat
2017-02-18 09:59 - 2016-08-01 17:42 - 00738786 _____ C:\Windows\system32\perfh00A.dat
2017-02-18 09:59 - 2016-08-01 17:42 - 00246576 _____ C:\Windows\system32\perfc00A.dat
2017-02-18 09:59 - 2016-08-01 17:40 - 00785098 _____ C:\Windows\system32\perfh008.dat
2017-02-18 09:59 - 2016-08-01 17:40 - 00251570 _____ C:\Windows\system32\perfc008.dat
2017-02-18 09:59 - 2016-08-01 17:37 - 01098038 _____ C:\Windows\system32\perfh007.dat
2017-02-18 09:59 - 2016-08-01 17:37 - 00257978 _____ C:\Windows\system32\perfc007.dat
2017-02-18 09:59 - 2016-08-01 17:33 - 09488810 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-17 14:46 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-02-17 09:38 - 2016-08-01 17:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-17 09:37 - 2016-12-23 04:07 - 00006776 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-17 09:37 - 2016-07-16 01:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-02-15 20:52 - 2016-12-23 04:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-02-15 20:50 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\CrashDumps
2017-02-13 21:49 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\Norton
2017-02-13 18:52 - 2016-12-14 10:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-02-13 18:52 - 2016-07-16 06:47 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-02-13 18:52 - 2016-07-16 01:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-02-13 18:00 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\WinZip
2017-02-13 00:15 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 14:09 - 2016-12-14 10:13 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA Corporation
2017-02-10 14:09 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA
2017-02-10 14:02 - 2016-12-14 12:21 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-10 09:22 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-03 01:26 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-02 13:14 - 2016-12-14 22:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-02-02 13:13 - 2016-12-20 09:14 - 00000001 _____ C:\Users\Public\Documents\dgc_DC.txt
2017-02-02 13:13 - 2016-12-14 22:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-02-02 13:13 - 2016-08-01 17:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-01 21:25 - 2016-12-19 00:13 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 21:25 - 2016-12-19 00:13 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-25 09:17 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-24 19:02 - 2016-12-14 10:14 - 00002397 _____ C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 19:00 - 2016-10-20 18:52 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-01-23 19:00 - 2016-10-20 18:52 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-01-21 05:55 - 2017-01-17 05:54 - 00048696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2017-01-20 11:38 - 2017-01-17 05:53 - 28239928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 04079032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 03597640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00514616 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00420408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00043556 _____ C:\Windows\system32\nvinfo.pb
2017-01-20 11:25 - 2016-12-14 22:03 - 00000000 ____D C:\Users\Administrator
2017-01-20 10:17 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Packages
2017-01-20 10:13 - 2016-10-20 18:52 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00548800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-01-20 09:04 - 2016-12-23 04:07 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-10-20 18:53 - 2016-10-20 18:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-23 04:07 - 2017-02-18 16:53 - 0008769 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 04:07 - 2017-02-17 09:37 - 0006776 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Administrator\AppData\Local\Temp\DeleteOnReboot.bat
Einige Dateien in TEMP:
====================
2017-02-10 09:22 - 2016-12-29 07:29 - 0860960 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-10 14:34 - 2016-12-29 07:28 - 0351680 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
2017-02-17 14:44 - 2017-02-17 16:39 - 44048864 _____ (Skype Technologies S.A.) C:\Users\MarkStrong\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-02-17 17:28
==================== Ende von FRST.txt ============================
[/CODE] Hallo, hier ist das Addition File ..... VIELEN DANK Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-02-2017 01
durchgeführt von Administrator (18-02-2017 17:19:30)
Gestartet von C:\Users\MarkStrong\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-14 15:08:43)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4218886898-41493801-728894-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4218886898-41493801-728894-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4218886898-41493801-728894-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gast (S-1-5-21-4218886898-41493801-728894-501 - Limited - Disabled)
MarkStrong (S-1-5-21-4218886898-41493801-728894-1001 - Limited - Enabled) => C:\Users\MarkStrong
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
ACPI Driver Installer (HKLM-x32\...\553E35CD-0415-41bc-B39A-410375E88534) (Version: 2.1 - Intel Corporation)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
ApoDispatchConfigurator (Version: 2.3.701 - Nahimic) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.38.1 - Asmedia Technology)
AudioLaunchpadConfigurator (Version: 2.3.701 - Nahimic) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1608.0901 - Micro-Star International Co., Ltd.)
Battery Calibration (x32 Version: 1.0.1608.0901 - Micro-Star International Co., Ltd.) Hidden
Beyond Gravity (HKLM\...\Steam App 317510) (Version: - Qwiboo Ltd)
Bridge Constructor Medieval (HKLM\...\Steam App 319850) (Version: - ClockStone)
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1608.1201 - Application)
BurnRecovery (x32 Version: 5.0.1608.1201 - Application) Hidden
CheckDevicesConfigurator (Version: 2.3.701 - Nahimic) Hidden
Craft The World (HKLM\...\Steam App 248390) (Version: - Dekovir Entertainment)
DEFCON (HKLM\...\Steam App 1520) (Version: - Introversion Software)
Defend Your Life (HKLM\...\Steam App 357780) (Version: - Alda Games)
Defenders of Ardania (HKLM\...\Steam App 73060) (Version: - Most Wanted Entertainment)
Demon Hunter: Chronicles from Beyond (HKLM\...\Steam App 330990) (Version: - Brave Giant LTD)
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1610.2701 - Micro-Star International Co., Ltd.)
Dragon Center (x32 Version: 1.2.1610.2701 - Micro-Star International Co., Ltd.) Hidden
Dwarfs!? (HKLM\...\Steam App 35480) (Version: - Power of 2)
Evil Defenders (HKLM\...\Steam App 412520) (Version: - CP Decision)
F.E.A.R. 3 (HKLM\...\Steam App 21100) (Version: - Day 1 Studios)
F1 Race Stars (HKLM\...\Steam App 203680) (Version: - Codemasters Birmingham)
Fallout 4 (HKLM\...\Steam App 377160) (Version: - Bethesda Game Studios)
Final Exam (HKLM\...\Steam App 233190) (Version: - Mighty Rocket Studio)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FORCED (HKLM\...\Steam App 249990) (Version: - BetaDwarf)
Foul Play (HKLM\...\Steam App 244810) (Version: - Mediatonic)
Go Home Dinosaurs! (HKLM\...\Steam App 216090) (Version: - Fire Hose Games)
God Mode (HKLM\...\Steam App 227480) (Version: - Old School Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grim Legends 2: Song of the Dark Swan (HKLM\...\Steam App 279800) (Version: - Artifex Mundi)
Guns'N'Zombies (HKLM\...\Steam App 264300) (Version: - Krealit)
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1609.0501 - Micro-Star International Co., Ltd.)
Help Desk (x32 Version: 1.0.1609.0501 - Micro-Star International Co., Ltd.) Hidden
Hero Academy (HKLM\...\Steam App 209270) (Version: - Robot Entertainment)
Hydrophobia: Prophecy (HKLM\...\Steam App 92000) (Version: - Dark Energy Digital Ltd.)
iBomber Defense Pacific (HKLM\...\Steam App 206690) (Version: - Cobra Mobile)
INSIDE (HKLM\...\Steam App 304430) (Version: - Playdead)
Intel Extreme Tuning Utility (HKLM-x32\...\{e3931098-f44a-4c70-bf9c-f48d24bdd066}) (Version: 6.0.2.8 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.0.2.8 - Intel Corporation) Hidden
Intel XTU Library (HKLM-x32\...\{B48E71F0-769D-445D-9020-9E06FF1D51C8}) (Version: 10.015.08120 - Micro-Star INT'L CO., LTD.)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)
Killer Performance Suite (HKLM\...\{0B988985-38C9-4DD4-9835-5AC17EEC26F7}) (Version: 1.0.762 - Rivet Networks)
LauncherSetup (Version: 2.3.701 - Nahimic) Hidden
Leviathan: Warships (HKLM\...\Steam App 202270) (Version: - Pieces Interactive)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Silver (HKLM-x32\...\MX.{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}) (Version: 21.0.3.44 - MAGIX Software GmbH)
MAGIX Music Maker Silver (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Silver Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Photo Manager 16 (HKLM-x32\...\MX.{B33D219F-2504-45A7-863B-999ED3E38B01}) (Version: 12.0.0.26 - MAGIX Software GmbH)
MAGIX Photo Manager 16 (Version: 12.0.0.26 - MAGIX Software GmbH) Hidden
Magnetis (HKLM\...\Steam App 37500) (Version: - Yullaby)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Men of War: Assault Squad (HKLM\...\Steam App 64000) (Version: - Digitalmindsoft)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4218886898-41493801-728894-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4218886898-41493801-728894-500\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Millie (HKLM\...\Steam App 294230) (Version: - Forever Entertainment S. A.)
Mini Motor Racing EVO (HKLM\...\Steam App 209520) (Version: - The Binary Mill)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.) Hidden
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 1.6.3.005 - Portrait Displays, Inc.)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nahimic 2 (HKLM-x32\...\{51d850bf-aca6-4eac-b215-2792260adafd}) (Version: 2.3.7 - Nahimic)
Nahimic2UISetup (Version: 2.3.701 - Nahimic) Hidden
Norton Online Backup (HKLM-x32\...\{652C1CDF-C61D-4525-9348-8C272CC2DB24}) (Version: 2.10.2.7 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.6.0.12 - Symantec Corporation) Hidden
Not The Robots (HKLM\...\Steam App 257120) (Version: - 2DArray)
NVIDIA 3D Vision Treiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Poly Bridge (HKLM\...\Steam App 367450) (Version: - Dry Cactus)
Pool Nation (HKLM\...\Steam App 254440) (Version: - Cherry Pop Games)
Port Royale 3 (HKLM\...\Steam App 205610) (Version: - Gaming Minds)
ProductDaemonSetup (Version: 2.3.701 - Nahimic) Hidden
ProductNSConfigurator (Version: 2.3.701 - Nahimic) Hidden
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.279 - Qualcomm Atheros)
R.U.S.E (HKLM\...\Steam App 21970) (Version: - Eugen Systems)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
Rise: Battle Lines (HKLM\...\Steam App 386350) (Version: - The Secret Games Company)
Sanctum 2 (HKLM\...\Steam App 210770) (Version: - Coffee Stain Studios)
SCM (HKLM\...\{4D36BF08-839B-47C5-BEDF-79D54ED8D14B}) (Version: 13.016.08191 - Application)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version: - Microsoft)
SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application)
Sizing Options (x32 Version: 3.0.1607.2201 - Application) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SonicMapperConfigurator (Version: 2.3.701 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.1 - SteelSeries ApS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.57 - Synaptics Incorporated)
Time Mysteries: Inheritance - Remastered (HKLM\...\Steam App 350010) (Version: - Artifex Mundi)
TrackMania² Stadium (HKLM\...\Steam App 232910) (Version: - Nadeo)
Tribloos 2 (HKLM\...\Steam App 271550) (Version: - BumpkinBrothers)
UIInstallUpgrade (Version: 2.3.701 - Nahimic) Hidden
Unstoppable Gorg (HKLM\...\Steam App 18120) (Version: - Futuremark)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
War in a Box: Paper Tanks (HKLM\...\Steam App 308460) (Version: - DQ Team)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
WTFast 4.0 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.0.7.692 - Initex & AAA Internet Publishing)
XSplit Gamecaster (HKLM-x32\...\{9E8A3821-032E-4230-9C12-C14D3FC8685E}) (Version: 2.8.1605.2342 - SplitmediaLabs)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02564E8D-AB43-4419-AC00-79101D2756E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {064B5CAB-52A2-430F-A5B4-FF0E09673D4C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {1B8AC99F-030B-42C2-888C-B3F837BA66FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {257D9A76-B695-4959-AA17-319E71BB6F15} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-12] (NVIDIA Corporation)
Task: {28C0F686-7B46-4FAF-B9A2-6DCBF9A5CA3C} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2016-09-05] (Micro-Star International Co., Ltd.)
Task: {31E593A3-4183-4FC8-8087-D1EE9A51F5E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-19] (Google Inc.)
Task: {35EFF172-9233-45BA-A2E7-E350289A2BF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-19] (Google Inc.)
Task: {3C5D7129-9885-4F33-BF1C-C04D91F6BBC8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {7E3D5826-1D24-49E4-9741-EF3C05B040E3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {89529DF8-9E20-4066-A0D4-2B9EB847F3FF} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-05-05] (Intel Corporation)
Task: {8A08E4AC-099F-42DC-BE7C-B06AB22253D4} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [2016-10-27] (Micro-Star International Co., Ltd.)
Task: {8A97CC49-5245-4C9F-B8DB-46B621F734B2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {8CB5DDE8-AB4B-42CB-B90E-2FBC77043E55} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {B6FCEBAE-82E1-4AEA-A479-399511227EC3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {B7B85536-A000-4D01-A206-B8A3780D7D35} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-12] (NVIDIA Corporation)
Task: {BBB71FBF-7E02-40FE-8B65-22AA4C39C066} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {BEA217F2-54BA-427B-83A4-59512D5FB5E6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {D1E97528-3DD9-413E-8EAB-7CF9309086DE} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [2016-10-07] ()
Task: {D9AA3C2E-8022-4CE2-B49C-39DB1039825E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {DFDC6E38-8F85-4CAD-A646-1567A0F2FE91} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-12] (NVIDIA Corporation)
Task: {F2C83940-15BC-41F3-9722-EEC6E17D6591} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2016-10-07] ()
Task: {F90F41F6-90C5-4AFF-A161-596051EEB978} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [2016-10-07] ()
Task: {FE346F69-9C45-4426-A556-DB2838A4C62B} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-12-23 04:07 - 2016-12-12 18:39 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-13 20:03 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-09-29 13:55 - 2016-09-29 13:55 - 00560128 _____ () C:\Program Files\Killer Networking\Killer Control Center\SpeedTestDLL.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-10-20 18:52 - 2017-01-20 10:13 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-07 18:27 - 2016-10-07 18:27 - 00200888 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll
2016-10-07 18:27 - 2016-10-07 18:27 - 00272568 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll
2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-08-02 10:55 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-12-14 13:19 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 04:24 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 04:24 - 2016-12-21 02:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-11 04:23 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 04:23 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-07 18:24 - 2016-10-07 18:24 - 00693432 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
2016-10-07 18:25 - 2016-10-07 18:25 - 02024632 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe
2016-10-07 18:28 - 2016-10-07 18:28 - 00495288 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe
2016-10-27 12:58 - 2016-10-27 12:58 - 00018712 _____ () C:\Program Files (x86)\MSI\Dragon Center\GInf.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-18 14:54 - 2017-02-18 14:56 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 20:22 - 2017-02-06 20:23 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 00132608 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2016-12-14 10:46 - 2016-12-14 10:47 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-12-14 10:46 - 2016-12-14 10:47 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-12-14 10:46 - 2016-12-14 10:47 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-12-14 10:46 - 2016-12-14 10:47 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-12-14 10:46 - 2016-12-14 10:47 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-07-16 09:34 - 2016-07-16 09:34 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-01-31 21:21 - 2017-01-31 21:23 - 01097072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.Controls.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 00181248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\Microsoft.Skype.ImageTool.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 00040960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\TraceProvider.dll
2016-08-30 02:19 - 2016-08-30 02:19 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-07 18:23 - 2016-10-07 18:23 - 00175800 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2DevProps.dll
2016-10-07 18:21 - 2016-10-07 18:21 - 00250552 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2OSD.dll
2016-12-14 12:10 - 2016-12-23 13:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-14 12:10 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-14 12:10 - 2017-01-18 20:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-14 12:10 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-14 12:10 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-14 12:10 - 2017-01-18 20:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-14 12:10 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-14 12:11 - 2017-01-04 22:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-14 12:10 - 2017-01-18 20:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-12-23 04:07 - 2016-12-12 18:38 - 64246840 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-12-23 04:07 - 2016-12-12 09:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-23 04:07 - 2016-12-12 09:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-12-14 12:10 - 2015-09-24 18:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2016-07-16 06:47 - 2016-07-16 06:45 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4218886898-41493801-728894-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
HKU\S-1-5-21-4218886898-41493801-728894-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\Wallpaper\backgroundDefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{58A45F44-D5FA-487F-AD77-8EA4E487FD4E}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
FirewallRules: [{89F8FB89-D598-4E08-80D6-8469CF8BCCD4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F723A05F-477E-41ED-AD42-B0F5A57E7748}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3EF9FB57-32D8-4AA6-9025-B53BF06F2876}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{62EAAD63-655F-45CE-93E0-1740285AA331}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AA4F4879-FC87-41FB-97AD-C257327594CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe
FirewallRules: [{02E8F509-35F2-4D24-A941-B4D58A841B2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe
FirewallRules: [{E32A40F4-3B0A-4C25-99DA-452827ACF658}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{D3AFBDE0-A702-4A4C-B126-D31DA5137213}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{BC1867CA-8AC0-4981-969C-41ECCDE98505}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pool Nation\Pool.exe
FirewallRules: [{D0C7D77C-EE0C-4042-9E4A-29A3C7308CAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pool Nation\Pool.exe
FirewallRules: [{3B6E62BD-6040-419E-82BB-C4384057258B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DYL\dyl.exe
FirewallRules: [{DC55DD35-FC5B-4BF2-A950-505A1E8B7ABB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DYL\dyl.exe
FirewallRules: [{33E40C5E-3E3B-4D1B-AE50-7D58C259FE0A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7FF10783-2B91-44AE-A335-804A2030D4F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{321C6B0F-14D7-474F-941D-BEC9D3029F7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{F574291E-919E-4223-B0FC-6D2F332C26EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9042FFBF-3DEC-4BB7-A6B9-0743DABB434E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{35859D71-FE2A-45FF-A627-917D8FB37C22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E479FDB1-F61B-4350-A3D7-821B937A6D17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{FB6557CF-C8F3-42EA-ADD4-928E6BE29B4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{F8769C68-A2D8-488D-BF65-4B7630F8D238}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{0485327C-A46F-45E3-A71C-D3A7143D8804}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{FAF6EEEC-4F01-49A8-AAC1-A7DD0D87F076}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in a Box - Paper Tanks\War in a Box - Paper Tanks.exe
FirewallRules: [{E3AB1FCC-F2F4-454D-A55F-91EFC2A2EA38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in a Box - Paper Tanks\War in a Box - Paper Tanks.exe
FirewallRules: [{39B57716-1C4B-4ED8-B200-8F1345124CA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unstoppable Gorg\unstoppable_gorg.exe
FirewallRules: [{5397A5F7-862C-4E14-9C6C-809620D47DC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unstoppable Gorg\unstoppable_gorg.exe
FirewallRules: [{32F88ECD-D735-43F3-986E-8BB3B1ED04EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribloos 2\TheTribloos2.exe
FirewallRules: [{0FEE2CD4-9E9F-42B3-97C0-70742BBD675D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribloos 2\TheTribloos2.exe
FirewallRules: [{19DDBA06-A30A-4025-8E96-444F15FD83C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{766BA255-C003-4E04-815C-B61727EBB917}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{BE6EAB90-FC6B-48A1-AC77-7A3DDFDA24F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Mysteries Inheritance Remastered\TimeMysteries_Inheritance.exe
FirewallRules: [{F4A8FA06-3540-47AB-ACD5-57F2B896079A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Mysteries Inheritance Remastered\TimeMysteries_Inheritance.exe
FirewallRules: [{265B1327-59CB-4805-B6F1-AB70002D0F42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise\Rise.exe
FirewallRules: [{62783129-1185-45E8-B211-32AF9CD331CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise\Rise.exe
FirewallRules: [{58CFAA9B-73E2-4533-B46D-2A55128329DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poly Bridge\polybridge.exe
FirewallRules: [{55249A23-EB92-4FA3-8078-CFA74499739E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poly Bridge\polybridge.exe
FirewallRules: [{C3979464-80AE-4644-9838-0AF3CCC78D31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mini Motor Racing\Mini Motor Evo.exe
FirewallRules: [{2AF9B9B9-EA8F-4678-B4AF-019A0CA74691}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mini Motor Racing\Mini Motor Evo.exe
FirewallRules: [{1F8CDCA3-8A82-4F93-86FF-39C651A778FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{12D4118A-6FB9-4FC8-A4BB-0E00D51A0664}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{ECAD9605-7B7D-4218-BC47-1D2D77AD4197}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bridge Constructor Medieval\Bridge_Constructor_Medieval.exe
FirewallRules: [{2E6A0096-95EB-4FF0-AA78-EB92975D0B94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bridge Constructor Medieval\Bridge_Constructor_Medieval.exe
FirewallRules: [{564CF656-D5EA-48B4-BB51-6388EED16405}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{909CB892-BA48-4149-A311-5465AB5DAEAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{380E392A-702D-4E2F-8C48-B5530C7721B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{4E91C6CF-9A99-4107-B725-39DF19646A01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{960A768A-0031-4F48-A622-D34D08A1172D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Port Royale 3\PortRoyale3.exe
FirewallRules: [{67CBF75F-AF81-4BC5-9E26-E8D37851C4EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Port Royale 3\PortRoyale3.exe
FirewallRules: [{93A75816-103A-4968-ABDD-352927A87174}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millie\Millie.exe
FirewallRules: [{FFAD9C2B-5BBA-48EC-BB0C-13B7D3DB4470}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millie\Millie.exe
FirewallRules: [{A3FE6BD7-1F07-494C-A44B-27C318AD96A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Not The Robots\Not the Robots.exe
FirewallRules: [{E5F32BE5-B629-477F-8F03-A373CB7E65D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Not The Robots\Not the Robots.exe
FirewallRules: [{70A38E8E-11E3-4864-8AFD-B4490348E0DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{2008150F-53FB-4941-B8EB-89EAF7A11EBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{94E5C3EA-1282-45B8-A8A1-275164C35370}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan Warships\Leviathan.exe
FirewallRules: [{3EB97BC5-0180-4717-87A0-0C868E946377}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan Warships\Leviathan.exe
FirewallRules: [{3B42174B-3B07-47FF-B71D-FDBBC9F07690}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defenders of Ardania\DOA.exe
FirewallRules: [{A5FD5BFD-9BB3-4AD7-86AF-5F2991BB563C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defenders of Ardania\DOA.exe
FirewallRules: [{4F8AA047-AE30-478D-8CA0-532769A43861}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{A144D421-CD6D-47E1-91FD-07748FC8EB7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{EA89CB5D-BF6B-4175-92EC-5CF8BB5A30AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evil Defenders\Evil Defenders.exe
FirewallRules: [{9E4631AF-86B3-41BF-AA91-ED4B709E45B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evil Defenders\Evil Defenders.exe
FirewallRules: [{6ABD3963-FCE1-4570-8448-08526E8326CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demon Hunter Chronicles from Beyond\DemonHunter.exe
FirewallRules: [{08A9F07E-B989-4A49-A8D0-F05DE03EE1D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demon Hunter Chronicles from Beyond\DemonHunter.exe
FirewallRules: [{622F3114-BA9B-46D0-AC13-264949088297}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{468D817F-46BE-4066-9BFB-E47C02692C0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{C0D20874-D515-45C7-9735-F204329D29CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Legends Song of the Dark Swan\GrimLegends_SongOfTheDarkSwan.exe
FirewallRules: [{5DA2F9A0-0A8C-4329-8287-8B455076E02E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Legends Song of the Dark Swan\GrimLegends_SongOfTheDarkSwan.exe
FirewallRules: [{ABE851FC-1EA5-4984-8D09-07D45753E171}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunsNZombies\GNZ.exe
FirewallRules: [{CEB2B999-5155-44CB-888C-1F2B16902B10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunsNZombies\GNZ.exe
FirewallRules: [{BD69AE83-356E-46D6-95E2-742A844856B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FORCED\FORCED.exe
FirewallRules: [{D25B9354-2B67-43F6-B5CA-C10A54AF1D88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FORCED\FORCED.exe
FirewallRules: [{20EB6D39-A038-4D20-AF2F-D963268BD999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foul Play\foul_play.exe
FirewallRules: [{6CEFEB45-4719-4981-9ECE-F976999C7486}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foul Play\foul_play.exe
FirewallRules: [{9A9C0EA1-6B87-4F3A-97CF-C683D686DFE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Exam\final_exam.exe
FirewallRules: [{2AA3EE71-3825-4A05-9863-825D14D27D6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Exam\final_exam.exe
FirewallRules: [{AF821B65-0B71-4382-94EC-4DBDD4861D94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Go Home Dinosaurs\Eastgate.exe
FirewallRules: [{B2EEDCFA-D33D-47C9-B592-586769BF8BC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Go Home Dinosaurs\Eastgate.exe
FirewallRules: [{11B7E7BD-5DCF-4103-B25B-8EAC52BCF7DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero Academy\HeroAcademy.exe
FirewallRules: [{ECE33A69-8722-459B-BEC5-6611B65D4B1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero Academy\HeroAcademy.exe
FirewallRules: [{8C5D3807-F3D5-483C-BB62-E6A267E5AFEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ibomber defense pacific\iBomberDefensePacific.exe
FirewallRules: [{FB0512F7-1457-4F1D-9EFC-D6B6660E0E86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ibomber defense pacific\iBomberDefensePacific.exe
FirewallRules: [{6C398AAF-FE8B-4462-88B4-9E2DF1C00AE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\f1 race stars\F1RaceStars.exe
FirewallRules: [{57D32252-4FDE-4554-8B8B-9776A775A016}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\f1 race stars\F1RaceStars.exe
FirewallRules: [{165372EC-7B50-4658-9E78-342B476F2C19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hydrophobia\HydroPC.exe
FirewallRules: [{6F2C7093-AC74-4E0B-9273-1CC179BC0F63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hydrophobia\HydroPC.exe
FirewallRules: [{2FC48271-68C1-428A-9F7E-9200CEE11EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magnetis\Magnetis.exe
FirewallRules: [{4126F9AE-698D-4907-B2E2-381E2EAF21DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magnetis\Magnetis.exe
FirewallRules: [{DC8FF109-33E3-4A91-804E-97B5DDF019B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dwarfs\Dwarfs.exe
FirewallRules: [{BBE00BDA-5AC6-4643-9373-10B5AA8925D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dwarfs\Dwarfs.exe
FirewallRules: [{A61410B8-D910-4ED9-8BA2-7E406331D2E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad\mow_assault_squad.exe
FirewallRules: [{1CB85A98-9A1A-4265-974E-BB984079EC8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad\mow_assault_squad.exe
FirewallRules: [{508959C3-0A1F-4E29-8172-27C8F9B36D1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{5778B0E3-37DC-4572-8C74-47D65D124816}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{F66022D3-5320-45DC-9111-A3E373B824FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/18/2017 10:30:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Name des fehlerhaften Moduls: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00000000000760c6
ID des fehlerhaften Prozesses: 0x2118
Startzeit der fehlerhaften Anwendung: 0x01d289fa819ec9fd
Pfad der fehlerhaften Anwendung: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Berichtskennung: 8a6c2577-62d8-41ab-ab94-808e21e8af13
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/18/2017 10:20:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Name des fehlerhaften Moduls: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00000000000760c6
ID des fehlerhaften Prozesses: 0x29f8
Startzeit der fehlerhaften Anwendung: 0x01d2899c42dad826
Pfad der fehlerhaften Anwendung: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Berichtskennung: 42a9a945-39fa-4543-9997-11ff55464ed5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/17/2017 11:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Name des fehlerhaften Moduls: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00000000000760c6
ID des fehlerhaften Prozesses: 0x980
Startzeit der fehlerhaften Anwendung: 0x01d2892b77fe7daf
Pfad der fehlerhaften Anwendung: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Berichtskennung: 0128791a-1bf7-4e15-aa93-4ad7b9245d96
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/17/2017 09:38:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MSI_ActiveX_Service.exe, Version: 1.0.0.8, Zeitstempel: 0x57ad265a
Name des fehlerhaften Moduls: ActiveX_Resource_Monitor.dll, Version: 1.0.0.8, Zeitstempel: 0x57ad265d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002b10
ID des fehlerhaften Prozesses: 0x8b0
Startzeit der fehlerhaften Anwendung: 0x01d2892b77fb6d69
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\MSI\Dragon Center\ActiveX_Resource_Monitor.dll
Berichtskennung: 1106cdcb-0bd5-40bd-b189-8e206ef00621
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/17/2017 09:38:14 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MSI_ActiveX_Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 71162B10
Error: (02/17/2017 09:37:52 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Dragon Center.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Win32Exception
bei System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
bei MSI_Command_Center.App..ctor()
bei MSI_Command_Center.App.Main()
Error: (02/17/2017 09:37:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Name des fehlerhaften Moduls: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00000000000760c6
ID des fehlerhaften Prozesses: 0xa64
Startzeit der fehlerhaften Anwendung: 0x01d287f730d17a25
Pfad der fehlerhaften Anwendung: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Berichtskennung: 6014af8a-851a-4464-b25a-dc772aa52313
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/15/2017 08:52:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DragonCenter_Updaer.exe, Version: 1.0.1608.1101, Zeitstempel: 0x57ac76fb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x582588e6
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x1630
Startzeit der fehlerhaften Anwendung: 0x01d287f7492e0cdb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\DragonCenter_Updaer.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 8626502a-dbf7-455d-9271-94008fa30783
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/15/2017 08:52:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DragonCenter_Updaer.exe, Version: 1.0.1608.1101, Zeitstempel: 0x57ac76fb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x582588e6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x1630
Startzeit der fehlerhaften Anwendung: 0x01d287f7492e0cdb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\DragonCenter_Updaer.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 08e39c26-98db-4602-9ec7-ea2374486f53
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/15/2017 08:52:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Systemfehler:
=============
Error: (02/18/2017 04:44:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/18/2017 02:51:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/18/2017 02:51:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/18/2017 02:51:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/18/2017 10:50:18 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/18/2017 10:30:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Killer Network Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (02/18/2017 10:20:15 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Killer Network Service" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (02/18/2017 10:20:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Killer Network Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/18/2017 10:05:11 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/18/2017 08:35:23 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
CodeIntegrity:
===================================
Date: 2017-02-18 16:18:55.405
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.
Date: 2017-02-18 16:18:55.399
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.
Date: 2017-02-18 16:18:55.396
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.
Date: 2017-02-18 16:18:55.390
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.
Date: 2017-02-18 16:18:22.805
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
Date: 2017-02-18 16:18:16.123
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.
Date: 2017-02-18 16:18:16.117
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.
Date: 2017-02-18 16:18:16.022
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
Date: 2017-02-18 16:18:15.975
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.
Date: 2017-02-18 16:18:15.967
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 16338.75 MB
Verfügbarer physikalischer RAM: 12586.04 MB
Summe virtueller Speicher: 18770.75 MB
Verfügbarer virtueller Speicher: 14988.83 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:237.18 GB) (Free:32.9 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1862.89 GB) (Free:933.57 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 6DDB4527)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
19.02.2017, 14:17
| #6 |
| /// TB-Ausbilder | GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen Servus, weiter auf dem MSI-Rechner: wir entfernen die letzten Reste und kontrollieren nochmal alles.  Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKU\S-1-5-21-4218886898-41493801-728894-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
HKU\S-1-5-18\...\Run: [] => [X]
BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 4
 Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
20.02.2017, 12:34
| #7 |
| | GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen Hallo Matthias, Ich hoffe Du hattest ein schoenes Wochenende. Hier erstmal die Logdatei des FRST-Fix .... Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-02-2017
durchgeführt von Administrator (20-02-2017 00:01:03) Run:1
Gestartet von C:\Users\MarkStrong\Desktop
Geladene Profile: MarkStrong & Administrator (Verfügbare Profile: defaultuser0 & MarkStrong & Administrator)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
HKU\S-1-5-21-4218886898-41493801-728894-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
HKU\S-1-5-18\...\Run: [] => [X]
BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozesse erfolgreich geschlossen.
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Report => Wert erfolgreich entfernt
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Schlüssel erfolgreich entfernt
HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Schlüssel nicht gefunden.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4218886898-41493801-728894-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-4218886898-41493801-728894-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16920558 B
Java, Flash, Steam htmlcache => 10826891 B
Windows/system/drivers => 5244286 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 970883 B
systemprofile32 => 128 B
LocalService => 19562 B
NetworkService => 38180 B
defaultuser0 => 128 B
MarkStrong => 184631742 B
Administrator => 23976918 B
RecycleBin => 533328 B
EmptyTemp: => 231.9 MB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 00:01:07 ====
hier ist das ESET Logfile.... Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=46767fd742c1a74fa95a962bdef84b84
# end=init
# utc_time=2017-02-20 05:09:15
# local_time=2017-02-20 12:09:15 (-0500, Westl. Südamerika Normalzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 32462
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=46767fd742c1a74fa95a962bdef84b84
# end=updated
# utc_time=2017-02-20 05:14:45
# local_time=2017-02-20 12:14:45 (-0500, Westl. Südamerika Normalzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=46767fd742c1a74fa95a962bdef84b84
# engine=32462
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-02-20 06:45:28
# local_time=2017-02-20 01:45:28 (-0500, Westl. Südamerika Normalzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 17982144 0 0
# scanned=673502
# found=1
# cleaned=0
# scan_time=5442
sh=95B785C6D5465575F2B951FC5E31890B84D1FAA9 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L eventuell unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\3cc43.msi"
hier die Logdatei von Hitman .... Code:
ATTFilter HitmanPro 3.7.15.281
www.hitmanpro.com
Computer name . . . . : MSI
Windows . . . . . . . : 10.0.0.14393.X64/8
User name . . . . . . : MSI\Administrator
UAC . . . . . . . . . : Disabled
License . . . . . . . : Free
Scan date . . . . . . : 2017-02-20 06:25:53
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 35s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 4
Objects scanned . . . : 2.626.588
Files scanned . . . . : 58.171
Remnants scanned . . : 718.322 files / 1.850.095 keys
Suspicious files ____________________________________________________________
C:\Users\MarkStrong\Desktop\FRST-OlderVersion\FRST64.exe
Size . . . . . . . : 2.422.784 bytes
Age . . . . . . . : 4.4 days (2017-02-15 20:54:53)
Entropy . . . . . : 7.6
SHA-256 . . . . . : C2280BABEB08B58E46141BA6BE499ACA4779C2DE22910F8C56BCD041AD8E07D6
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\Users\MarkStrong\Desktop\FRST-OlderVersion\FRST64.exe
0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\11\
0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\11\773CD99B853A75E3.dat
1.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\187C4497D92DB351BA62D32158DDCA43
1.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\11\773CD99B853A75E3.dat
1.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{BFD6A531-A36B-4314-92C0-2C5CFF9BDE51}
3.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E89B9A08-D1DA-42DE-AC9C-27E185FE23BE}
22.5s C:\FRST\Hives\
22.5s C:\FRST\Logs\
22.5s C:\FRST\
22.5s C:\FRST\Quarantine\
24.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\11\773CD99B853A75E3.dat
24.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\11\
C:\Users\MarkStrong\Desktop\FRST64.exe
Size . . . . . . . : 2.422.784 bytes
Age . . . . . . . : 0.3 days (2017-02-20 00:00:43)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 49CE8654FAF2CE65F8A87A16D0C202D3679C5A9A1F971D670DF2C67827F77500
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\Users\MarkStrong\Desktop\FRST64.exe
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\49\CF73E7CCC70590BD.dat
5.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\19\
5.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\19\48E370CB81F6F22B.dat
7.6s C:\Windows\Prefetch\DLLHOST.EXE-4F1B3E7E.pf
20.6s C:\FRST\Logs\ct
20.6s C:\Users\MarkStrong\Desktop\Fixlog.txt
21.3s C:\Windows\Prefetch\CMD.EXE-0BD30981.pf
21.3s C:\Windows\Prefetch\BITSADMIN.EXE-61856B04.pf
21.3s C:\Windows\Prefetch\IPCONFIG.EXE-BFEC2AD0.pf
21.6s C:\Windows\Prefetch\NETSH.EXE-A596235F.pf
21.6s C:\FRST\Temp\
21.8s C:\ProgramData\NVIDIA\MessageBus_7100_0x2655EF6F860.log
21.8s C:\ProgramData\NVIDIA\MessageBus_7100_0x2655EFB9160.log
22.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\37\F2DEE2C272C01489.dat
23.1s C:\ProgramData\NVIDIA\MessageBus_7164_0x3397920.log
24.4s C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\
24.4s C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
30.7s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-F5CCE208.pf
31.7s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-DAD47686.pf
31.7s C:\Windows\Prefetch\NVCONTAINER.EXE-537D289C.pf
31.7s C:\Windows\Prefetch\SEARCHINDEXER.EXE-1CF42BC6.pf
38.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\1I613QQA\AAekQ8V[1].png
38.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\MK8RW816\AAel0yR[1].png
39.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\E4B1BY4K\AAkqhIf[1].png
39.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\9JVXL177\AAend98[1].png
39.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\MK8RW816\BBter89[1].jpg
39.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\E4B1BY4K\AA61AKN[1].png
39.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\9JVXL177\AA61Ofl[1].png
39.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\E4B1BY4K\AA3e1pt[1].png
39.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\9JVXL177\BBxn2V1[1].jpg
39.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\1I613QQA\BBuBLGu[1].jpg
39.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\9JVXL177\AA54rQj[1].png
39.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\1I613QQA\BB3ffRJ[1].png
39.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\9JVXL177\AA3e1oO[1].png
39.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\9JVXL177\BBxs3eC[1].jpg
39.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\MK8RW816\AAn6Jdw[1].jpg
39.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\MK8RW816\https___console.brax-cdn.com_creatives_041ca465-399e-4bcf-9b7d-edb6b5c8d972_wall_dc4cf5f226b0fb017a4729a01283da98.600x500[1].jpg
40.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\320BKECK.cookie
41.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\E4B1BY4K\silentpassport[1].htm
41.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\1I613QQA\config[2].json
41.7s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\
41.7s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCookies\DNTException\
41.7s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\
41.7s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat
46.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{9DFBED2D-F729-11E6-9E7E-9CB6D0619AF2}.dat
47.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\birthday[1].gif
47.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\icon5[1].gif
48.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\a368d5ac8d29c5_4d44c95a19487_RL_5DD4_dic.png
48.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\8d0046457c8e71_dc82c2c078a1cb_RL_5391_dic.png
48.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\45f21d6875ef5e_80967443d5c77_RL_EBB5_dic.png
48.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\679c82ca5e7594_c57f70601c1a11_RL_9F76_dic.png
48.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\d9907c02a49c93_7465a45af4f7_RL_7D05_dic.png
48.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\bf005424ee895b_737cdb43f89ce_RL_F554_dic.png
48.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\7a409956e0770_1659c25ab536a8_RL_2FDF_dic.png
48.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\d5a3547988ac40_13bb1b4095da1e_RL_A811_dic.png
48.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\b529fc0e4315ae_8ecac4d197fe2b_RL_D700_dic.png
54.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4VRKASX6\ads[1].htm
54.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4VRKASX6\ads[2].htm
55.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\fWNCK7BQ2.txt
55.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\ads[1].htm
55.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\html_expanding_rendering_lib_200_166[1].js
56.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\17184585222554106578[1].png
56.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\view[3].htm
56.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\tetris[1].htm
56.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RTGFA96R\engagement[1].css
56.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G98MR69M\fNV7IGO3X.txt
56.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G98MR69M\tetris.min[1].css
56.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EOEHZH\tetris_layout.min[1].css
56.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EOEHZH\tetris_gdn_adapter.min[1].js
56.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EOEHZH\Enabler_01_141[1].js
56.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R7C3P67R\CustomElements.min[1].js
56.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VG844JLJ\tetris.min[1].js
56.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VG844JLJ\tetris_layout.min[1].js
56.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MRPZE5E7\prod_studio_01_141_configurablemodule[1].js
56.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WVYADEQV\prod_studio_01_141_gdnmodule[1].js
56.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3K1D0129\css[1].css
57.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAJU9E09\creativeproxy_min[1].js
57.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B1MQUXVC\17440052342574856911[1].png
57.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B1MQUXVC\18379215411212414696[1].jpg
57.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\6342055195536911431[1].jpg
57.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\webfont[1].js
57.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\css[1].css
57.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\13371508212048882986[1].jpg
57.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\3799296385177509907[1].jpg
57.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\17358386777799749214[1].jpg
58.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\720648896412883996[1].jpg
58.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\4765832188212105522[1].png
58.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\63DOK6VQ\7710217025774858707[1].png
58.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RB71WLE2\k3k702ZOKiLJc3WVjuplzOgdm0LZdjqr5-oayXSOefg[1].woff2
67.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\UrlBlock\URL7717.tmp
67.8s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\container.dat
67.8s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCookies\container.dat
68.3s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\R9VEIOKK\
68.3s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\M0OHGI2E\
68.3s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\C91XVSC1\
68.3s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\R9Z73KJ8\
68.3s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\R9Z73KJ8\edgecompatviewlist[1].xml
68.3s C:\FRST\Logs\Fixlog_20-02-2017 00.01.51.txt
68.5s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000005d.db
69.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\74\124DD4E16561FC52.dat
69.4s C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters.dat
79.3s C:\Windows\Logs\MeasuredBoot\0000000047-0000000000.log
80.3s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
80.4s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
84.8s C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
84.8s C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
85.2s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTWFP-IPsec Diagnostics.etl
85.6s C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-02202017-000208-00000003-ffffffff.bin
85.6s C:\ProgramData\NVIDIA Corporation\NvTelemetry\events.dat-wal
85.6s C:\ProgramData\NVIDIA Corporation\NvTelemetry\events.dat-shm
85.7s C:\ProgramData\NVIDIA\Resource.dat
85.7s C:\Windows\Temp\MSI-20170220-0002.log
85.7s C:\ProgramData\NVIDIA\MessageBus_2604_0x248025AC0E0.log
85.8s C:\Windows\Temp\officeclicktorun.exe_streamserver(20170220000209900).log
85.8s C:\ProgramData\NVIDIA\MessageBus_2604_0x248025EAD10.log
85.8s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
86.7s C:\ProgramData\Microsoft\Windows Defender\IMpService77BDAF73-B396-481F-9042-AD358843EC24.lock
86.8s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDefenderApiLogger.etl
86.8s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDefenderAuditLogger.etl
97.3s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\counters.dat
97.4s C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\
98.4s C:\ProgramData\NVIDIA\MessageBus_4772_0x46C0850.log
98.6s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20170220.000221.913.1.etl
98.9s C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log
101.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\AC\INetCache\20VWPP6K\23_11.11.109[1].json
101.8s C:\Windows\Temp\MpCmdRun.log
102.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\P01YU4XB\threshold[1].appcache
103.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{AC6E81B8-D6D2-4BA1-A5A2-B50B8F2F237E}
103.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\
103.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\container.dat
103.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\appcache[1].man
103.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\Init[1].htm
103.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\7e89b3b0[1].js
103.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\07bb2d93[1].css
103.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\ab0a5c8c[1].css
104.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\5b4e95fe[1].js
104.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\db7c5415[1].js
104.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\1acd62c3[1].js
104.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\d64131c7[1].css
104.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\fe0ad3cd[1].js
104.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\f5c37f22[1].js
104.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\37538a23[1].js
104.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\c79829ec[1].js
104.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\44dcef86[1].js
104.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\5e0c9b86[1].js
104.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\d4dfdfde[1].js
104.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\88b9914f[1].css
104.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\9ba403c2[1].css
104.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\3f322849[1].js
104.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\1MPAZKJ9\86\88fa3ae4[1].js
105.3s C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\9b9cdc69c1c24e2b.automaticDestinations-ms
105.4s C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Recent\Fixlog.lnk
105.4s C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
105.4s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\History\desktop.ini
109.5s C:\Users\MarkStrong\AppData\Local\Temp\NVIDIA Corporation\
109.5s C:\Users\MarkStrong\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\
109.5s C:\Users\MarkStrong\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\540300436194852357e3dba01c1e3b55_fce8395c8fd8a99b_7d19a6ad605d6b14_0_0.toc
109.5s C:\Users\MarkStrong\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\540300436194852357e3dba01c1e3b55_fce8395c8fd8a99b_7d19a6ad605d6b14_0_0.bin
109.7s C:\Users\MarkStrong\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\83523e7512baa17632f5a1b0bba23f0f_fce8395c8fd8a99b_30407da85588c538_0_0.toc
109.7s C:\Users\MarkStrong\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\83523e7512baa17632f5a1b0bba23f0f_fce8395c8fd8a99b_30407da85588c538_0_0.bin
112.3s C:\Windows\Temp\NVIDIA Corporation\NV_Cache\
112.3s C:\Windows\Temp\NVIDIA Corporation\
112.3s C:\Windows\Temp\NVIDIA Corporation\NV_Cache\540300436194852357e3dba01c1e3b55_fce8395c8fd8a99b_31b454d8dc6b907d_0_0.toc
112.3s C:\Windows\Temp\NVIDIA Corporation\NV_Cache\540300436194852357e3dba01c1e3b55_fce8395c8fd8a99b_31b454d8dc6b907d_0_0.bin
113.0s C:\Users\MarkStrong\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2017-2-20.52.7588.1.odl
113.3s C:\Users\MarkStrong\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2017-02-20_000236_1da4-1da8.log
113.8s C:\ProgramData\NVIDIA\MessageBus_7652_0xA625C0.log
117.0s C:\ProgramData\NVIDIA\MessageBus_8052_0x44C0870.log
117.2s C:\ProgramData\NVIDIA\MessageBus_8052_0x451CAB0.log
117.3s C:\ProgramData\NVIDIA\MessageBus_8052_0x4520210.log
117.3s C:\ProgramData\NVIDIA\MessageBus_8052_0x456FF38.log
118.9s C:\Users\MarkStrong\OneDrive\.849C9593-D756-4E56-8D6E-42412F2A707B
119.2s C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\counters.dat
120.7s C:\Windows\Temp\FXSTIFFDebugLogFile.txt
120.7s C:\Windows\Temp\FXSAPIDebugLogFile.txt
121.5s C:\Users\MarkStrong\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2017-2-20.52.7588.2.odl
122.5s C:\Users\MarkStrong\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2017-2-20.52.7588.3.odl
125.6s C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\~FontCache-S-1-5-21-4218886898-41493801-728894-500.dat
126.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\90\78A63C1618F19C06.dat
126.8s C:\Windows\Prefetch\UNSECAPP.EXE-72B9DDB3.pf
126.8s C:\Windows\Prefetch\ONEDRIVE.EXE-89D915F2.pf
129.6s C:\Users\Administrator\AppData\Local\CrashDumps\DragonCenter_Updaer.exe.6672.dmp
130.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DragonCenter_Upd_4978a656a8285257dcb8c34d1e1a5499b0b9cccb_04ae4f81_1ee8cc87\
130.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DragonCenter_Upd_4978a656a8285257dcb8c34d1e1a5499b0b9cccb_04ae4f81_1ee8cc87\Report.wer
131.9s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DragonCenter_Upd_04da4428ee4f362ec9e80203e69bd1e47155ff_04ae4f81_0cacd2e0\
131.9s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_DragonCenter_Upd_04da4428ee4f362ec9e80203e69bd1e47155ff_04ae4f81_0cacd2e0\Report.wer
132.0s C:\Users\Administrator\AppData\Local\CrashDumps\DragonCenter_Updaer.exe(1).6672.dmp
145.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{DE253FDA-F729-11E6-9E7F-9CB6D0619AF2}.dat
145.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFCC63F99C52EF6218.TMP
145.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF9EECC84C3243093D.TMP
147.9s C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\DDC12A16-A82B-4581-8952-439543E0312D
148.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\10288062800276236800[1].jpg
148.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\ads[2].htm
149.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA0DGGZF\ads[2].htm
149.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\ads[1].htm
155.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\ca7523e74ecd17_4d44c95a19487_RL_5DD4_dic.png
155.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\a3698766c28f3e_dc82c2c078a1cb_RL_5391_dic.png
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\3e961f8bb53737_Icon.ico
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\f4d1cdd214364d_Icon.ico
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\a9a1c0771cdcfa_Icon.ico
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\87b2a97d136514_80967443d5c77_RL_EBB5_dic.png
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\5743ad19fc5fb6_c57f70601c1a11_RL_9F76_dic.png
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\ed7a2d9d3c6385_7465a45af4f7_RL_7D05_dic.png
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\b9de2bbf5c513f_Icon.ico
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\b8b8b2d2a5ae31_Icon.ico
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\99ad0074956f9d_737cdb43f89ce_RL_F554_dic.png
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\133a981fb4f79b_Icon.ico
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\398422b83ade6c_1659c25ab536a8_RL_2FDF_dic.png
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\f34b8092ede58a_13bb1b4095da1e_RL_A811_dic.png
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\ReadingList\8a430cfc8828ce_8ecac4d197fe2b_RL_D700_dic.png
155.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\Favorites\a5a710adf69856_Icon.ico
158.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RTGFA96R\activeview[1].gif
158.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D7QZT9GU\adview[2].htm
160.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4AUS9SX6\activeview[1].gif
160.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MRPZE5E7\vbulletin_editor[1].css
160.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WVYADEQV\navbits_finallink_ltr[1].gif
170.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3K1D0129\login[1].htm
173.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAJU9E09\newreply[1].htm
173.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAJU9E09\select[1].js
174.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RB71WLE2\vbulletin_textedit[1].js
174.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA0DGGZF\removeformat[1].gif
174.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA0DGGZF\clear[1].gif
174.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\separator[1].gif
174.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\vbulletin_attachment[1].js
174.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RTGFA96R\menupop[1].gif
174.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G98MR69M\color[1].gif
174.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D7QZT9GU\smilie[1].gif
174.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D7QZT9GU\attach[1].gif
174.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4VRKASX6\undo[1].gif
174.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R7C3P67R\redo[1].gif
174.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VG844JLJ\resize_0[1].gif
174.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4AUS9SX6\bold[1].gif
174.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MRPZE5E7\resize_1[1].gif
174.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WVYADEQV\italic[1].gif
174.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3K1D0129\underline[1].gif
174.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R7C3P67R\justifyleft[1].gif
174.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B1MQUXVC\justifycenter[1].gif
174.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\justifyright[1].gif
174.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RB71WLE2\insertorderedlist[1].gif
175.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\insertunorderedlist[1].gif
175.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\outdent[1].gif
175.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\indent[1].gif
175.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RTGFA96R\createlink[1].gif
175.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G98MR69M\unlink[1].gif
175.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EOEHZH\email[1].gif
175.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4VRKASX6\insertimage[1].gif
175.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R7C3P67R\quote[1].gif
175.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VG844JLJ\code[1].gif
175.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4AUS9SX6\html[1].gif
175.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MRPZE5E7\php[1].gif
175.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WVYADEQV\table[1].gif
175.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3K1D0129\youtube[1].png
175.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAJU9E09\eek[1].gif
175.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B1MQUXVC\heilig[1].gif
175.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\lmaa[1].gif
175.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RB71WLE2\stirn[1].gif
175.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\taenzer[1].gif
175.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA0DGGZF\sleepy[1].gif
175.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\rofl[1].gif
175.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\heulen[1].gif
175.9s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\W3VAO90O\
175.9s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\G33VCT30\
175.9s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\SMQE41EX\
175.9s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\GPAEYA77\
175.9s C:\Users\MarkStrong\AppData\Local\Microsoft\Windows\INetCache\IE\GPAEYA77\edgecompatviewlist[1].xml
175.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RTGFA96R\singsing[1].gif
175.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G98MR69M\rolleyes[1].gif
175.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EOEHZH\aplaus[1].gif
176.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D7QZT9GU\zzwhip[1].gif
176.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4VRKASX6\pfeiff[1].gif
176.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R7C3P67R\balla[1].gif
176.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VG844JLJ\killpc[1].gif
176.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4AUS9SX6\schrei[1].gif
176.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MRPZE5E7\sword2[1].gif
176.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\HMPDYO6W\l1DOCKYI6L.dat
176.2s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WVYADEQV\nono[1].gif
176.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3K1D0129\dankeschoen[1].gif
176.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAJU9E09\lach[1].gif
176.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B1MQUXVC\kaffee_reboot[1].gif
176.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\glaskugel2[1].gif
176.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RB71WLE2\aufsmaul[1].gif
176.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\glaskugel[1].gif
176.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\icon17[1].gif
176.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA0DGGZF\bussi[1].gif
176.6s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\icon19[1].gif
176.7s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RTGFA96R\icon21[1].gif
176.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G98MR69M\icon23[1].gif
176.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EOEHZH\icon24[1].gif
176.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D7QZT9GU\icon27[1].gif
176.8s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4VRKASX6\icon26[1].gif
176.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R7C3P67R\icon30[1].gif
176.9s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VG844JLJ\icon32[1].gif
177.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4AUS9SX6\icon34[1].gif
177.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4AUS9SX6\icon16[1].gif
177.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MRPZE5E7\icon14[1].gif
177.0s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WVYADEQV\icon2[1].gif
177.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3K1D0129\icon3[1].gif
177.1s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FAJU9E09\icon6[1].gif
177.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B1MQUXVC\icon7[1].gif
177.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SIHAMWWK\icon8[1].gif
177.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RB71WLE2\icon10[1].gif
177.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\852ECG37\icon11[1].gif
177.3s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YA0DGGZF\icon12[1].gif
177.4s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M54MNK3W\icon13[1].gif
177.5s C:\Users\MarkStrong\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSLFJQKA\icon35[1].gif
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}\ (ReimageRepair)
HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}\ (ReimageRepair)
anbei die erste Logdatei von FRST .... FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
durchgeführt von Administrator (Administrator) auf MSI (20-02-2017 06:32:07)
Gestartet von C:\Users\MarkStrong\Desktop
Geladene Profile: defaultuser0 & MarkStrong & Administrator (Verfügbare Profile: defaultuser0 & MarkStrong & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
(Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-20] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [693432 2016-10-07] ()
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [4811048 2016-09-09] (Portrait Displays, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2016-08-19] (MSI)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\ADMINI~1\AppData\Local\Temp\DeleteOnReboot.bat <===== ACHTUNG
HKU\S-1-5-21-4218886898-41493801-728894-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2016-10-20]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-10-20]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{44c729b7-3a09-4761-bb9e-6fb3853c3b3d}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-4218886898-41493801-728894-1001 -> DefaultScope {FFD7DB1D-3F65-4AC8-A7C6-562077F48108} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-07] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [1951456 2016-09-29] (Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-08-19] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [180520 2016-09-09] (Portrait Displays, Inc.)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [58296 2016-08-12] (Micro-Star INT'L CO., LTD.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362568 2015-06-18] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2016-12-12] (NVIDIA Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266328 2016-12-04] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys [173808 2015-06-24] (Symantec Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-16] (Qualcomm Atheros, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-20] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NTIOLib_ACTIVE_X; C:\Program Files (x86)\MSI\Dragon Center\NTIOLib_X64.sys [13776 2016-04-12] (MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_85330ff976332cdb\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-12-12] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [35272 2016-10-20] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2016-12-12] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2403248 2016-09-06] (Qualcomm Atheros, Inc.)
R2 RfeCoSvc; C:\Windows\system32\DRIVERS\RfeCo10X64.sys [87904 2016-09-29] (Rivet Networks, LLC.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-10-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42088 2016-10-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-10-20] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2016-06-14] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [52960 2016-10-04] (SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [33896 2016-06-14] (SteelSeries ApS)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-14] (Symantec Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()
R2 WtfEngineDrv; C:\Windows\system32\DRIVERS\WtfEngineDrv.sys [27904 2016-02-01] (AAA Internet Publishing, Inc.)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\EX64.SYS [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-20 06:24 - 2017-02-20 06:27 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-20 05:46 - 2017-02-20 06:23 - 11581544 _____ (SurfRight B.V.) C:\Users\MarkStrong\Desktop\HitmanPro_x64.exe
2017-02-20 00:08 - 2017-02-20 00:08 - 02870984 _____ (ESET) C:\Users\MarkStrong\Desktop\esetsmartinstaller_deu.exe
2017-02-20 00:01 - 2017-02-20 00:01 - 00003068 _____ C:\Users\MarkStrong\Desktop\Fixlog.txt
2017-02-19 18:35 - 2017-02-19 18:35 - 00000000 ___HD C:\OneDriveTemp
2017-02-18 17:18 - 2017-02-20 00:00 - 00000000 ____D C:\Users\MarkStrong\Desktop\FRST-OlderVersion
2017-02-18 17:13 - 2017-02-18 17:13 - 00001234 _____ C:\Users\Administrator\Desktop\mbam.txt
2017-02-18 17:07 - 2017-02-18 17:07 - 00001339 _____ C:\Users\Administrator\Desktop\Malwarebytes 13.02.txt
2017-02-16 19:56 - 2017-02-16 20:18 - 00272742 _____ C:\TDSSKiller.3.1.0.12_16.02.2017_19.56.31_log.txt
2017-02-15 21:20 - 2017-02-15 21:21 - 00270548 _____ C:\TDSSKiller.3.1.0.12_15.02.2017_21.20.37_log.txt
2017-02-15 20:56 - 2017-02-15 20:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\MarkStrong\Desktop\tdsskiller.exe
2017-02-15 20:55 - 2017-02-20 06:32 - 00018006 _____ C:\Users\MarkStrong\Desktop\FRST.txt
2017-02-15 20:55 - 2017-02-20 06:32 - 00000000 ____D C:\FRST
2017-02-15 20:55 - 2017-02-18 17:19 - 00061888 _____ C:\Users\MarkStrong\Desktop\Addition.txt
2017-02-15 20:54 - 2017-02-20 00:00 - 02422784 _____ (Farbar) C:\Users\MarkStrong\Desktop\FRST64.exe
2017-02-15 20:46 - 2017-02-18 07:57 - 00000000 ____D C:\AdwCleaner
2017-02-15 20:46 - 2017-02-15 20:46 - 04015056 _____ C:\Users\MarkStrong\Desktop\AdwCleaner_6.043.exe
2017-02-14 00:51 - 2017-02-14 00:52 - 00000000 ____D C:\ProgramData\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2015
2017-02-13 20:03 - 2017-02-20 00:02 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 20:03 - 2017-02-13 20:03 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 20:03 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-13 18:58 - 2017-02-13 18:52 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-13 18:00 - 2017-02-13 18:00 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\WinZip
2017-02-10 14:35 - 2017-02-10 14:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 14:35 - 2017-01-20 09:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-10 14:35 - 2016-12-15 19:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00266528 _____ C:\Windows\system32\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-10 14:35 - 2016-12-15 19:32 - 00125728 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-10 14:33 - 2017-01-23 19:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00944224 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00719160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00618232 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00609216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00573120 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00447800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-10 09:21 - 2017-02-10 09:23 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-02-03 15:55 - 2017-02-03 15:55 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Microsoft Help
2017-01-25 08:59 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-25 08:59 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-20 06:22 - 2016-08-01 17:28 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-20 06:04 - 2016-12-20 18:36 - 00004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5ECB8719-0C45-4D0B-9E23-341326ED26A6}
2017-02-20 00:09 - 2016-08-01 18:06 - 00619736 _____ C:\Windows\system32\perfh019.dat
2017-02-20 00:09 - 2016-08-01 18:06 - 00224376 _____ C:\Windows\system32\perfc019.dat
2017-02-20 00:09 - 2016-08-01 18:02 - 00727940 _____ C:\Windows\system32\prfh0816.dat
2017-02-20 00:09 - 2016-08-01 18:02 - 00245714 _____ C:\Windows\system32\prfc0816.dat
2017-02-20 00:09 - 2016-08-01 17:58 - 00750800 _____ C:\Windows\system32\perfh013.dat
2017-02-20 00:09 - 2016-08-01 17:58 - 00252872 _____ C:\Windows\system32\perfc013.dat
2017-02-20 00:09 - 2016-08-01 17:50 - 00729196 _____ C:\Windows\system32\perfh010.dat
2017-02-20 00:09 - 2016-08-01 17:50 - 00240640 _____ C:\Windows\system32\perfc010.dat
2017-02-20 00:09 - 2016-08-01 17:47 - 00749044 _____ C:\Windows\system32\perfh00C.dat
2017-02-20 00:09 - 2016-08-01 17:47 - 00246794 _____ C:\Windows\system32\perfc00C.dat
2017-02-20 00:09 - 2016-08-01 17:42 - 00743248 _____ C:\Windows\system32\perfh00A.dat
2017-02-20 00:09 - 2016-08-01 17:42 - 00250846 _____ C:\Windows\system32\perfc00A.dat
2017-02-20 00:09 - 2016-08-01 17:40 - 00789560 _____ C:\Windows\system32\perfh008.dat
2017-02-20 00:09 - 2016-08-01 17:40 - 00255840 _____ C:\Windows\system32\perfc008.dat
2017-02-20 00:09 - 2016-08-01 17:37 - 01114980 _____ C:\Windows\system32\perfh007.dat
2017-02-20 00:09 - 2016-08-01 17:37 - 00262714 _____ C:\Windows\system32\perfc007.dat
2017-02-20 00:09 - 2016-08-01 17:33 - 09583584 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-20 00:02 - 2016-12-23 04:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-02-20 00:02 - 2016-12-14 10:14 - 00000000 ___RD C:\Users\MarkStrong\OneDrive
2017-02-20 00:02 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-20 00:02 - 2016-08-01 17:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-20 00:01 - 2016-12-23 04:07 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-20 00:01 - 2016-07-16 01:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-02-19 17:55 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong
2017-02-19 17:52 - 2016-12-14 12:08 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-19 16:37 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-19 16:23 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Skype
2017-02-19 00:01 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\CrashDumps
2017-02-18 14:56 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 14:46 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-02-13 21:49 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\Norton
2017-02-13 18:52 - 2016-12-14 10:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-02-13 18:52 - 2016-07-16 06:47 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-02-13 18:52 - 2016-07-16 01:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-02-13 18:00 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\WinZip
2017-02-13 00:15 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 14:09 - 2016-12-14 10:13 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA Corporation
2017-02-10 14:09 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA
2017-02-10 14:02 - 2016-12-14 12:21 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-10 09:22 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-03 01:26 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-02 13:14 - 2016-12-14 22:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-02-02 13:13 - 2016-12-20 09:14 - 00000001 _____ C:\Users\Public\Documents\dgc_DC.txt
2017-02-02 13:13 - 2016-12-14 22:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-02-02 13:13 - 2016-08-01 17:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-01 21:25 - 2016-12-19 00:13 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 21:25 - 2016-12-19 00:13 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-25 09:17 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-24 19:02 - 2016-12-14 10:14 - 00002397 _____ C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 19:00 - 2016-10-20 18:52 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-01-23 19:00 - 2016-10-20 18:52 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-01-21 05:55 - 2017-01-17 05:54 - 00048696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-10-20 18:53 - 2016-10-20 18:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-23 04:07 - 2017-02-20 00:02 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 04:07 - 2017-02-20 00:01 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-02-17 17:28
==================== Ende von FRST.txt ============================
|
|
| Themen zu GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen |
| angezeigt, anhang, anzeige, anzeigen, daten, direkt, email, experten, externe, externe festplatte, festplatte, file, gespeichert, gesuch, gesucht, hilfe gesucht, interne, internet, mail, nicht mehr, platte, trojaner, webseite, webseiten, zeichen |
und 
und speichere die Logdatei auf Deinem Desktop.
Hybrid-Darstellung
