Verdacht auf Virus

januskopf198 · 19.02.2017, 13:58

Hallo zusammen,

seit ein paar Tagen ist mein PC extrem langsam geworden und ich bekomme urplötzlich massenhaft Junk Mails über Thunderbird.
Irgendwie hab ich so das Gefühl, dass sich da was eingenistet hat :-(

Könnt ihr mir beim Herausfinden und ggf. der Beseitigung helfen?

Viele Grüße
Jan

M-K-D-B · 19.02.2017, 14:24

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

januskopf198 · 19.02.2017, 20:09

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017 01
durchgeführt von Chris (Administrator) auf DESKTOP-2M6NKLL (19-02-2017 20:08:52)
Gestartet von C:\Users\Chris\Downloads
Geladene Profile: Chris (Verfügbare Profile: Chris)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Akamai Technologies, Inc.) C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Spotify Ltd) C:\Users\Chris\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Ruiware) D:\WinPatrol\WinPatrol.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.) <===== ACHTUNG
HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Run: [Spotify Web Helper] => C:\Users\Chris\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-10] (Spotify Ltd)
HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Run: [WinPatrol] => D:\WinPatrol\winpatrol.exe [1231240 2016-11-14] (Ruiware)
HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{19eb9ae3-527e-44e3-bbd5-7d176c4ff30d}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{9a9780da-5392-447d-830c-de21e4f15d60}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{ae647b26-9842-48b9-8376-c59f5f8cabab}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{da0ba8eb-9cdd-48eb-84c1-7c479440b9ea}: [DhcpNameServer] 192.168.2.1 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168 [2017-02-19]
FF Extension: (English (GB) Language Pack) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2017-02-11]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-24]
FF Extension: (Locale Switcher) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168\Extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi [2017-02-11]
FF Extension: (Youtube Converter MP3) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2016-09-02]
FF Extension: (Adblock Plus) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168\features\{5fdee43e-2231-4aa4-acfc-8e250a4cceff}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2085067102-2347417263-2365046495-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-02-18] ()

Chrome: 
=======
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2017-02-13]
CHR Extension: (Google Präsentationen) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-14]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-14]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-14]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-28]
CHR Extension: (Google Tabellen) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-14]
CHR Extension: (Avira Browserschutz) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-30]
CHR Extension: (Skype) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-01]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-28]
CHR Extension: (Google Mail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-16] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-05-14] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [185128 2015-05-29] (Intel Corporation)
R3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [281896 2015-05-29] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys [14516664 2017-02-10] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-05-04] (Realtek                                            )
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2016-07-16] (Realtek Semiconductor Corporation                           )
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [159952 2015-11-14] (Ray Hinchliffe)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 VCSVADHWSer; C:\WINDOWS\system32\DRIVERS\vcsvad.sys [29320 2015-10-01] (AVSOFT Corp.)
R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx64.sys [43472 2016-07-27] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
R4 truecrypt; \??\I:\Program Files\TrueCrypt\truecrypt-x64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-19 20:08 - 2017-02-19 20:09 - 00021455 _____ C:\Users\Chris\Downloads\FRST.txt
2017-02-19 20:08 - 2017-02-19 20:08 - 02422784 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2017-02-19 20:08 - 2017-02-19 20:08 - 00000000 ____D C:\FRST
2017-02-17 19:25 - 2017-02-17 19:44 - 58142701 _____ C:\Users\Chris\Downloads\topless light.mp4
2017-02-15 14:58 - 2017-02-15 14:58 - 00000000 ____D C:\Users\Chris\ansel
2017-02-14 23:13 - 2017-02-14 23:13 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-14 23:13 - 2017-02-09 23:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-14 23:12 - 2017-02-10 03:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00944224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00719856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00618416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00605120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-09 19:51 - 2017-02-10 23:19 - 00542248 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-02-09 19:51 - 2017-02-09 19:51 - 00000000 ____D C:\ProgramData\For Honor
2017-02-08 16:14 - 2017-02-08 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 05:38 - 2017-02-07 05:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-31 02:56 - 2017-01-31 02:57 - 00000000 ____D C:\Users\Chris\Documents\Anno 2205
2017-01-30 16:38 - 2017-01-30 16:38 - 00000234 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anno 2205.url
2017-01-29 16:00 - 2017-02-19 01:45 - 00000000 ____D C:\Users\Chris\AppData\Local\Ubisoft Game Launcher
2017-01-29 16:00 - 2017-01-29 16:00 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Ubisoft
2017-01-29 16:00 - 2017-01-29 16:00 - 00000000 ____D C:\ProgramData\Ubisoft
2017-01-29 15:58 - 2017-01-29 15:58 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-01-29 15:18 - 2017-01-29 15:18 - 00000000 ____D C:\WINDOWS\SysWOW64\AGEIA
2017-01-29 15:18 - 2017-01-29 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
2017-01-29 15:18 - 2017-01-29 15:18 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-01-28 15:17 - 2017-01-28 15:17 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-27 14:53 - 2017-02-03 14:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-27 14:53 - 2017-01-27 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2017-01-27 14:53 - 2017-01-27 14:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-27 14:53 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-27 14:53 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-27 14:53 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-27 14:47 - 2017-01-27 14:49 - 00000000 ____D C:\AdwCleaner
2017-01-26 01:13 - 2017-01-26 01:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-39-1.exe
2017-01-26 01:12 - 2017-01-26 01:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-39-1.dll
2017-01-26 01:09 - 2017-01-26 01:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1-1-0-39-1.dll
2017-01-26 01:09 - 2017-01-26 01:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-39-1.exe
2017-01-25 14:24 - 2017-01-24 01:00 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-01-25 14:24 - 2017-01-20 17:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-25 14:24 - 2017-01-20 17:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-25 14:24 - 2017-01-20 17:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-25 14:24 - 2017-01-20 17:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-25 14:21 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 14:21 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-19 20:06 - 2016-11-18 15:16 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\Mozilla
2017-02-19 20:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-19 20:02 - 2016-08-05 20:44 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-19 18:11 - 2016-08-05 20:45 - 00000000 ____D C:\Users\Chris
2017-02-19 18:11 - 2016-03-14 17:33 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Skype
2017-02-19 02:33 - 2016-03-19 00:47 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2017-02-19 01:43 - 2016-03-14 21:44 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2017-02-19 00:08 - 2016-03-14 17:43 - 00000000 ____D C:\Users\Chris\Documents\The Lord of the Rings Online
2017-02-18 19:55 - 2016-08-05 20:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-18 15:21 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 22:38 - 2016-11-07 19:51 - 00000000 ____D C:\Users\Chris\AppData\Local\Spotify
2017-02-17 22:33 - 2016-11-07 19:50 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Spotify
2017-02-16 17:12 - 2016-04-16 11:51 - 00000000 ___RD C:\Users\Chris\Dropbox
2017-02-15 22:23 - 2016-03-14 18:37 - 00000000 ____D C:\Users\Chris\AppData\Local\Adobe
2017-02-15 22:13 - 2016-09-14 01:46 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-15 22:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 22:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-15 15:02 - 2016-03-14 18:39 - 00000000 ____D C:\Users\Chris\AppData\Roaming\TS3Client
2017-02-15 15:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-14 23:16 - 2016-07-16 23:51 - 03415306 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-14 23:16 - 2016-07-16 23:51 - 00929146 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-14 23:16 - 2015-11-05 21:11 - 06900166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-14 23:14 - 2016-08-05 20:44 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-14 23:14 - 2016-02-18 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-14 23:13 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-14 23:13 - 2016-03-14 17:32 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-14 17:00 - 2016-12-09 15:56 - 00000000 ____D C:\Users\Chris\Knuddels-Stapp
2017-02-13 22:13 - 2016-11-28 22:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-13 22:13 - 2016-08-05 20:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-13 22:13 - 2016-03-14 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-11 15:18 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-10 03:33 - 2016-07-14 19:15 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 03:33 - 2016-07-14 19:15 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 03:33 - 2016-07-14 19:15 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-10 00:13 - 2017-01-01 19:51 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-09 23:57 - 2016-08-05 20:44 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-09 23:57 - 2016-08-05 20:44 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-09 23:57 - 2016-08-05 20:44 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-09 23:57 - 2016-08-05 20:44 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-09 23:57 - 2016-08-05 20:44 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-09 23:57 - 2016-08-05 20:44 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-09 23:57 - 2016-08-05 20:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-09 23:57 - 2016-08-05 20:44 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-09 19:51 - 2016-12-09 01:45 - 00000000 ____D C:\Users\Chris\Documents\My Games
2017-02-09 15:44 - 2016-03-14 17:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-09 15:44 - 2016-03-14 17:33 - 00000000 ____D C:\ProgramData\Skype
2017-02-09 12:10 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SystemApps
2017-02-08 16:14 - 2016-04-16 11:47 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-07 14:34 - 2016-03-14 19:54 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 23:12 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-04 23:12 - 2015-11-05 21:20 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-31 03:41 - 2016-03-14 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-01-29 15:58 - 2016-06-11 11:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-28 15:10 - 2016-12-14 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 14:54 - 2016-03-14 19:52 - 00000000 ____D C:\Users\Chris\AppData\Local\Google
2017-01-28 00:11 - 2017-01-01 19:51 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2017-01-01 19:51 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2016-10-06 19:40 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2016-10-06 19:40 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2016-10-06 19:40 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2016-10-06 19:40 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2016-10-06 19:40 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2016-08-05 20:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-28 00:11 - 2016-08-05 20:44 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-27 15:01 - 2016-03-14 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2017-01-27 15:01 - 2016-03-14 21:08 - 00000000 ____D C:\ProgramData\InstallMate
2017-01-26 01:13 - 2016-03-14 17:32 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-01-26 01:12 - 2016-03-14 17:32 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-01-26 01:09 - 2016-03-14 17:32 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-01-26 01:09 - 2016-03-14 17:32 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-01-25 19:38 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 01:00 - 2016-07-14 19:15 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-01-24 01:00 - 2016-07-14 19:15 - 00217528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-01-23 10:43 - 2016-04-11 20:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-23 10:40 - 2016-12-15 18:39 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-23 10:40 - 2016-03-14 17:44 - 00000000 ____D C:\Users\Chris\AppData\Local\Akamai
2017-01-23 10:40 - 2016-03-14 17:23 - 00002440 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 10:40 - 2016-03-14 17:23 - 00000000 ___RD C:\Users\Chris\OneDrive
2017-01-20 19:39 - 2017-01-10 22:54 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-01-20 19:39 - 2017-01-01 19:51 - 01872320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-20 19:39 - 2017-01-01 19:51 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-20 19:39 - 2017-01-01 19:51 - 01464768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-20 19:39 - 2017-01-01 19:51 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-20 19:39 - 2017-01-01 19:51 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-20 17:38 - 2016-08-17 13:33 - 00514616 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-01-20 17:38 - 2016-08-17 13:33 - 00420408 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-01-20 17:38 - 2016-07-14 19:15 - 04079032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SET61B8.tmp
2017-01-20 17:38 - 2016-07-14 19:15 - 03597640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SET697B.tmp
2017-01-20 14:36 - 2017-01-01 19:51 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-07-27 21:37 - 2016-07-27 21:37 - 0001167 _____ () C:\Users\Chris\AppData\Roaming\trace_FilterInstaller.txt
2016-07-27 21:37 - 2016-07-27 21:37 - 0000000 _____ () C:\Users\Chris\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-08-30 23:51 - 2017-01-14 02:11 - 0015872 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-05 20:45 - 2016-08-05 20:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-08-30 23:46 - 2016-08-30 23:47 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-15 20:42 - 2017-01-10 22:54 - 0005943 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 20:42 - 2017-01-09 20:30 - 0018438 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe


Einige Dateien in TEMP:
====================
2016-08-05 20:51 - 2016-08-05 20:51 - 0000000 ____D () C:\Users\Chris\AppData\Local\Temp\avgnt.exe
2017-01-25 14:26 - 2017-01-20 15:07 - 0757240 _____ (NVIDIA Corporation) C:\Users\Chris\AppData\Local\Temp\nvSCPAPI.dll
2017-01-25 14:26 - 2017-01-20 15:07 - 0872088 _____ (NVIDIA Corporation) C:\Users\Chris\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-14 23:12 - 2017-01-20 15:07 - 0352704 _____ (NVIDIA Corporation) C:\Users\Chris\AppData\Local\Temp\nvStInst.exe
2017-01-01 19:51 - 2017-01-06 02:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\Chris\AppData\Local\Temp\NvTelemetryAPI32.dll
2017-01-01 19:51 - 2017-01-06 02:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\Chris\AppData\Local\Temp\NvTelemetryAPI64.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-14 19:33

==================== Ende von FRST.txt ============================

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-02-2017 01
durchgeführt von Chris (19-02-2017 20:09:13)
Gestartet von C:\Users\Chris\Downloads
Windows 10 Home Version 1607 (X64) (2016-08-05 19:49:47)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2085067102-2347417263-2365046495-500 - Administrator - Disabled)
Chris (S-1-5-21-2085067102-2347417263-2365046495-1001 - Administrator - Enabled) => C:\Users\Chris
DefaultAccount (S-1-5-21-2085067102-2347417263-2365046495-503 - Limited - Disabled)
Gast (S-1-5-21-2085067102-2347417263-2365046495-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
AGEIA PhysX v7.07.09 (HKLM-x32\...\{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 - AGEIA Technologies, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version:  - Ubisoft)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Datenrettung by EaseUS (HKLM\...\Datenrettung by EaseUS_is1) (Version:  - EaseUS)
Deadlight (HKLM\...\Steam App 211400) (Version:  - Tequila Works, S.L.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
File Repair (HKLM-x32\...\File Repair_is1) (Version:  - File Repair)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Knuddels Standalone App (HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Knuddels App ) (Version: "2015.12.6.0" - "Knuddels App")
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 2.6.55 (remove only) (HKLM-x32\...\ManyCam) (Version: 2.6.55 - ManyCam LLC)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 de)) (Version: 45.7.1 - Mozilla)
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\MPEG4E) (Version:  - )
netis Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0193 - netis Systems Co.,Ltd.)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Walking Dead (HKLM\...\Steam App 207610) (Version:  - Telltale Games)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {003D87C9-8305-4802-B303-24E5CF415B18} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {01F75D02-88A8-4415-82A6-CE9CB48DCEE0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-16] (Dropbox, Inc.)
Task: {19F368A0-953B-4868-98EE-22FE1DC26823} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {2E7ABA58-2703-42C4-95F9-3448C7027324} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {42661BCB-AAA8-4D5F-AE20-C24079689118} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-14] (Google Inc.)
Task: {6AEB1581-AD0B-498E-A552-774E5FEB2FB9} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {A2758957-7E91-4DE2-90D0-61D99D4B0CCB} - System32\Tasks\{2E2CE07B-4A22-40E3-B7DB-A94E8F2C6065} => Firefox.exe hxxp://ui.skype.com/ui/0/7.26.0.101/de/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {A45ABF86-8FAB-42D0-BE17-37B4906AE157} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {A4B1CEF0-6F9D-4A6B-BD9F-CD34CACBE8C0} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {A7A31280-0758-4A15-9A25-21158FDEC16B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {AD9AA984-C7BA-4E53-8B6C-6243F400FC1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-14] (Google Inc.)
Task: {ADC928F9-840F-4781-9BF4-1128D1262A05} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {DC7E16CF-2756-413B-B61B-C5BDEB7DFD99} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {DF925662-4A94-4046-B400-177FA2C39028} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-16] (Dropbox, Inc.)
Task: {E246099F-849F-492E-BE6A-11576D2E3B2A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Chris\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-01-01 19:51 - 2017-01-20 19:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-01 19:51 - 2017-01-20 19:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 17:14 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-05 20:44 - 2017-02-09 23:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-14 17:14 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 17:14 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-16 20:21 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 23:07 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 23:07 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 23:07 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 23:07 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 23:07 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 23:07 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 23:07 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 23:37 - 2015-07-10 23:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-01-01 19:51 - 2017-01-20 19:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-01-01 19:51 - 2017-01-20 19:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-01 19:51 - 2017-01-20 19:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-01 19:51 - 2017-01-20 19:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-01-01 19:51 - 2017-01-20 14:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-01-01 19:51 - 2017-01-20 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-01-01 19:51 - 2017-01-20 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-01-01 19:51 - 2017-01-20 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-01-01 19:51 - 2017-01-20 14:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-01-01 19:51 - 2017-01-20 14:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-01-01 19:51 - 2017-01-20 14:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-01 19:51 - 2017-01-20 14:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 08:24 - 2015-10-30 08:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{11f462d9-2000-4ae7-8f3b-0642b2ffd935}.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{12AE60BE-F879-4319-A0DC-BE9AEAD0CE48}] => (Block) D:\emule\emule.exe
FirewallRules: [{181360E1-C9E8-455D-99E6-131683220D3C}] => (Block) D:\emule\emule.exe
FirewallRules: [UDP Query User{8AE1D52E-CD4C-41E4-83C7-919B8467C612}D:\emule\emule.exe] => (Allow) D:\emule\emule.exe
FirewallRules: [TCP Query User{E715626D-5355-4642-A41F-4CC92AC4F94F}D:\emule\emule.exe] => (Allow) D:\emule\emule.exe
FirewallRules: [UDP Query User{622B407F-52D7-48AC-90A4-6BD14F84933F}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [TCP Query User{E88FDFBF-0AB6-428C-8165-0F310CFB3C2C}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [UDP Query User{DAD85C45-431B-4DD6-A525-B426A459FE9C}C:\users\chris\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\chris\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F0A32B70-289F-4070-9CCB-31538FB402C7}C:\users\chris\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\chris\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{869CF435-5417-43AC-9F5F-FEBEFE78C62A}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [TCP Query User{891C6FDD-CF68-46CA-8EB9-0FE1B24957D5}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [{014D2387-E39A-41B9-803E-0A263344B7C1}] => (Allow) D:\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{5854A898-A87A-4B74-B202-A1B47C48715D}] => (Allow) D:\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{1E60E0CA-5C42-4171-AD8C-E5E1B1D454D5}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{74007E34-C52E-4760-B362-BF7537146471}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{B1F7CC13-CAAF-4593-B432-8A3512307827}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{B04720A5-8D7F-45A8-972B-033E54CF0FFF}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [UDP Query User{19A3B84A-10BE-4751-AEF5-1633F0C3301C}C:\users\chris\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\chris\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{98575832-8285-4D19-A4B8-AEAFB7D5CA69}C:\users\chris\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\chris\appdata\local\akamai\netsession_win.exe
FirewallRules: [{48F6365B-BA62-4E2C-B945-17768DAA787F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8B7CEE7F-2DD7-4A0E-AE13-04F74C34F002}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D78AD65D-6212-4D19-BD96-22A2BAF831B4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2D4CBE06-750C-4BBB-8C49-3D944845F12D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3F767099-AB22-46EE-8227-66C7B488277C}] => (Allow) LPort=2869
FirewallRules: [{75214EA1-E104-45FF-95F1-B28D73291FDC}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{D595D634-2A0E-4D5F-9B1F-C03998F2EDFE}C:\users\chris\knuddels-stapp\commonfiles\java\bin\javaw.exe] => (Allow) C:\users\chris\knuddels-stapp\commonfiles\java\bin\javaw.exe
FirewallRules: [UDP Query User{133011E3-66A3-4029-ACD0-67D9F352A8EC}C:\users\chris\knuddels-stapp\commonfiles\java\bin\javaw.exe] => (Allow) C:\users\chris\knuddels-stapp\commonfiles\java\bin\javaw.exe
FirewallRules: [TCP Query User{F2CCFF41-5159-447A-893C-E6B1267F7490}C:\users\chris\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chris\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{92C9167B-ADC7-4DC3-B985-A3079FA1C5D1}C:\users\chris\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chris\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BEE8C6A0-F562-4B52-B138-32A6DA87F199}] => (Allow) D:\Steam\steamapps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{19CACF43-7A15-41A9-94A7-80B819A93565}] => (Allow) D:\Steam\steamapps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{CA9F0CE5-430E-4408-BCD9-84F382617D59}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{92A85300-F70B-4A42-A2AA-49F73AAE0243}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{D11E5A30-AD83-4D19-B8A0-6C54C88ADC61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5F27A7CA-4C2C-4FEF-BB26-C4ED874A30A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2CA6C599-C573-43FF-95B4-035EE8708F87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7044EC4A-4ADD-4EA5-AC0E-79BAA7A1180A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{50E02735-6DB6-4450-B9EB-E3D6271481DA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{9FA2CF16-5EC5-40DC-B777-42446D47BCEE}] => (Allow) D:\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{A386E0FC-2559-4433-9A23-7C4151536D8E}] => (Allow) D:\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{735D0EDD-4C6A-4F4E-B6D5-6356C01C62B8}] => (Allow) D:\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{6A519412-2B07-4BF6-94FF-252E51CCE5E0}] => (Allow) D:\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{088C10F5-3D83-4093-85E3-AF96C01B1FCF}] => (Allow) D:\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{81F61CB2-745A-4539-80B9-878BF089CA6A}] => (Allow) D:\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{06325CE9-BDB2-408E-AE27-ABCF69C5CB97}] => (Allow) D:\Ubisoft\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [{0A514671-7FB6-4B5E-84FC-9D538FB8FF88}] => (Allow) D:\Ubisoft\Neuer Ordner\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{42AE3F03-BDB0-4EED-A98A-31515639D50B}] => (Allow) D:\Ubisoft\Neuer Ordner\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{201C7FE2-223D-43C1-B7BD-5098B243AB0D}] => (Allow) D:\Ubisoft\Neuer Ordner\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{27B7A7E9-52F9-426F-8701-E3E6C2CC1CD8}] => (Allow) D:\Ubisoft\Neuer Ordner\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{80421629-6DDE-4676-BF6D-AE6E38A7AD17}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8B6E4D6B-48BF-4969-A1F9-64D27D4E180A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{5EAC7426-FC3E-4CC8-AA26-70419E473DC0}D:\ubisoft\for honor\forhonorbeta\forhonor.exe] => (Allow) D:\ubisoft\for honor\forhonorbeta\forhonor.exe
FirewallRules: [UDP Query User{BC641ECA-BA91-4A03-8291-7BFD38155864}D:\ubisoft\for honor\forhonorbeta\forhonor.exe] => (Allow) D:\ubisoft\for honor\forhonorbeta\forhonor.exe

==================== Wiederherstellungspunkte =========================

30-01-2017 16:36:06 chip 1-click download service wurde entfernt.
04-02-2017 23:11:56 DirectX wurde installiert
09-02-2017 19:50:51 DirectX wurde installiert
18-02-2017 19:12:51 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/19/2017 01:43:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lotroclient.exe, Version: 1903.58.2974.4098, Zeitstempel: 0x58a0a01c
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.479, Zeitstempel: 0x58256ca0
Ausnahmecode: 0xc0000017
Fehleroffset: 0x000cd686
ID des fehlerhaften Prozesses: 0x1c30
Startzeit der fehlerhaften Anwendung: 0x01d28a309439bff4
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Turbine\Der Herr der Ringe Online\lotroclient.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: a35fd624-488a-4f0e-906c-0f6edd6062b9
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/18/2017 07:12:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/18/2017 06:53:59 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/17/2017 07:38:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\$RECYCLE.BIN\S-1-5-21-2085067102-2347417263-2365046495-1001\$RHJFCMV.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/17/2017 07:29:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Chris\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/16/2017 05:32:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/14/2017 07:34:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/14/2017 06:44:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-2M6NKLL)
Description: Das Paket „Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (02/13/2017 10:13:13 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) Das System kann die angegebene Datei nicht finden.

Error: (02/12/2017 07:44:34 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) Das System kann die angegebene Datei nicht finden.


Systemfehler:
=============
Error: (02/19/2017 08:02:09 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/19/2017 06:11:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/19/2017 05:39:56 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/19/2017 02:02:36 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/19/2017 12:05:10 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/19/2017 02:33:58 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 10:25:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 08:30:22 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2M6NKLL)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/18/2017 08:30:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 05:19:23 PM) (Source: NTFS) (EventID: 137) (User: )
Description: Auf dem Volume "I:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.


CodeIntegrity:
===================================
  Date: 2017-01-28 15:14:02.447
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2016-09-02 22:25:21.765
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.764
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.762
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.731
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.730
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.728
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.694
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.692
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 16%
Installierter physikalischer RAM: 16346.72 MB
Verfügbarer physikalischer RAM: 13712.58 MB
Summe virtueller Speicher: 18778.72 MB
Verfügbarer virtueller Speicher: 15806.08 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:222.98 GB) (Free:124.26 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (D1-P1) (Fixed) (Total:931.51 GB) (Free:257.48 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:362.09 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: EF94E5D9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=500 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 38E4ADF8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 67EB62E7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

--- --- ---

januskopf198 · 19.02.2017, 20:13

Code:

ATTFilter

20:11:08.0409 0x2f90  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
20:11:11.0394 0x2f90  ============================================================
20:11:11.0394 0x2f90  Current date / time: 2017/02/19 20:11:11.0394
20:11:11.0394 0x2f90  SystemInfo:
20:11:11.0396 0x2f90  
20:11:11.0396 0x2f90  OS Version: 10.0.14393 ServicePack: 0.0
20:11:11.0396 0x2f90  Product type: Workstation
20:11:11.0396 0x2f90  ComputerName: DESKTOP-2M6NKLL
20:11:11.0396 0x2f90  UserName: Chris
20:11:11.0396 0x2f90  Windows directory: C:\WINDOWS
20:11:11.0396 0x2f90  System windows directory: C:\WINDOWS
20:11:11.0396 0x2f90  Running under WOW64
20:11:11.0396 0x2f90  Processor architecture: Intel x64
20:11:11.0396 0x2f90  Number of processors: 4
20:11:11.0396 0x2f90  Page size: 0x1000
20:11:11.0396 0x2f90  Boot type: Normal boot
20:11:11.0396 0x2f90  CodeIntegrityOptions = 0x00000001
20:11:11.0396 0x2f90  ============================================================
20:11:11.0455 0x2f90  KLMD registered as C:\WINDOWS\system32\drivers\73761191.sys
20:11:11.0456 0x2f90  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
20:11:11.0607 0x2f90  System UUID: {8FEA8537-B393-472F-4EA1-33DD1E3E1F33}
20:11:12.0101 0x2f90  Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 ( 223.57 Gb ), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:11:12.0101 0x2f90  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:11:12.0103 0x2f90  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:11:12.0132 0x2f90  ============================================================
20:11:12.0132 0x2f90  \Device\Harddisk0\DR0:
20:11:12.0132 0x2f90  MBR partitions:
20:11:12.0132 0x2f90  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:11:12.0132 0x2f90  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BDF7000
20:11:12.0132 0x2f90  \Device\Harddisk1\DR1:
20:11:12.0132 0x2f90  MBR partitions:
20:11:12.0132 0x2f90  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
20:11:12.0132 0x2f90  \Device\Harddisk2\DR2:
20:11:12.0132 0x2f90  MBR partitions:
20:11:12.0132 0x2f90  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
20:11:12.0132 0x2f90  ============================================================
20:11:12.0135 0x2f90  C: <-> \Device\Harddisk0\DR0\Partition2
20:11:12.0683 0x2f90  D: <-> \Device\Harddisk1\DR1\Partition1
20:11:12.0750 0x2f90  E: <-> \Device\Harddisk2\DR2\Partition1
20:11:12.0751 0x2f90  ============================================================
20:11:12.0751 0x2f90  Initialize success
20:11:12.0751 0x2f90  ============================================================
20:11:16.0432 0x09cc  ============================================================
20:11:16.0432 0x09cc  Scan started
20:11:16.0432 0x09cc  Mode: Manual; 
20:11:16.0432 0x09cc  ============================================================
20:11:16.0432 0x09cc  KSN ping started
20:11:16.0525 0x09cc  KSN ping finished: true
20:11:16.0889 0x09cc  ================ Scan system memory ========================
20:11:16.0889 0x09cc  System memory - ok
20:11:16.0890 0x09cc  ================ Scan services =============================
20:11:16.0919 0x09cc  [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
20:11:16.0921 0x09cc  1394ohci - ok
20:11:16.0929 0x09cc  [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
20:11:16.0930 0x09cc  3ware - ok
20:11:16.0946 0x09cc  [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
20:11:16.0954 0x09cc  ACPI - ok
20:11:16.0958 0x09cc  [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev         C:\WINDOWS\System32\drivers\AcpiDev.sys
20:11:16.0958 0x09cc  AcpiDev - ok
20:11:16.0963 0x09cc  [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
20:11:16.0964 0x09cc  acpiex - ok
20:11:16.0968 0x09cc  [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
20:11:16.0968 0x09cc  acpipagr - ok
20:11:16.0970 0x09cc  [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
20:11:16.0970 0x09cc  AcpiPmi - ok
20:11:16.0973 0x09cc  [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
20:11:16.0973 0x09cc  acpitime - ok
20:11:16.0979 0x09cc  [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:11:16.0980 0x09cc  AdobeARMservice - ok
20:11:16.0998 0x09cc  [ 89ECFB35517F62C3802B227F288B750E, 47B329FEC98DC634A9068D6B88A331B323D99E9C21D3FE330352210841E715CA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:11:17.0001 0x09cc  AdobeFlashPlayerUpdateSvc - ok
20:11:17.0023 0x09cc  [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:11:17.0035 0x09cc  ADP80XX - ok
20:11:17.0050 0x09cc  [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD             C:\WINDOWS\system32\drivers\afd.sys
20:11:17.0056 0x09cc  AFD - ok
20:11:17.0065 0x09cc  [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
20:11:17.0067 0x09cc  ahcache - ok
20:11:17.0070 0x09cc  [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
20:11:17.0071 0x09cc  AJRouter - ok
20:11:17.0075 0x09cc  [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG             C:\WINDOWS\System32\alg.exe
20:11:17.0076 0x09cc  ALG - ok
20:11:17.0081 0x09cc  [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
20:11:17.0082 0x09cc  AmdK8 - ok
20:11:17.0087 0x09cc  [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
20:11:17.0088 0x09cc  AmdPPM - ok
20:11:17.0092 0x09cc  [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
20:11:17.0094 0x09cc  amdsata - ok
20:11:17.0100 0x09cc  [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
20:11:17.0103 0x09cc  amdsbs - ok
20:11:17.0106 0x09cc  [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
20:11:17.0106 0x09cc  amdxata - ok
20:11:17.0130 0x09cc  [ 98D7647EF729503A60EF870DA5C21D0D, 7E36E8E3D9D0BD940DC225E1DB7EFD90F76F7BE8DCAD9782255556C31D6FD476 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
20:11:17.0142 0x09cc  AntiVirMailService - ok
20:11:17.0153 0x09cc  [ 229E752A26B53E155524D6530B95CDD4, B4D3DEA52860143D16A57EBA31CD3394B8B4FEA642EB3A736C8388447AB7E0E9 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
20:11:17.0159 0x09cc  AntiVirSchedulerService - ok
20:11:17.0169 0x09cc  [ 229E752A26B53E155524D6530B95CDD4, B4D3DEA52860143D16A57EBA31CD3394B8B4FEA642EB3A736C8388447AB7E0E9 ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
20:11:17.0174 0x09cc  AntiVirService - ok
20:11:17.0198 0x09cc  [ F2B26CD2305E917B1EA1BF49E0C59E31, 8CCE64C68B80D56C7604DB6ABD187F66C624462328F4886C607F0A46D8E9DE92 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
20:11:17.0214 0x09cc  AntiVirWebService - ok
20:11:17.0220 0x09cc  [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID           C:\WINDOWS\system32\drivers\appid.sys
20:11:17.0222 0x09cc  AppID - ok
20:11:17.0227 0x09cc  [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
20:11:17.0229 0x09cc  AppIDSvc - ok
20:11:17.0233 0x09cc  [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
20:11:17.0235 0x09cc  Appinfo - ok
20:11:17.0237 0x09cc  [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
20:11:17.0238 0x09cc  applockerfltr - ok
20:11:17.0250 0x09cc  [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
20:11:17.0256 0x09cc  AppReadiness - ok
20:11:17.0292 0x09cc  [ D70B1453ADA82A92E76EAE72D936A0F6, 439DBC5818025887343D4B5B509C7D2C97ED0FFA4641A5178EA5719C50E5013F ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
20:11:17.0317 0x09cc  AppXSvc - ok
20:11:17.0323 0x09cc  [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
20:11:17.0325 0x09cc  arcsas - ok
20:11:17.0328 0x09cc  [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
20:11:17.0328 0x09cc  AsyncMac - ok
20:11:17.0332 0x09cc  [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
20:11:17.0332 0x09cc  atapi - ok
20:11:17.0341 0x09cc  [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
20:11:17.0345 0x09cc  AudioEndpointBuilder - ok
20:11:17.0362 0x09cc  [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
20:11:17.0372 0x09cc  Audiosrv - ok
20:11:17.0378 0x09cc  [ 19A629CC661BBB49E25203B9626354F9, 9FDE67E19CE0B5973441A11EB0D5CD8187C1B47B3A2C866FD6BD939D31F42924 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:11:17.0380 0x09cc  avgntflt - ok
20:11:17.0385 0x09cc  [ B34C86461D03F33E9B1A57699DCABED3, 127A63A3AEC796DDF7E19432CAF523CA23051058752B9772244655797B3B4CDB ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:11:17.0387 0x09cc  avipbb - ok
20:11:17.0396 0x09cc  [ 2AEE4D1D7E668F1CCF97EDE93509B0EE, B082B3BBB27D3C8B26A754508C3B98BA803FEA707898FF18A120D6A2679098DF ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
20:11:17.0400 0x09cc  Avira.ServiceHost - ok
20:11:17.0404 0x09cc  [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:11:17.0405 0x09cc  avkmgr - ok
20:11:17.0409 0x09cc  [ 899D89FDF015BBAF628076987D74C295, 7534A10F652FBE559431B9B1C6BC13874E8BC7438D7AFD7553F96811FD3E59BD ] avnetflt        C:\WINDOWS\system32\DRIVERS\avnetflt.sys
20:11:17.0410 0x09cc  avnetflt - ok
20:11:17.0414 0x09cc  [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
20:11:17.0416 0x09cc  AxInstSV - ok
20:11:17.0428 0x09cc  [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
20:11:17.0435 0x09cc  b06bdrv - ok
20:11:17.0439 0x09cc  [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
20:11:17.0440 0x09cc  BasicDisplay - ok
20:11:17.0443 0x09cc  [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
20:11:17.0443 0x09cc  BasicRender - ok
20:11:17.0447 0x09cc  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
20:11:17.0447 0x09cc  bcmfn - ok
20:11:17.0450 0x09cc  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
20:11:17.0450 0x09cc  bcmfn2 - ok
20:11:17.0458 0x09cc  [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
20:11:17.0463 0x09cc  BDESVC - ok
20:11:17.0465 0x09cc  [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:11:17.0465 0x09cc  Beep - ok
20:11:17.0482 0x09cc  [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE             C:\WINDOWS\System32\bfe.dll
20:11:17.0491 0x09cc  BFE - ok
20:11:17.0510 0x09cc  [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS            C:\WINDOWS\System32\qmgr.dll
20:11:17.0522 0x09cc  BITS - ok
20:11:17.0526 0x09cc  [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
20:11:17.0527 0x09cc  bowser - ok
20:11:17.0542 0x09cc  [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
20:11:17.0550 0x09cc  BrokerInfrastructure - ok
20:11:17.0556 0x09cc  [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser         C:\WINDOWS\System32\browser.dll
20:11:17.0558 0x09cc  Browser - ok
20:11:17.0561 0x09cc  [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:11:17.0562 0x09cc  BthAvrcpTg - ok
20:11:17.0566 0x09cc  [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
20:11:17.0567 0x09cc  BthHFEnum - ok
20:11:17.0570 0x09cc  [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
20:11:17.0570 0x09cc  bthhfhid - ok
20:11:17.0578 0x09cc  [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
20:11:17.0582 0x09cc  BthHFSrv - ok
20:11:17.0586 0x09cc  [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
20:11:17.0586 0x09cc  BTHMODEM - ok
20:11:17.0593 0x09cc  [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv         C:\WINDOWS\system32\bthserv.dll
20:11:17.0595 0x09cc  bthserv - ok
20:11:17.0599 0x09cc  [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
20:11:17.0599 0x09cc  buttonconverter - ok
20:11:17.0604 0x09cc  [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
20:11:17.0605 0x09cc  CapImg - ok
20:11:17.0610 0x09cc  [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
20:11:17.0611 0x09cc  cdfs - ok
20:11:17.0621 0x09cc  [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
20:11:17.0626 0x09cc  CDPSvc - ok
20:11:17.0634 0x09cc  [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc      C:\WINDOWS\System32\CDPUserSvc.dll
20:11:17.0637 0x09cc  CDPUserSvc - ok
20:11:17.0646 0x09cc  [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
20:11:17.0648 0x09cc  cdrom - ok
20:11:17.0654 0x09cc  [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
20:11:17.0656 0x09cc  CertPropSvc - ok
20:11:17.0665 0x09cc  [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi       C:\WINDOWS\system32\drivers\cht4sx64.sys
20:11:17.0669 0x09cc  cht4iscsi - ok
20:11:17.0703 0x09cc  [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd         C:\WINDOWS\System32\drivers\cht4vx64.sys
20:11:17.0726 0x09cc  cht4vbd - ok
20:11:17.0730 0x09cc  [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
20:11:17.0731 0x09cc  circlass - ok
20:11:17.0739 0x09cc  [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
20:11:17.0744 0x09cc  CLFS - ok
20:11:17.0758 0x09cc  [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
20:11:17.0766 0x09cc  ClipSVC - ok
20:11:17.0770 0x09cc  [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg           C:\WINDOWS\System32\drivers\registry.sys
20:11:17.0771 0x09cc  clreg - ok
20:11:17.0778 0x09cc  [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
20:11:17.0778 0x09cc  CmBatt - ok
20:11:17.0792 0x09cc  [ 90C07EB909C42316982E753BDAA7860D, 438581FD3468FAF01D35529672201A920E8821EC80E30E59A43645DA57738F21 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
20:11:17.0798 0x09cc  CNG - ok
20:11:17.0801 0x09cc  [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
20:11:17.0802 0x09cc  cnghwassist - ok
20:11:17.0815 0x09cc  [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
20:11:17.0816 0x09cc  CompositeBus - ok
20:11:17.0818 0x09cc  COMSysApp - ok
20:11:17.0822 0x09cc  [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
20:11:17.0823 0x09cc  condrv - ok
20:11:17.0838 0x09cc  [ 5DE2049D5F57C1D142F36FA9CE443693, E6C2807C0B1EF90C11EB39634693B76EACE6CC675777776112835212A334F328 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
20:11:17.0846 0x09cc  CoreMessagingRegistrar - ok
20:11:17.0851 0x09cc  [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
20:11:17.0853 0x09cc  CryptSvc - ok
20:11:17.0856 0x09cc  [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam             C:\WINDOWS\system32\drivers\dam.sys
20:11:17.0857 0x09cc  dam - ok
20:11:17.0862 0x09cc  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
20:11:17.0864 0x09cc  dbupdate - ok
20:11:17.0868 0x09cc  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
20:11:17.0869 0x09cc  dbupdatem - ok
20:11:17.0871 0x09cc  dbx - ok
20:11:17.0874 0x09cc  [ 2C5A991F0320D95BAC80D0C31F43A79E, CC7887132AF15C77676A3186429FE0071DCC8DC9C6252314D99C02E54867BE10 ] DbxSvc          C:\WINDOWS\system32\DbxSvc.exe
20:11:17.0875 0x09cc  DbxSvc - ok
20:11:17.0896 0x09cc  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:11:17.0906 0x09cc  DcomLaunch - ok
20:11:17.0912 0x09cc  [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
20:11:17.0914 0x09cc  DcpSvc - ok
20:11:17.0926 0x09cc  [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
20:11:17.0931 0x09cc  defragsvc - ok
20:11:17.0943 0x09cc  [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
20:11:17.0948 0x09cc  DeviceAssociationService - ok
20:11:17.0953 0x09cc  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
20:11:17.0955 0x09cc  DeviceInstall - ok
20:11:17.0958 0x09cc  [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
20:11:17.0959 0x09cc  DevQueryBroker - ok
20:11:17.0963 0x09cc  [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
20:11:17.0965 0x09cc  Dfsc - ok
20:11:17.0971 0x09cc  [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
20:11:17.0972 0x09cc  dg_ssudbus - ok
20:11:17.0981 0x09cc  [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
20:11:17.0986 0x09cc  Dhcp - ok
20:11:17.0991 0x09cc  [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
20:11:17.0993 0x09cc  diagnosticshub.standardcollector.service - ok
20:11:18.0026 0x09cc  [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
20:11:18.0047 0x09cc  DiagTrack - ok
20:11:18.0053 0x09cc  [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk            C:\WINDOWS\system32\drivers\disk.sys
20:11:18.0054 0x09cc  disk - ok
20:11:18.0064 0x09cc  [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
20:11:18.0069 0x09cc  DmEnrollmentSvc - ok
20:11:18.0073 0x09cc  [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
20:11:18.0074 0x09cc  dmvsc - ok
20:11:18.0078 0x09cc  [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
20:11:18.0079 0x09cc  dmwappushservice - ok
20:11:18.0086 0x09cc  [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:11:18.0089 0x09cc  Dnscache - ok
20:11:18.0097 0x09cc  [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:11:18.0100 0x09cc  dot3svc - ok
20:11:18.0106 0x09cc  [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS             C:\WINDOWS\system32\dps.dll
20:11:18.0108 0x09cc  DPS - ok
20:11:18.0112 0x09cc  [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud         C:\WINDOWS\system32\DRIVERS\drmkaud.sys
20:11:18.0112 0x09cc  drmkaud - ok
20:11:18.0118 0x09cc  [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
20:11:18.0120 0x09cc  DsmSvc - ok
20:11:18.0126 0x09cc  [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
20:11:18.0128 0x09cc  DsSvc - ok
20:11:18.0163 0x09cc  [ 19F2B54EE8861D90579BD0E3AE5182F9, FDD4F091C61C8C20550C8F68375ABD7ED718A733F680F0F0367D4796C302BA14 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
20:11:18.0186 0x09cc  DXGKrnl - ok
20:11:18.0193 0x09cc  [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:11:18.0195 0x09cc  EapHost - ok
20:11:18.0247 0x09cc  [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
20:11:18.0281 0x09cc  ebdrv - ok
20:11:18.0287 0x09cc  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS             C:\WINDOWS\System32\lsass.exe
20:11:18.0288 0x09cc  EFS - ok
20:11:18.0292 0x09cc  [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
20:11:18.0293 0x09cc  EhStorClass - ok
20:11:18.0298 0x09cc  [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:11:18.0299 0x09cc  EhStorTcgDrv - ok
20:11:18.0304 0x09cc  [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
20:11:18.0306 0x09cc  embeddedmode - ok
20:11:18.0313 0x09cc  [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
20:11:18.0317 0x09cc  EntAppSvc - ok
20:11:18.0320 0x09cc  [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
20:11:18.0320 0x09cc  ErrDev - ok
20:11:18.0333 0x09cc  [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem     C:\WINDOWS\system32\es.dll
20:11:18.0338 0x09cc  EventSystem - ok
20:11:18.0346 0x09cc  [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
20:11:18.0350 0x09cc  exfat - ok
20:11:18.0358 0x09cc  [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
20:11:18.0362 0x09cc  fastfat - ok
20:11:18.0376 0x09cc  [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax             C:\WINDOWS\system32\fxssvc.exe
20:11:18.0383 0x09cc  Fax - ok
20:11:18.0386 0x09cc  [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
20:11:18.0387 0x09cc  fdc - ok
20:11:18.0390 0x09cc  [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
20:11:18.0390 0x09cc  fdPHost - ok
20:11:18.0394 0x09cc  [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
20:11:18.0396 0x09cc  FDResPub - ok
20:11:18.0400 0x09cc  [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
20:11:18.0401 0x09cc  fhsvc - ok
20:11:18.0405 0x09cc  [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
20:11:18.0407 0x09cc  FileCrypt - ok
20:11:18.0410 0x09cc  [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
20:11:18.0412 0x09cc  FileInfo - ok
20:11:18.0415 0x09cc  [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
20:11:18.0416 0x09cc  Filetrace - ok
20:11:18.0418 0x09cc  [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
20:11:18.0419 0x09cc  flpydisk - ok
20:11:18.0428 0x09cc  [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:11:18.0431 0x09cc  FltMgr - ok
20:11:18.0463 0x09cc  [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache       C:\WINDOWS\system32\FntCache.dll
20:11:18.0481 0x09cc  FontCache - ok
20:11:18.0487 0x09cc  [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:11:18.0488 0x09cc  FontCache3.0.0.0 - ok
20:11:18.0503 0x09cc  [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer     C:\WINDOWS\system32\FrameServer.dll
20:11:18.0512 0x09cc  FrameServer - ok
20:11:18.0515 0x09cc  [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
20:11:18.0517 0x09cc  FsDepends - ok
20:11:18.0520 0x09cc  [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:11:18.0521 0x09cc  Fs_Rec - ok
20:11:18.0534 0x09cc  [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
20:11:18.0540 0x09cc  fvevol - ok
20:11:18.0544 0x09cc  [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
20:11:18.0545 0x09cc  gencounter - ok
20:11:18.0548 0x09cc  [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
20:11:18.0548 0x09cc  genericusbfn - ok
20:11:18.0554 0x09cc  [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
20:11:18.0555 0x09cc  GPIOClx0101 - ok
20:11:18.0577 0x09cc  [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
20:11:18.0590 0x09cc  gpsvc - ok
20:11:18.0594 0x09cc  [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
20:11:18.0594 0x09cc  GpuEnergyDrv - ok
20:11:18.0600 0x09cc  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:18.0602 0x09cc  gupdate - ok
20:11:18.0605 0x09cc  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:18.0608 0x09cc  gupdatem - ok
20:11:18.0611 0x09cc  [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
20:11:18.0613 0x09cc  HDAudBus - ok
20:11:18.0616 0x09cc  [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
20:11:18.0617 0x09cc  HidBatt - ok
20:11:18.0621 0x09cc  [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
20:11:18.0622 0x09cc  HidBth - ok
20:11:18.0626 0x09cc  [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
20:11:18.0627 0x09cc  hidi2c - ok
20:11:18.0630 0x09cc  [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
20:11:18.0631 0x09cc  hidinterrupt - ok
20:11:18.0634 0x09cc  [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
20:11:18.0635 0x09cc  HidIr - ok
20:11:18.0637 0x09cc  [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv         C:\WINDOWS\system32\hidserv.dll
20:11:18.0638 0x09cc  hidserv - ok
20:11:18.0642 0x09cc  [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
20:11:18.0642 0x09cc  HidUsb - ok
20:11:18.0650 0x09cc  [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
20:11:18.0654 0x09cc  HomeGroupListener - ok
20:11:18.0664 0x09cc  [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
20:11:18.0669 0x09cc  HomeGroupProvider - ok
20:11:18.0673 0x09cc  [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
20:11:18.0674 0x09cc  HpSAMD - ok
20:11:18.0694 0x09cc  [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
20:11:18.0706 0x09cc  HTTP - ok
20:11:18.0710 0x09cc  [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost          C:\WINDOWS\System32\hvhostsvc.dll
20:11:18.0711 0x09cc  HvHost - ok
20:11:18.0716 0x09cc  [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice       C:\WINDOWS\system32\drivers\hvservice.sys
20:11:18.0717 0x09cc  hvservice - ok
20:11:18.0720 0x09cc  [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
20:11:18.0721 0x09cc  hwpolicy - ok
20:11:18.0723 0x09cc  [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
20:11:18.0724 0x09cc  hyperkbd - ok
20:11:18.0730 0x09cc  [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
20:11:18.0731 0x09cc  i8042prt - ok
20:11:18.0734 0x09cc  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\WINDOWS\System32\drivers\iagpio.sys
20:11:18.0735 0x09cc  iagpio - ok
20:11:18.0739 0x09cc  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
20:11:18.0740 0x09cc  iai2c - ok
20:11:18.0743 0x09cc  [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2  C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
20:11:18.0744 0x09cc  iaLPSS2i_GPIO2 - ok
20:11:18.0749 0x09cc  [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
20:11:18.0751 0x09cc  iaLPSS2i_I2C - ok
20:11:18.0757 0x09cc  [ 9B8332A96AAB15F061B0AA0DDCEEC7CC, 3EB36ABECEFD4354726F96E43D6FF46D20C3ED4863AA2D67A28CFC9FE76BE269 ] iaLPSS2_I2C     C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys
20:11:18.0760 0x09cc  iaLPSS2_I2C - ok
20:11:18.0767 0x09cc  [ C6194F1036294CF77D782A19C303B902, 9D22BBE8A9080024DA1444956D70FA12D5A983641A579FB3310D2C6DB0E3F9B5 ] iaLPSS2_UART2   C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys
20:11:18.0770 0x09cc  iaLPSS2_UART2 - ok
20:11:18.0774 0x09cc  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:11:18.0775 0x09cc  iaLPSSi_GPIO - ok
20:11:18.0780 0x09cc  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:11:18.0781 0x09cc  iaLPSSi_I2C - ok
20:11:18.0807 0x09cc  [ 12859E1215AA083A42E7ADCDE5C061D1, 262F9C65C3FA7EB69C4FA7C6547E1C79DB49697A083309909BC78726A116557F ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
20:11:18.0823 0x09cc  iaStorA - ok
20:11:18.0838 0x09cc  [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
20:11:18.0845 0x09cc  iaStorAV - ok
20:11:18.0850 0x09cc  [ 14E3DB5ADA7E2187A404129F4E5CE336, 5925C8E9DC00A6C682D6A3B37C6EBF2C325D37C8E4BF584F0B5AAC5A7B666E47 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:11:18.0850 0x09cc  IAStorDataMgrSvc - ok
20:11:18.0861 0x09cc  [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
20:11:18.0865 0x09cc  iaStorV - ok
20:11:18.0878 0x09cc  [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
20:11:18.0883 0x09cc  ibbus - ok
20:11:18.0890 0x09cc  [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
20:11:18.0894 0x09cc  icssvc - ok
20:11:18.0911 0x09cc  [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
20:11:18.0921 0x09cc  IKEEXT - ok
20:11:18.0925 0x09cc  [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
20:11:18.0925 0x09cc  IndirectKmd - ok
20:11:18.0991 0x09cc  [ 3A2D6740F51BE48C0FD01AD907329DEE, 4FD899CD6E3B3D5C9803E52CB72F002B6CFC144D524FAF6845CF6D115EC6E059 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:11:19.0037 0x09cc  IntcAzAudAddService - ok
20:11:19.0058 0x09cc  [ B63CF22D1AD2ABDC39D85851B2BEAA6D, 37E9043BABB5895BFD2B59AFB60C438B992C6EAA1B5FDE5B3445314343F4C406 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
20:11:19.0067 0x09cc  Intel(R) Capability Licensing Service TCP IP Interface - ok
20:11:19.0076 0x09cc  [ 8213094EA736A9C575AB0E22AD09B0BA, 12670A466B5AA37283BD4CB481D000DE3AE2A8D1BD159F67A41703A6FE5675EC ] Intel(R) Security Assist C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
20:11:19.0080 0x09cc  Intel(R) Security Assist - ok
20:11:19.0084 0x09cc  [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
20:11:19.0084 0x09cc  intelide - ok
20:11:19.0087 0x09cc  [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
20:11:19.0088 0x09cc  intelpep - ok
20:11:19.0094 0x09cc  [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
20:11:19.0095 0x09cc  intelppm - ok
20:11:19.0098 0x09cc  [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate          C:\WINDOWS\system32\drivers\iorate.sys
20:11:19.0099 0x09cc  iorate - ok
20:11:19.0103 0x09cc  [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:11:19.0105 0x09cc  IpFilterDriver - ok
20:11:19.0122 0x09cc  [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
20:11:19.0132 0x09cc  iphlpsvc - ok
20:11:19.0136 0x09cc  [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:11:19.0138 0x09cc  IPMIDRV - ok
20:11:19.0144 0x09cc  [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
20:11:19.0147 0x09cc  IPNAT - ok
20:11:19.0151 0x09cc  [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda            C:\WINDOWS\system32\drivers\irda.sys
20:11:19.0152 0x09cc  irda - ok
20:11:19.0155 0x09cc  [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
20:11:19.0156 0x09cc  IRENUM - ok
20:11:19.0158 0x09cc  [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon           C:\WINDOWS\System32\irmon.dll
20:11:19.0159 0x09cc  irmon - ok
20:11:19.0161 0x09cc  [ 1DFC3CCA51785254C5604238BB1A5467, 31451A90A91AEE14C6B24F84CB9816E5C77179D411B8B3E8547F538235BEEFB0 ] isaHelperSvc    C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
20:11:19.0161 0x09cc  isaHelperSvc - ok
20:11:19.0164 0x09cc  [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
20:11:19.0164 0x09cc  isapnp - ok
20:11:19.0171 0x09cc  [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
20:11:19.0174 0x09cc  iScsiPrt - ok
20:11:19.0181 0x09cc  [ DE70C5C10803C700DC1CFDE2D5CF207A, 4D11DE8B986C6966B66E1D6E931A72A1E9FA8D0B5B9EF57EF3EEDD09D0BE0B4E ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:11:19.0183 0x09cc  jhi_service - ok
20:11:19.0189 0x09cc  [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
20:11:19.0190 0x09cc  kbdclass - ok
20:11:19.0193 0x09cc  [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
20:11:19.0193 0x09cc  kbdhid - ok
20:11:19.0196 0x09cc  [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
20:11:19.0197 0x09cc  kdnic - ok
20:11:19.0199 0x09cc  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso          C:\WINDOWS\system32\lsass.exe
20:11:19.0200 0x09cc  KeyIso - ok
20:11:19.0205 0x09cc  [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
20:11:19.0206 0x09cc  KSecDD - ok
20:11:19.0212 0x09cc  [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
20:11:19.0214 0x09cc  KSecPkg - ok
20:11:19.0217 0x09cc  [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
20:11:19.0217 0x09cc  ksthunk - ok
20:11:19.0227 0x09cc  [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
20:11:19.0231 0x09cc  KtmRm - ok
20:11:19.0239 0x09cc  [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
20:11:19.0244 0x09cc  LanmanServer - ok
20:11:19.0252 0x09cc  [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
20:11:19.0256 0x09cc  LanmanWorkstation - ok
20:11:19.0260 0x09cc  [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
20:11:19.0261 0x09cc  lfsvc - ok
20:11:19.0265 0x09cc  [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
20:11:19.0266 0x09cc  LicenseManager - ok
20:11:19.0269 0x09cc  [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
20:11:19.0270 0x09cc  lltdio - ok
20:11:19.0278 0x09cc  [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
20:11:19.0281 0x09cc  lltdsvc - ok
20:11:19.0284 0x09cc  [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
20:11:19.0285 0x09cc  lmhosts - ok
20:11:19.0295 0x09cc  [ 1CE3A27B6B0658F4242AB2DECE69704E, FB705D43554478FA438CE600DAD65C5885858ABF9FCB5D9CC6E5F7C87FD6A853 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:11:19.0299 0x09cc  LMS - ok
20:11:19.0304 0x09cc  [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
20:11:19.0306 0x09cc  LSI_SAS - ok
20:11:19.0310 0x09cc  [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
20:11:19.0311 0x09cc  LSI_SAS2i - ok
20:11:19.0316 0x09cc  [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
20:11:19.0317 0x09cc  LSI_SAS3i - ok
20:11:19.0321 0x09cc  [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
20:11:19.0322 0x09cc  LSI_SSS - ok
20:11:19.0336 0x09cc  [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM             C:\WINDOWS\System32\lsm.dll
20:11:19.0344 0x09cc  LSM - ok
20:11:19.0349 0x09cc  [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
20:11:19.0351 0x09cc  luafv - ok
20:11:19.0360 0x09cc  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] lvrs64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
20:11:19.0364 0x09cc  lvrs64 - ok
20:11:19.0436 0x09cc  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64         C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
20:11:19.0484 0x09cc  LVUVC64 - ok
20:11:19.0490 0x09cc  [ D33E2B74CF8B3A652BF0A9FBD068E87A, 46465387D04C2E5648D1CBD415E5D8757944A3C987A2497450F82D153BF7E868 ] ManyCam         C:\WINDOWS\system32\DRIVERS\ManyCam_x64.sys
20:11:19.0491 0x09cc  ManyCam - ok
20:11:19.0494 0x09cc  [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker      C:\WINDOWS\System32\moshost.dll
20:11:19.0496 0x09cc  MapsBroker - ok
20:11:19.0499 0x09cc  [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
20:11:19.0500 0x09cc  megasas - ok
20:11:19.0504 0x09cc  [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i       C:\WINDOWS\system32\drivers\MegaSas2i.sys
20:11:19.0504 0x09cc  megasas2i - ok
20:11:19.0517 0x09cc  [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
20:11:19.0523 0x09cc  megasr - ok
20:11:19.0530 0x09cc  [ 48F64A35BA9F2E4AC0587DDA555FF951, 77FE2BE86ADCE103F4220A641139C42B1407CF8EFFEB66F841ABF9CFC3621558 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
20:11:19.0532 0x09cc  MEIx64 - ok
20:11:19.0536 0x09cc  [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
20:11:19.0537 0x09cc  MessagingService - ok
20:11:19.0557 0x09cc  [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
20:11:19.0566 0x09cc  mlx4_bus - ok
20:11:19.0570 0x09cc  [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
20:11:19.0571 0x09cc  MMCSS - ok
20:11:19.0574 0x09cc  [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem           C:\WINDOWS\system32\drivers\modem.sys
20:11:19.0575 0x09cc  Modem - ok
20:11:19.0577 0x09cc  [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
20:11:19.0578 0x09cc  monitor - ok
20:11:19.0582 0x09cc  [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
20:11:19.0583 0x09cc  mouclass - ok
20:11:19.0586 0x09cc  [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
20:11:19.0586 0x09cc  mouhid - ok
20:11:19.0590 0x09cc  [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
20:11:19.0592 0x09cc  mountmgr - ok
20:11:19.0598 0x09cc  [ ADF79A49E942C91D1FC9863CBFDD6B58, C2B2A792C4717133DCAE6297EE3F5D985B11D3C1E68A8DC23985AC6B78ACDE98 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:11:19.0600 0x09cc  MozillaMaintenance - ok
20:11:19.0604 0x09cc  [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
20:11:19.0605 0x09cc  mpsdrv - ok
20:11:19.0622 0x09cc  [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
20:11:19.0632 0x09cc  MpsSvc - ok
20:11:19.0637 0x09cc  [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
20:11:19.0639 0x09cc  MRxDAV - ok
20:11:19.0650 0x09cc  [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:11:19.0655 0x09cc  mrxsmb - ok
20:11:19.0662 0x09cc  [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
20:11:19.0665 0x09cc  mrxsmb10 - ok
20:11:19.0672 0x09cc  [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
20:11:19.0674 0x09cc  mrxsmb20 - ok
20:11:19.0678 0x09cc  [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
20:11:19.0679 0x09cc  MsBridge - ok
20:11:19.0684 0x09cc  [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
20:11:19.0686 0x09cc  MSDTC - ok
20:11:19.0690 0x09cc  [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:11:19.0691 0x09cc  Msfs - ok
20:11:19.0695 0x09cc  [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:11:19.0696 0x09cc  msgpiowin32 - ok
20:11:19.0699 0x09cc  [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
20:11:19.0699 0x09cc  mshidkmdf - ok
20:11:19.0701 0x09cc  [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
20:11:19.0701 0x09cc  mshidumdf - ok
20:11:19.0704 0x09cc  [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
20:11:19.0704 0x09cc  msisadrv - ok
20:11:19.0711 0x09cc  [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
20:11:19.0713 0x09cc  MSiSCSI - ok
20:11:19.0715 0x09cc  msiserver - ok
20:11:19.0718 0x09cc  [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
20:11:19.0718 0x09cc  MSKSSRV - ok
20:11:19.0722 0x09cc  [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
20:11:19.0723 0x09cc  MsLldp - ok
20:11:19.0726 0x09cc  [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
20:11:19.0726 0x09cc  MSPCLOCK - ok
20:11:19.0729 0x09cc  [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
20:11:19.0729 0x09cc  MSPQM - ok
20:11:19.0738 0x09cc  [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
20:11:19.0742 0x09cc  MsRPC - ok
20:11:19.0746 0x09cc  [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
20:11:19.0747 0x09cc  mssmbios - ok
20:11:19.0749 0x09cc  [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
20:11:19.0749 0x09cc  MSTEE - ok
20:11:19.0752 0x09cc  [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
20:11:19.0752 0x09cc  MTConfig - ok
20:11:19.0757 0x09cc  [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
20:11:19.0758 0x09cc  Mup - ok
20:11:19.0761 0x09cc  [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
20:11:19.0762 0x09cc  mvumis - ok
20:11:19.0775 0x09cc  [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
20:11:19.0781 0x09cc  NativeWifiP - ok
20:11:19.0787 0x09cc  [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
20:11:19.0789 0x09cc  NcaSvc - ok
20:11:19.0797 0x09cc  [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
20:11:19.0801 0x09cc  NcbService - ok
20:11:19.0806 0x09cc  [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
20:11:19.0808 0x09cc  NcdAutoSetup - ok
20:11:19.0812 0x09cc  [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
20:11:19.0813 0x09cc  ndfltr - ok
20:11:19.0832 0x09cc  [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
20:11:19.0846 0x09cc  NDIS - ok
20:11:19.0849 0x09cc  [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
20:11:19.0850 0x09cc  NdisCap - ok
20:11:19.0856 0x09cc  [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
20:11:19.0857 0x09cc  NdisImPlatform - ok
20:11:19.0860 0x09cc  [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:11:19.0861 0x09cc  NdisTapi - ok
20:11:19.0865 0x09cc  [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
20:11:19.0866 0x09cc  Ndisuio - ok
20:11:19.0869 0x09cc  [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
20:11:19.0869 0x09cc  NdisVirtualBus - ok
20:11:19.0874 0x09cc  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
20:11:19.0876 0x09cc  NdisWan - ok
20:11:19.0882 0x09cc  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:11:19.0884 0x09cc  ndiswanlegacy - ok
20:11:19.0887 0x09cc  [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
20:11:19.0888 0x09cc  ndproxy - ok
20:11:19.0892 0x09cc  [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
20:11:19.0894 0x09cc  Ndu - ok
20:11:19.0899 0x09cc  [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx    C:\WINDOWS\system32\drivers\NetAdapterCx.sys
20:11:19.0900 0x09cc  NetAdapterCx - ok
20:11:19.0903 0x09cc  [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
20:11:19.0904 0x09cc  NetBIOS - ok
20:11:19.0912 0x09cc  [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:11:19.0915 0x09cc  NetBT - ok
20:11:19.0918 0x09cc  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:11:19.0919 0x09cc  Netlogon - ok
20:11:19.0926 0x09cc  [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman          C:\WINDOWS\System32\netman.dll
20:11:19.0930 0x09cc  Netman - ok
20:11:19.0941 0x09cc  [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
20:11:19.0948 0x09cc  netprofm - ok
20:11:19.0954 0x09cc  [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
20:11:19.0958 0x09cc  NetSetupSvc - ok
20:11:19.0967 0x09cc  [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:19.0973 0x09cc  NetTcpPortSharing - ok
20:11:19.0982 0x09cc  [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
20:11:19.0986 0x09cc  NgcCtnrSvc - ok
20:11:20.0004 0x09cc  [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
20:11:20.0015 0x09cc  NgcSvc - ok
20:11:20.0024 0x09cc  [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
20:11:20.0029 0x09cc  NlaSvc - ok
20:11:20.0032 0x09cc  [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:11:20.0033 0x09cc  Npfs - ok
20:11:20.0036 0x09cc  [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
20:11:20.0036 0x09cc  npsvctrig - ok
20:11:20.0039 0x09cc  [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi             C:\WINDOWS\system32\nsisvc.dll
20:11:20.0040 0x09cc  nsi - ok
20:11:20.0044 0x09cc  [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
20:11:20.0045 0x09cc  nsiproxy - ok
20:11:20.0082 0x09cc  [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
20:11:20.0111 0x09cc  NTFS - ok
20:11:20.0115 0x09cc  [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:11:20.0115 0x09cc  Null - ok
20:11:20.0126 0x09cc  [ 62D705A1C4F8FBDD2941CCD2E9DEC206, 2E1F6127737D764AE6A35655C54ADE554333C3156CAA322C0FE5704A693A1BD7 ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
20:11:20.0131 0x09cc  NvContainerLocalSystem - ok
20:11:20.0141 0x09cc  [ 62D705A1C4F8FBDD2941CCD2E9DEC206, 2E1F6127737D764AE6A35655C54ADE554333C3156CAA322C0FE5704A693A1BD7 ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
20:11:20.0146 0x09cc  NvContainerNetworkService - ok
20:11:20.0154 0x09cc  [ 207A78939B7BBA0EFE8BFA947A35E71C, BB7DDFED575F81CAB958DDC7CFF2D798EB14DAE633F49FA2229D98BDC489C0EE ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
20:11:20.0156 0x09cc  NVHDA - ok
20:11:20.0158 0x09cc  NVIDIA Wireless Controller Service - ok
20:11:20.0382 0x09cc  [ 9337A5F17702A0FFE1E6C6978619B872, 8D4505BA62977BFE8C01F1ABD027AFBAEAA0D3EA6336865E46C28818471B196E ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys
20:11:20.0531 0x09cc  nvlddmkm - ok
20:11:20.0547 0x09cc  [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
20:11:20.0549 0x09cc  nvraid - ok
20:11:20.0553 0x09cc  [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
20:11:20.0555 0x09cc  nvstor - ok
20:11:20.0558 0x09cc  [ 6C672A80B4FBF160E2814EAE0AB3020B, FD5BDE067D29AA9FC20D7C571607D3AC351BFD65EF6E0C75374A2D9C0B17FED3 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
20:11:20.0559 0x09cc  NvStreamKms - ok
20:11:20.0570 0x09cc  [ 43DB182DC821C322C9EE8E936B82D8FB, 9C8AE7F9B4A7EAA50ECBA406F6F832CC3B656FAC82274533CA6C3ED0839C4027 ] NvStUSB         C:\WINDOWS\System32\drivers\nvstusb.sys
20:11:20.0575 0x09cc  NvStUSB - ok
20:11:20.0585 0x09cc  [ 282423AA3B0648082647103A5C42B66C, 5C8DBE5A95C1232E7D0F84E6A8749550C0026F2139D136E94347C2FB2E772950 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
20:11:20.0590 0x09cc  NvTelemetryContainer - ok
20:11:20.0594 0x09cc  [ 54ABC4EA39DDE92977DCE644D325213A, D754E5D0418B3C48AD9988D1A2705975C78C8B87990E211651C388A76FB17E51 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
20:11:20.0595 0x09cc  nvvad_WaveExtensible - ok
20:11:20.0598 0x09cc  [ 61BD2E2560FD1C5E0A8B8738816A0B93, 1057A6C4F7D04E81BFFD5B806295B3A5D12DE4D13F66E8542426D83D97E68C97 ] nvvhci          C:\WINDOWS\System32\drivers\nvvhci.sys
20:11:20.0599 0x09cc  nvvhci - ok
20:11:20.0611 0x09cc  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:11:20.0616 0x09cc  odserv - ok
20:11:20.0624 0x09cc  [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
20:11:20.0629 0x09cc  OneSyncSvc - ok
20:11:20.0635 0x09cc  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:11:20.0637 0x09cc  ose - ok
20:11:20.0645 0x09cc  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
20:11:20.0650 0x09cc  p2pimsvc - ok
20:11:20.0660 0x09cc  [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
20:11:20.0665 0x09cc  p2psvc - ok
20:11:20.0669 0x09cc  [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
20:11:20.0671 0x09cc  Parport - ok
20:11:20.0675 0x09cc  [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
20:11:20.0677 0x09cc  partmgr - ok
20:11:20.0688 0x09cc  [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
20:11:20.0696 0x09cc  PcaSvc - ok
20:11:20.0705 0x09cc  [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci             C:\WINDOWS\system32\drivers\pci.sys
20:11:20.0709 0x09cc  pci - ok
20:11:20.0713 0x09cc  [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
20:11:20.0713 0x09cc  pciide - ok
20:11:20.0718 0x09cc  [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
20:11:20.0719 0x09cc  pcmcia - ok
20:11:20.0722 0x09cc  [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
20:11:20.0723 0x09cc  pcw - ok
20:11:20.0728 0x09cc  [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
20:11:20.0729 0x09cc  pdc - ok
20:11:20.0743 0x09cc  [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
20:11:20.0751 0x09cc  PEAUTH - ok
20:11:20.0755 0x09cc  [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
20:11:20.0756 0x09cc  percsas2i - ok
20:11:20.0759 0x09cc  [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
20:11:20.0760 0x09cc  percsas3i - ok
20:11:20.0775 0x09cc  [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
20:11:20.0776 0x09cc  PerfHost - ok
20:11:20.0793 0x09cc  [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
20:11:20.0802 0x09cc  PhoneSvc - ok
20:11:20.0809 0x09cc  [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
20:11:20.0813 0x09cc  PimIndexMaintenanceSvc - ok
20:11:20.0839 0x09cc  [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla             C:\WINDOWS\system32\pla.dll
20:11:20.0855 0x09cc  pla - ok
20:11:20.0861 0x09cc  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay

januskopf198 · 19.02.2017, 20:14

Code:

ATTFilter

C:\WINDOWS\system32\umpnpmgr.dll
20:11:20.0863 0x09cc  PlugPlay - ok
20:11:20.0867 0x09cc  [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
20:11:20.0868 0x09cc  PNRPAutoReg - ok
20:11:20.0876 0x09cc  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
20:11:20.0881 0x09cc  PNRPsvc - ok
20:11:20.0890 0x09cc  [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
20:11:20.0895 0x09cc  PolicyAgent - ok
20:11:20.0901 0x09cc  [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power           C:\WINDOWS\system32\umpo.dll
20:11:20.0903 0x09cc  Power - ok
20:11:20.0908 0x09cc  [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
20:11:20.0909 0x09cc  PptpMiniport - ok
20:11:20.0963 0x09cc  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:11:20.0998 0x09cc  PrintNotify - ok
20:11:21.0005 0x09cc  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\WINDOWS\System32\drivers\processr.sys
20:11:21.0006 0x09cc  Processor - ok
20:11:21.0016 0x09cc  [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
20:11:21.0021 0x09cc  ProfSvc - ok
20:11:21.0027 0x09cc  [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
20:11:21.0029 0x09cc  Psched - ok
20:11:21.0035 0x09cc  [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE           C:\WINDOWS\system32\qwave.dll
20:11:21.0039 0x09cc  QWAVE - ok
20:11:21.0044 0x09cc  [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
20:11:21.0045 0x09cc  QWAVEdrv - ok
20:11:21.0047 0x09cc  [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:11:21.0048 0x09cc  RasAcd - ok
20:11:21.0052 0x09cc  [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
20:11:21.0053 0x09cc  RasAgileVpn - ok
20:11:21.0057 0x09cc  [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:11:21.0060 0x09cc  RasAuto - ok
20:11:21.0064 0x09cc  [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
20:11:21.0065 0x09cc  Rasl2tp - ok
20:11:21.0079 0x09cc  [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:11:21.0087 0x09cc  RasMan - ok
20:11:21.0091 0x09cc  [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:11:21.0092 0x09cc  RasPppoe - ok
20:11:21.0096 0x09cc  [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
20:11:21.0098 0x09cc  RasSstp - ok
20:11:21.0108 0x09cc  [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:11:21.0113 0x09cc  rdbss - ok
20:11:21.0116 0x09cc  [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
20:11:21.0117 0x09cc  rdpbus - ok
20:11:21.0122 0x09cc  [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
20:11:21.0124 0x09cc  RDPDR - ok
20:11:21.0130 0x09cc  [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
20:11:21.0131 0x09cc  RdpVideoMiniport - ok
20:11:21.0138 0x09cc  [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
20:11:21.0141 0x09cc  rdyboost - ok
20:11:21.0158 0x09cc  [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
20:11:21.0169 0x09cc  ReFSv1 - ok
20:11:21.0181 0x09cc  [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:11:21.0186 0x09cc  RemoteAccess - ok
20:11:21.0191 0x09cc  [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:11:21.0194 0x09cc  RemoteRegistry - ok
20:11:21.0208 0x09cc  [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
20:11:21.0216 0x09cc  RetailDemo - ok
20:11:21.0221 0x09cc  [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc           C:\WINDOWS\System32\RMapi.dll
20:11:21.0223 0x09cc  RmSvc - ok
20:11:21.0227 0x09cc  [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
20:11:21.0229 0x09cc  RpcEptMapper - ok
20:11:21.0232 0x09cc  [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:11:21.0233 0x09cc  RpcLocator - ok
20:11:21.0250 0x09cc  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:11:21.0261 0x09cc  RpcSs - ok
20:11:21.0266 0x09cc  [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
20:11:21.0267 0x09cc  rspndr - ok
20:11:21.0284 0x09cc  [ 2B6FC4ABC7C8259D094590189F14C0F0, 906C9E11386FAD7173B2C245E624FBD51BA987202C49B87BA889614E3B20C05A ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
20:11:21.0294 0x09cc  rt640x64 - ok
20:11:21.0354 0x09cc  [ 9748533EAF7F9E3D8F3F7A0AF066B31D, BB8D21BF26568ECE0599D8469121C73A6AE847203C110B6F0B94B5E7F76D6DF6 ] rtwlane_13      C:\WINDOWS\System32\drivers\rtwlane_13.sys
20:11:21.0391 0x09cc  rtwlane_13 - ok
20:11:21.0396 0x09cc  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
20:11:21.0396 0x09cc  s3cap - ok
20:11:21.0400 0x09cc  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:11:21.0401 0x09cc  SamSs - ok
20:11:21.0405 0x09cc  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
20:11:21.0406 0x09cc  sbp2port - ok
20:11:21.0413 0x09cc  [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
20:11:21.0416 0x09cc  SCardSvr - ok
20:11:21.0426 0x09cc  [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
20:11:21.0433 0x09cc  ScDeviceEnum - ok
20:11:21.0438 0x09cc  [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
20:11:21.0439 0x09cc  scfilter - ok
20:11:21.0456 0x09cc  [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:11:21.0467 0x09cc  Schedule - ok
20:11:21.0472 0x09cc  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\WINDOWS\system32\drivers\scmbus.sys
20:11:21.0473 0x09cc  scmbus - ok
20:11:21.0476 0x09cc  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\WINDOWS\System32\drivers\scmdisk0101.sys
20:11:21.0478 0x09cc  scmdisk0101 - ok
20:11:21.0483 0x09cc  [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
20:11:21.0485 0x09cc  SCPolicySvc - ok
20:11:21.0489 0x09cc  [ 7B4B2DC611AA997D2AE45181FE378A5A, 0AD2D09BAC6C2D58BC6882A98AAF629A827B7AF763CC4E01B210B6D1BD15A9AB ] ScreamBAudioSvc C:\WINDOWS\system32\drivers\ScreamingBAudio64.sys
20:11:21.0490 0x09cc  ScreamBAudioSvc - ok
20:11:21.0497 0x09cc  [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
20:11:21.0500 0x09cc  sdbus - ok
20:11:21.0505 0x09cc  [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
20:11:21.0509 0x09cc  SDRSVC - ok
20:11:21.0512 0x09cc  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
20:11:21.0514 0x09cc  sdstor - ok
20:11:21.0517 0x09cc  [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon        C:\WINDOWS\system32\seclogon.dll
20:11:21.0518 0x09cc  seclogon - ok
20:11:21.0521 0x09cc  [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS            C:\WINDOWS\System32\sens.dll
20:11:21.0523 0x09cc  SENS - ok
20:11:21.0545 0x09cc  [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
20:11:21.0559 0x09cc  SensorDataService - ok
20:11:21.0571 0x09cc  [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService   C:\WINDOWS\system32\SensorService.dll
20:11:21.0576 0x09cc  SensorService - ok
20:11:21.0582 0x09cc  [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
20:11:21.0585 0x09cc  SensrSvc - ok
20:11:21.0588 0x09cc  [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
20:11:21.0589 0x09cc  SerCx - ok
20:11:21.0595 0x09cc  [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
20:11:21.0597 0x09cc  SerCx2 - ok
20:11:21.0600 0x09cc  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
20:11:21.0600 0x09cc  Serenum - ok
20:11:21.0603 0x09cc  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
20:11:21.0604 0x09cc  Serial - ok
20:11:21.0607 0x09cc  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
20:11:21.0608 0x09cc  sermouse - ok
20:11:21.0621 0x09cc  [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
20:11:21.0626 0x09cc  SessionEnv - ok
20:11:21.0629 0x09cc  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
20:11:21.0629 0x09cc  sfloppy - ok
20:11:21.0641 0x09cc  [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:11:21.0647 0x09cc  SharedAccess - ok
20:11:21.0661 0x09cc  [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:11:21.0669 0x09cc  ShellHWDetection - ok
20:11:21.0674 0x09cc  [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
20:11:21.0677 0x09cc  shpamsvc - ok
20:11:21.0681 0x09cc  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:11:21.0682 0x09cc  SiSRaid2 - ok
20:11:21.0685 0x09cc  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
20:11:21.0686 0x09cc  SiSRaid4 - ok
20:11:21.0694 0x09cc  [ 9C5AA4F37CE79CB0C04516C51A02D753, 3904188973F74113701C0C3AB8C153FB1E2F874CFA5A463E799CE3BDCEE60745 ] SIVDriver       C:\Windows\system32\Drivers\SIVX64.sys
20:11:21.0696 0x09cc  SIVDriver - ok
20:11:21.0705 0x09cc  [ B72B80E6FF423C5011E745CB76DA9A08, 18A6B9D46E91AD4D463EB5CB832702392D2E162577F90C328B515FCE69FABD15 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:11:21.0708 0x09cc  SkypeUpdate - ok
20:11:21.0711 0x09cc  [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost         C:\WINDOWS\System32\smphost.dll
20:11:21.0713 0x09cc  smphost - ok
20:11:21.0725 0x09cc  [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
20:11:21.0733 0x09cc  SmsRouter - ok
20:11:21.0739 0x09cc  [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
20:11:21.0740 0x09cc  SNMPTRAP - ok
20:11:21.0751 0x09cc  [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
20:11:21.0757 0x09cc  spaceport - ok
20:11:21.0762 0x09cc  [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
20:11:21.0763 0x09cc  SpbCx - ok
20:11:21.0778 0x09cc  [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler         C:\WINDOWS\System32\spoolsv.exe
20:11:21.0787 0x09cc  Spooler - ok
20:11:21.0872 0x09cc  [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
20:11:21.0929 0x09cc  sppsvc - ok
20:11:21.0943 0x09cc  [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:11:21.0947 0x09cc  srv - ok
20:11:21.0963 0x09cc  [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
20:11:21.0970 0x09cc  srv2 - ok
20:11:21.0977 0x09cc  [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
20:11:21.0980 0x09cc  srvnet - ok
20:11:21.0987 0x09cc  [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:11:21.0990 0x09cc  SSDPSRV - ok
20:11:21.0997 0x09cc  [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
20:11:22.0000 0x09cc  SstpSvc - ok
20:11:22.0006 0x09cc  [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
20:11:22.0008 0x09cc  ssudmdm - ok
20:11:22.0072 0x09cc  [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
20:11:22.0116 0x09cc  StateRepository - ok
20:11:22.0144 0x09cc  [ 90E22D7CDE08E07446D238A569BCAB7C, 3D4F413D0B0C9CF28D06E0476F24AC6441C8678DF786D9971B39C91C9F9B8020 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:11:22.0159 0x09cc  Steam Client Service - ok
20:11:22.0164 0x09cc  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
20:11:22.0164 0x09cc  stexstor - ok
20:11:22.0178 0x09cc  [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
20:11:22.0185 0x09cc  stisvc - ok
20:11:22.0190 0x09cc  [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
20:11:22.0192 0x09cc  storahci - ok
20:11:22.0195 0x09cc  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
20:11:22.0196 0x09cc  storflt - ok
20:11:22.0200 0x09cc  [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
20:11:22.0201 0x09cc  stornvme - ok
20:11:22.0204 0x09cc  [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
20:11:22.0205 0x09cc  storqosflt - ok
20:11:22.0221 0x09cc  [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
20:11:22.0229 0x09cc  StorSvc - ok
20:11:22.0233 0x09cc  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
20:11:22.0234 0x09cc  storufs - ok
20:11:22.0237 0x09cc  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
20:11:22.0238 0x09cc  storvsc - ok
20:11:22.0241 0x09cc  [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc           C:\WINDOWS\system32\svsvc.dll
20:11:22.0242 0x09cc  svsvc - ok
20:11:22.0245 0x09cc  [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
20:11:22.0245 0x09cc  swenum - ok
20:11:22.0262 0x09cc  [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv           C:\WINDOWS\System32\swprv.dll
20:11:22.0271 0x09cc  swprv - ok
20:11:22.0276 0x09cc  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
20:11:22.0277 0x09cc  Synth3dVsc - ok
20:11:22.0296 0x09cc  [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain         C:\WINDOWS\system32\sysmain.dll
20:11:22.0307 0x09cc  SysMain - ok
20:11:22.0316 0x09cc  [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
20:11:22.0321 0x09cc  SystemEventsBroker - ok
20:11:22.0326 0x09cc  [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
20:11:22.0329 0x09cc  TabletInputService - ok
20:11:22.0337 0x09cc  [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:11:22.0341 0x09cc  TapiSrv - ok
20:11:22.0382 0x09cc  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
20:11:22.0408 0x09cc  Tcpip - ok
20:11:22.0455 0x09cc  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
20:11:22.0482 0x09cc  Tcpip6 - ok
20:11:22.0488 0x09cc  [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
20:11:22.0489 0x09cc  tcpipreg - ok
20:11:22.0495 0x09cc  [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
20:11:22.0496 0x09cc  tdx - ok
20:11:22.0499 0x09cc  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
20:11:22.0500 0x09cc  terminpt - ok
20:11:22.0517 0x09cc  [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService     C:\WINDOWS\System32\termsrv.dll
20:11:22.0529 0x09cc  TermService - ok
20:11:22.0534 0x09cc  [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes          C:\WINDOWS\system32\themeservice.dll
20:11:22.0536 0x09cc  Themes - ok
20:11:22.0543 0x09cc  [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
20:11:22.0547 0x09cc  TieringEngineService - ok
20:11:22.0568 0x09cc  [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
20:11:22.0579 0x09cc  tiledatamodelsvc - ok
20:11:22.0586 0x09cc  [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc   C:\WINDOWS\System32\TimeBrokerServer.dll
20:11:22.0589 0x09cc  TimeBrokerSvc - ok
20:11:22.0595 0x09cc  [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
20:11:22.0598 0x09cc  TPM - ok
20:11:22.0602 0x09cc  [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
20:11:22.0605 0x09cc  TrkWks - ok
20:11:22.0607 0x09cc  truecrypt - ok
20:11:22.0612 0x09cc  [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
20:11:22.0613 0x09cc  TrustedInstaller - ok
20:11:22.0618 0x09cc  [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
20:11:22.0619 0x09cc  tsusbflt - ok
20:11:22.0622 0x09cc  [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:11:22.0623 0x09cc  TsUsbGD - ok
20:11:22.0627 0x09cc  [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
20:11:22.0629 0x09cc  tunnel - ok
20:11:22.0634 0x09cc  [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
20:11:22.0636 0x09cc  tzautoupdate - ok
20:11:22.0640 0x09cc  [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
20:11:22.0641 0x09cc  UASPStor - ok
20:11:22.0645 0x09cc  [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
20:11:22.0646 0x09cc  UcmCx0101 - ok
20:11:22.0650 0x09cc  [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
20:11:22.0652 0x09cc  UcmTcpciCx0101 - ok
20:11:22.0655 0x09cc  [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
20:11:22.0656 0x09cc  UcmUcsi - ok
20:11:22.0661 0x09cc  [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
20:11:22.0663 0x09cc  Ucx01000 - ok
20:11:22.0667 0x09cc  [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
20:11:22.0668 0x09cc  UdeCx - ok
20:11:22.0675 0x09cc  [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
20:11:22.0679 0x09cc  udfs - ok
20:11:22.0682 0x09cc  [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
20:11:22.0682 0x09cc  UEFI - ok
20:11:22.0689 0x09cc  [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
20:11:22.0692 0x09cc  Ufx01000 - ok
20:11:22.0696 0x09cc  [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
20:11:22.0698 0x09cc  UfxChipidea - ok
20:11:22.0702 0x09cc  [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
20:11:22.0704 0x09cc  ufxsynopsys - ok
20:11:22.0711 0x09cc  [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
20:11:22.0713 0x09cc  UI0Detect - ok
20:11:22.0715 0x09cc  [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
20:11:22.0716 0x09cc  umbus - ok
20:11:22.0719 0x09cc  [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
20:11:22.0719 0x09cc  UmPass - ok
20:11:22.0725 0x09cc  [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
20:11:22.0730 0x09cc  UmRdpService - ok
20:11:22.0750 0x09cc  [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
20:11:22.0764 0x09cc  UnistoreSvc - ok
20:11:22.0777 0x09cc  [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:11:22.0782 0x09cc  upnphost - ok
20:11:22.0786 0x09cc  [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
20:11:22.0786 0x09cc  UrsChipidea - ok
20:11:22.0790 0x09cc  [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
20:11:22.0791 0x09cc  UrsCx01000 - ok
20:11:22.0794 0x09cc  [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
20:11:22.0794 0x09cc  UrsSynopsys - ok
20:11:22.0800 0x09cc  [ 93F169DE94DBAC5DAF4755AFF10193DD, 381E6751EB97426B9BF30929E4B82A665D1ED985DA60BE18D3C17CF2BB41F848 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
20:11:22.0801 0x09cc  usbaudio - ok
20:11:22.0808 0x09cc  [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
20:11:22.0810 0x09cc  usbccgp - ok
20:11:22.0814 0x09cc  [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
20:11:22.0816 0x09cc  usbcir - ok
20:11:22.0819 0x09cc  [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
20:11:22.0821 0x09cc  usbehci - ok
20:11:22.0831 0x09cc  [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
20:11:22.0837 0x09cc  usbhub - ok
20:11:22.0848 0x09cc  [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
20:11:22.0854 0x09cc  USBHUB3 - ok
20:11:22.0858 0x09cc  [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
20:11:22.0859 0x09cc  usbohci - ok
20:11:22.0862 0x09cc  [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
20:11:22.0863 0x09cc  usbprint - ok
20:11:22.0866 0x09cc  [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
20:11:22.0867 0x09cc  usbser - ok
20:11:22.0871 0x09cc  [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:11:22.0872 0x09cc  USBSTOR - ok
20:11:22.0875 0x09cc  [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
20:11:22.0876 0x09cc  usbuhci - ok
20:11:22.0881 0x09cc  [ B4F448F2424492F99F83D3676A453553, 42F1396616EA93BF91EA847B185C321B189F1A5138CA19D22397E8DB6D576973 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
20:11:22.0884 0x09cc  usbvideo - ok
20:11:22.0893 0x09cc  [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:11:22.0896 0x09cc  USBXHCI - ok
20:11:22.0922 0x09cc  [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
20:11:22.0940 0x09cc  UserDataSvc - ok
20:11:22.0960 0x09cc  [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager     C:\WINDOWS\System32\usermgr.dll
20:11:22.0973 0x09cc  UserManager - ok
20:11:22.0997 0x09cc  [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc          C:\WINDOWS\system32\usocore.dll
20:11:23.0009 0x09cc  UsoSvc - ok
20:11:23.0014 0x09cc  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
20:11:23.0015 0x09cc  VaultSvc - ok
20:11:23.0019 0x09cc  [ 370DDBA4C7ACB60910EE4E504E527181, 656D90FB7C24487C6EBBF64A5019B858D9FEBC7B82C62FE1E5EE050ABFFA9CDE ] VCSVADHWSer     C:\WINDOWS\system32\DRIVERS\vcsvad.sys
20:11:23.0019 0x09cc  VCSVADHWSer - ok
20:11:23.0022 0x09cc  [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
20:11:23.0023 0x09cc  vdrvroot - ok
20:11:23.0036 0x09cc  [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds             C:\WINDOWS\System32\vds.exe
20:11:23.0044 0x09cc  vds - ok
20:11:23.0051 0x09cc  [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
20:11:23.0054 0x09cc  VerifierExt - ok
20:11:23.0068 0x09cc  [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
20:11:23.0076 0x09cc  vhdmp - ok
20:11:23.0079 0x09cc  [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
20:11:23.0080 0x09cc  vhf - ok
20:11:23.0086 0x09cc  [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
20:11:23.0087 0x09cc  vmbus - ok
20:11:23.0089 0x09cc  [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
20:11:23.0089 0x09cc  VMBusHID - ok
20:11:23.0092 0x09cc  [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid           C:\WINDOWS\System32\drivers\vmgid.sys
20:11:23.0092 0x09cc  vmgid - ok
20:11:23.0100 0x09cc  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
20:11:23.0104 0x09cc  vmicguestinterface - ok
20:11:23.0110 0x09cc  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat   C:\WINDOWS\System32\icsvc.dll
20:11:23.0113 0x09cc  vmicheartbeat - ok
20:11:23.0120 0x09cc  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
20:11:23.0123 0x09cc  vmickvpexchange - ok
20:11:23.0132 0x09cc  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv         C:\WINDOWS\System32\icsvcext.dll
20:11:23.0136 0x09cc  vmicrdv - ok
20:11:23.0144 0x09cc  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown    C:\WINDOWS\System32\icsvc.dll
20:11:23.0148 0x09cc  vmicshutdown - ok
20:11:23.0154 0x09cc  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync    C:\WINDOWS\System32\icsvc.dll
20:11:23.0157 0x09cc  vmictimesync - ok
20:11:23.0163 0x09cc  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession   C:\WINDOWS\System32\icsvc.dll
20:11:23.0167 0x09cc  vmicvmsession - ok
20:11:23.0176 0x09cc  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss         C:\WINDOWS\System32\icsvcext.dll
20:11:23.0180 0x09cc  vmicvss - ok
20:11:23.0185 0x09cc  [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
20:11:23.0186 0x09cc  volmgr - ok
20:11:23.0194 0x09cc  [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
20:11:23.0198 0x09cc  volmgrx - ok
20:11:23.0208 0x09cc  [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
20:11:23.0212 0x09cc  volsnap - ok
20:11:23.0215 0x09cc  [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume          C:\WINDOWS\system32\drivers\volume.sys
20:11:23.0215 0x09cc  volume - ok
20:11:23.0218 0x09cc  [ D640A9761286113E7B53E6AFC23D9467, 33610F561636836B16EBEC354C595E4D5E2140ECF5316582870F1F7E3F2ECB02 ] voxaldriver     C:\WINDOWS\system32\DRIVERS\voxaldriverx64.sys
20:11:23.0219 0x09cc  voxaldriver - ok
20:11:23.0224 0x09cc  [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
20:11:23.0225 0x09cc  vpci - ok
20:11:23.0229 0x09cc  [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
20:11:23.0231 0x09cc  vsmraid - ok
20:11:23.0256 0x09cc  [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS             C:\WINDOWS\system32\vssvc.exe
20:11:23.0273 0x09cc  VSS - ok
20:11:23.0281 0x09cc  [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
20:11:23.0285 0x09cc  VSTXRAID - ok
20:11:23.0288 0x09cc  [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
20:11:23.0288 0x09cc  vwifibus - ok
20:11:23.0293 0x09cc  [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
20:11:23.0294 0x09cc  vwififlt - ok
20:11:23.0297 0x09cc  [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
20:11:23.0298 0x09cc  vwifimp - ok
20:11:23.0309 0x09cc  [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time         C:\WINDOWS\system32\w32time.dll
20:11:23.0315 0x09cc  W32Time - ok
20:11:23.0319 0x09cc  [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
20:11:23.0319 0x09cc  WacomPen - ok
20:11:23.0330 0x09cc  [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService   C:\WINDOWS\system32\WalletService.dll
20:11:23.0335 0x09cc  WalletService - ok
20:11:23.0339 0x09cc  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:11:23.0340 0x09cc  wanarp - ok
20:11:23.0344 0x09cc  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:11:23.0345 0x09cc  wanarpv6 - ok
20:11:23.0370 0x09cc  [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine        C:\WINDOWS\system32\wbengine.exe
20:11:23.0387 0x09cc  wbengine - ok
20:11:23.0405 0x09cc  [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
20:11:23.0415 0x09cc  WbioSrvc - ok
20:11:23.0420 0x09cc  [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs           C:\WINDOWS\system32\drivers\wcifs.sys
20:11:23.0422 0x09cc  wcifs - ok
20:11:23.0436 0x09cc  [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
20:11:23.0445 0x09cc  Wcmsvc - ok
20:11:23.0457 0x09cc  [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
20:11:23.0463 0x09cc  wcncsvc - ok
20:11:23.0466 0x09cc  [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs           C:\WINDOWS\system32\drivers\wcnfs.sys
20:11:23.0467 0x09cc  wcnfs - ok
20:11:23.0471 0x09cc  [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
20:11:23.0472 0x09cc  WdBoot - ok
20:11:23.0489 0x09cc  [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
20:11:23.0498 0x09cc  Wdf01000 - ok
20:11:23.0507 0x09cc  [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
20:11:23.0510 0x09cc  WdFilter - ok
20:11:23.0514 0x09cc  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
20:11:23.0517 0x09cc  WdiServiceHost - ok
20:11:23.0520 0x09cc  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
20:11:23.0522 0x09cc  WdiSystemHost - ok
20:11:23.0537 0x09cc  [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
20:11:23.0546 0x09cc  wdiwifi - ok
20:11:23.0551 0x09cc  [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
20:11:23.0552 0x09cc  WdNisDrv - ok
20:11:23.0554 0x09cc  WdNisSvc - ok
20:11:23.0561 0x09cc  [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:11:23.0565 0x09cc  WebClient - ok
20:11:23.0572 0x09cc  [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
20:11:23.0575 0x09cc  Wecsvc - ok
20:11:23.0579 0x09cc  [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
20:11:23.0580 0x09cc  WEPHOSTSVC - ok
20:11:23.0585 0x09cc  [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
20:11:23.0587 0x09cc  wercplsupport - ok
20:11:23.0594 0x09cc  [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
20:11:23.0597 0x09cc  WerSvc - ok
20:11:23.0602 0x09cc  [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
20:11:23.0604 0x09cc  WFPLWFS - ok
20:11:23.0609 0x09cc  [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
20:11:23.0611 0x09cc  WiaRpc - ok
20:11:23.0614 0x09cc  [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
20:11:23.0615 0x09cc  WIMMount - ok
20:11:23.0616 0x09cc  WinDefend - ok
20:11:23.0623 0x09cc  [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
20:11:23.0625 0x09cc  WindowsTrustedRT - ok
20:11:23.0628 0x09cc  [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
20:11:23.0629 0x09cc  WindowsTrustedRTProxy - ok
20:11:23.0645 0x09cc  [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
20:11:23.0655 0x09cc  WinHttpAutoProxySvc - ok
20:11:23.0659 0x09cc  [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
20:11:23.0660 0x09cc  WinMad - ok
20:11:23.0670 0x09cc  [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:11:23.0673 0x09cc  Winmgmt - ok
20:11:23.0716 0x09cc  [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
20:11:23.0747 0x09cc  WinRM - ok
20:11:23.0755 0x09cc  [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
20:11:23.0757 0x09cc  WINUSB - ok
20:11:23.0760 0x09cc  [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
20:11:23.0761 0x09cc  WinVerbs - ok
20:11:23.0782 0x09cc  [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc           C:\WINDOWS\system32\flightsettings.dll
20:11:23.0793 0x09cc  wisvc - ok
20:11:23.0830 0x09cc  [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
20:11:23.0856 0x09cc  WlanSvc - ok
20:11:23.0889 0x09cc  [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
20:11:23.0913 0x09cc  wlidsvc - ok
20:11:23.0918 0x09cc  [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
20:11:23.0919 0x09cc  WmiAcpi - ok
20:11:23.0927 0x09cc  [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
20:11:23.0929 0x09cc  wmiApSrv - ok
20:11:23.0931 0x09cc  WMPNetworkSvc - ok
20:11:23.0942 0x09cc  [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
20:11:23.0949 0x09cc  Wof - ok
20:11:23.0983 0x09cc  [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
20:11:24.0002 0x09cc  workfolderssvc - ok
20:11:24.0008 0x09cc  [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
20:11:24.0011 0x09cc  WPDBusEnum - ok
20:11:24.0014 0x09cc  [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:11:24.0014 0x09cc  WpdUpFltr - ok
20:11:24.0021 0x09cc  [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService      C:\WINDOWS\system32\WpnService.dll
20:11:24.0025 0x09cc  WpnService - ok
20:11:24.0029 0x09cc  [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
20:11:24.0031 0x09cc  WpnUserService - ok
20:11:24.0036 0x09cc  [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:11:24.0036 0x09cc  ws2ifsl - ok
20:11:24.0042 0x09cc  [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
20:11:24.0046 0x09cc  wscsvc - ok
20:11:24.0049 0x09cc  WSearch - ok
20:11:24.0092 0x09cc  [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
20:11:24.0118 0x09cc  wuauserv - ok
20:11:24.0124 0x09cc  [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
20:11:24.0125 0x09cc  WudfPf - ok
20:11:24.0132 0x09cc  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd          C:\WINDOWS\system32\drivers\WudfRd.sys
20:11:24.0134 0x09cc  WUDFRd - ok
20:11:24.0138 0x09cc  [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
20:11:24.0141 0x09cc  wudfsvc - ok
20:11:24.0147 0x09cc  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:11:24.0149 0x09cc  WUDFWpdFs - ok
20:11:24.0154 0x09cc  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:11:24.0157 0x09cc  WUDFWpdMtp - ok
20:11:24.0179 0x09cc  [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
20:11:24.0194 0x09cc  WwanSvc - ok
20:11:24.0222 0x09cc  [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
20:11:24.0235 0x09cc  XblAuthManager - ok
20:11:24.0264 0x09cc  [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
20:11:24.0278 0x09cc  XblGameSave - ok
20:11:24.0286 0x09cc  [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
20:11:24.0289 0x09cc  xboxgip - ok
20:11:24.0306 0x09cc  [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
20:11:24.0318 0x09cc  XboxNetApiSvc - ok
20:11:24.0323 0x09cc  [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
20:11:24.0323 0x09cc  xinputhid - ok
20:11:24.0325 0x09cc  ================ Scan global ===============================
20:11:24.0329 0x09cc  [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
20:11:24.0334 0x09cc  [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\WINDOWS\system32\winsrv.dll
20:11:24.0340 0x09cc  [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
20:11:24.0351 0x09cc  [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe
20:11:24.0356 0x09cc  [ Global ] - ok
20:11:24.0357 0x09cc  ================ Scan MBR ==================================
20:11:24.0358 0x09cc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:11:24.0400 0x09cc  \Device\Harddisk0\DR0 - ok
20:11:24.0427 0x09cc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:11:24.0436 0x09cc  \Device\Harddisk1\DR1 - ok
20:11:24.0481 0x09cc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
20:11:24.0493 0x09cc  \Device\Harddisk2\DR2 - ok
20:11:24.0494 0x09cc  ================ Scan VBR ==================================
20:11:24.0499 0x09cc  [ 964D304E733FC2E55BD0CDE8619B30E4 ] \Device\Harddisk0\DR0\Partition1
20:11:24.0500 0x09cc  \Device\Harddisk0\DR0\Partition1 - ok
20:11:24.0502 0x09cc  [ F563552DF9CE9A5B3FFC0BD20949CF72 ] \Device\Harddisk0\DR0\Partition2
20:11:24.0503 0x09cc  \Device\Harddisk0\DR0\Partition2 - ok
20:11:24.0505 0x09cc  [ 76B1930B8FB2078046D67E196BB151FB ] \Device\Harddisk1\DR1\Partition1
20:11:24.0506 0x09cc  \Device\Harddisk1\DR1\Partition1 - ok
20:11:24.0508 0x09cc  [ 3106DD3D4CDEF8B15D5F2F2F472159B7 ] \Device\Harddisk2\DR2\Partition1
20:11:24.0509 0x09cc  \Device\Harddisk2\DR2\Partition1 - ok
20:11:24.0510 0x09cc  ================ Scan generic autorun ======================
20:11:24.0636 0x09cc  [ A15FF7FFA54109281D5742D396271DFC, 2551B6203E594087858FA514FD73DC652AEC45AAAADDFC50240F4AC2BF5C1879 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
20:11:24.0734 0x09cc  RTHDVCPL - ok
20:11:24.0742 0x09cc  [ BAEDADCD6509201F82CE5B404AB14814, 8C39C18CE00DB254F370D9C4AA80E88BF67C457240F3D30A58E39DBF9B96F44B ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
20:11:24.0742 0x09cc  IAStorIcon - ok
20:11:24.0745 0x09cc  [ C7645D43451C6D94D87F4D07BDE59C89, 495BBA47FC43EE23054FCD419F2F00457162D1C04296900C6AEA551102A810F3 ] C:\WINDOWS\system32\rundll32.exe
20:11:24.0747 0x09cc  ShadowPlay - ok
20:11:24.0751 0x09cc  [ 258E2CD2C4984A977106C9EF7CA8AF69, D8F6409D5F5782CC27D159D18E914A3DB59D8644D7017CA6F84F0CF30E95174C ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
20:11:24.0752 0x09cc  Avira SystrayStartTrigger - ok
20:11:24.0787 0x09cc  [ 1BC31F797516DC7B7446B62A849D5905, 49B35A41F1C3739800CBA2A559C2AEFE89FBC090F8305681AF3B379B639E16AA ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
20:11:24.0799 0x09cc  avgnt - ok
20:11:24.0803 0x09cc  Dropbox - ok
20:11:24.0940 0x09cc  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:11:25.0044 0x09cc  OneDriveSetup - ok
20:11:25.0173 0x09cc  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:11:25.0260 0x09cc  OneDriveSetup - ok
20:11:25.0293 0x09cc  [ CD7DC286D2FDFACB965C3E10967B2199, 30FFB133E70D694BE6968E86E999C797EE7349DCC4E9ACFB338412C039374388 ] C:\Users\Chris\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:11:25.0310 0x09cc  OneDrive - ok
20:11:25.0377 0x09cc  [ 7F3D0BC2FE61C249302E0515989C59E2, 18613B1D861D7289EF050EE1C0384FCF70F40FDF7E3CB586D36B5D19A7591F8F ] C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
20:11:25.0429 0x09cc  Akamai NetSession Interface - ok
20:11:25.0433 0x09cc  SpybotPostWindows10UpgradeReInstall - ok
20:11:25.0458 0x09cc  [ 39F07FEA9532CD88F388ECABEFE37CD2, 59A73628DE72CAFA0B8A3E22054EEEF85820AD012BC68E279A4B5E0B728E9621 ] C:\Users\Chris\AppData\Roaming\Spotify\SpotifyWebHelper.exe
20:11:25.0474 0x09cc  Spotify Web Helper - ok
20:11:25.0529 0x09cc  [ 8419F773455D7A7EC572AB1CC69BEA9E, AE859B41D282FF024D3539A775C1B143B22CAB912BDBB3ED86E95F5265628F04 ] D:\WinPatrol\winpatrol.exe
20:11:25.0546 0x09cc  WinPatrol - ok
20:11:25.0548 0x09cc  Waiting for KSN requests completion. In queue: 231
20:11:26.0573 0x09cc  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.24.143 ), 0x41000 ( enabled : updated )
20:11:26.0577 0x09cc  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
20:11:26.0606 0x09cc  Win FW state via NFP2: enabled ( trusted )
20:11:26.0695 0x09cc  ============================================================
20:11:26.0695 0x09cc  Scan finished
20:11:26.0695 0x09cc  ============================================================
20:11:26.0710 0x04b8  Detected object count: 0
20:11:26.0710 0x04b8  Actual detected object count: 0

M-K-D-B · 20.02.2017, 20:46

Servus,

du hast am 27.01. AdwCleaner und MBAM ausgeführt.
Wurde dabei etwas gefunden? Wenn ja, bitte die Logdateien posten.

januskopf198 · 20.02.2017, 22:27

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v6.042 - Bericht erstellt am 27/01/2017 um 14:48:04
# Aktualisiert am 06/01/2017 von Malwarebytes
# Datenbank : 2017-01-27.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Chris - DESKTOP-2M6NKLL
# Gestartet von : C:\Users\Chris\Downloads\AdwCleaner_6.042.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Ordner Gefunden: C:\Users\Chris\AppData\Local\Video Converter
Ordner Gefunden: C:\Users\Chris\Documents\Video Converter
Ordner Gefunden: C:\ProgramData\VideoConverter
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Ordner Gefunden: C:\Users\Chris\AppData\Local\Temp\VideoConverter


***** [ Dateien ] *****

Keine schädlichen Dateien gefunden.


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Keine schädlichen Aufgaben gefunden.


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Video Converter
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1898 Bytes] - [27/01/2017 14:48:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1971 Bytes] ##########

--- --- ---

[/CODE]

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v6.042 - Bericht erstellt am 27/01/2017 um 14:49:01
# Aktualisiert am 06/01/2017 von Malwarebytes
# Datenbank : 2017-01-27.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Chris - DESKTOP-2M6NKLL
# Gestartet von : C:\Users\Chris\Downloads\AdwCleaner_6.042.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Users\Chris\AppData\Local\Video Converter
[-] Ordner gelöscht: C:\Users\Chris\Documents\Video Converter
[-] Ordner gelöscht: C:\ProgramData\VideoConverter
[-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
[-] Ordner gelöscht: C:\Users\Chris\AppData\Local\Temp\VideoConverter


***** [ Dateien ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Video Converter
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1704 Bytes] - [27/01/2017 14:49:01]
C:\AdwCleaner\AdwCleaner[S0].txt - [2058 Bytes] - [27/01/2017 14:48:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1850 Bytes] ##########

--- --- ---

[/CODE]

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 27.01.2017
Suchlaufzeit: 14:54
Protokolldatei: log.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2017.01.27.04
Rootkit-Datenbank: v2016.11.20.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Chris

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 328910
Abgelaufene Zeit: 5 Min., 25 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 22
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 

Dateien: 149
Adware.DownloadSponsor, C:\Users\Chris\AppData\Local\Temp\DMR\dmr_72.exe, In Quarantäne, [d40c1d63abfd96a06c78e0cbb84852ae], 
PUP.Optional.ICQPlugin, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\searchplugins\icqplugin.xml, In Quarantäne, [924e37499e0aa49294f6aaba51b2e31d], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.css, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.xul, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\autocomplete.xml, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\exitobserver.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\globals.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\heureka.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\heureka_blacklist.json, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\highlight.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\hpprotect.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\hpprotect.xul, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqsearch.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.xul, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\jquery-1.4.4.min.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\localfileupdate.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\menu-button.xml, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab.html, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_bg.html, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_cz.html, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_de.html, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_en.html, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_es.html, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_fr.html, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_he.html, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_it.html, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_ru.html, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_sk.html, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_tr.html, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_uk.html, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.xul, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsegamesxml.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsemenuxml.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.xul, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\ppc.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\prefutils.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\search.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\splitter.xml, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\statistics.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\tabcontext.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\utilities.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\voucher.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\zoom.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgLarge.gif, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgSmall.gif, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonBlue.gif, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonGreen.gif, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\searchLogo.gif, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\hpprotect.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\icq_locale.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb_options.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\options.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\hpprotect.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\icq_locale.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb_options.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\options.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\hpprotect.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\icq_locale.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb_options.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\options.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\hpprotect.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\icq_locale.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb_options.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\options.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\hpprotect.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\icq_locale.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb_options.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\options.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\hpprotect.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\icq_locale.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb_options.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\options.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\hpprotect.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\icq_locale.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb_options.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\options.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\hpprotect.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\icq_locale.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb_options.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\options.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\hpprotect.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\icq_locale.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb_options.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\options.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\hpprotect.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\icq_locale.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb_options.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\options.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\hpprotect.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\icq_locale.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb_options.dtd, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\options.properties, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\about.css, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\abt.png, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ain.png, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ang.png, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\default.css, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dis.png, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\down_arrow.jpg, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\down_arrow.png, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dropmarker.css, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\fixed4all.css, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\tui.png, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.ICQToolbar, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml, In Quarantäne, [7868047c0d9bd75f72994e5a4db531cf], 
PUP.Optional.FaceMoods, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.aflt", "_#gppc");), Ersetzt,[bd231b65e5c3b87e19a9f718da2a3fc1]
PUP.Optional.FaceMoods, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make ), Ersetzt,[c51b0d73a800c76f7c46917e32d2af51]
PUP.Optional.FaceMoods, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make c), Ersetzt,[528ed8a87038f73fdde5937c5da758a8]
PUP.Optional.FaceMoods, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you ma), Ersetzt,[28b880006642c175aa1838d7986c3dc3]
PUP.Optional.FaceMoods, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make changes to this file w), Ersetzt,[548cf888cbdd6accb210040bab59cc34]
PUP.Optional.FaceMoods, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\prefs.js, Gut: (), Schlecht: (his file.
 *
 * If you make changes to this file whi), Ersetzt,[f8e8e7996840be78e5dd4cc349bb33cd]
PUP.Optional.FaceMoods, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\prefs.js, Gut: (), Schlecht: (s

/* Do not edit this file.
 *
 * If you make changes to), Ersetzt,[a53be19f03a579bdf0d29d729272748c]
PUP.Optional.FaceMoods, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\prefs.js, Gut: (), Schlecht: ( Do not edit this file.
 *
 * If you make changes to this file while the a), Ersetzt,[449c681811978da9ccf6b15e1ee6ed13]
PUP.Optional.FaceMoods, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\prefs.js, Gut: (), Schlecht: (is file.
 *
 * If you make changes to this file whi), Ersetzt,[8c54f58b248455e1517166a946be659b]
PUP.Optional.FaceMoods, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\3xlwd4bx.default\prefs.js, Gut: (), Schlecht: (es

/* Do not edit this file.
 *
 * If you make ch), Ersetzt,[fce4dba52583ca6c2c96b25d44c055ab]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

M-K-D-B · 21.02.2017, 15:57

Servus,

wir kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von HitmanPro,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

januskopf198 · 21.02.2017, 18:41

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-02-2017
durchgeführt von Chris (21-02-2017 17:33:08) Run:1
Gestartet von C:\Users\Chris\Desktop
Geladene Profile: Chris (Verfügbare Profile: Chris)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************

Prozesse erfolgreich geschlossen.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 473436024 B
Java, Flash, Steam htmlcache => 101796964 B
Windows/system/drivers => 31002917 B
Edge => 770590 B
Chrome => 132793514 B
Firefox => 389439565 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 37168 B
LocalService => 247478 B
NetworkService => 114704 B
Chris => 1895275734 B

RecycleBin => 0 B
EmptyTemp: => 2.8 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 17:33:27 ====

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5798d14d7cbb2948ae500110fc356e3c
# end=init
# utc_time=2017-02-21 04:39:23
# local_time=2017-02-21 05:39:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 32480
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5798d14d7cbb2948ae500110fc356e3c
# end=updated
# utc_time=2017-02-21 04:41:32
# local_time=2017-02-21 05:41:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5798d14d7cbb2948ae500110fc356e3c
# engine=32480
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-02-21 05:23:57
# local_time=2017-02-21 06:23:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 97 2992 31545560 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 13591342 19028453 0 0
# scanned=251397
# found=1
# cleaned=0
# scan_time=2544
sh=77C46375F7AB753CB372CF5EE9D2AF94CD2C3469 ft=1 fh=5bf018a7bab3b744 vn="Variante von Win32/DownloadSponsor.C eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\DMR\File Repair - CHIP-Installer.exe"

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : DESKTOP-2M6NKLL
   Windows . . . . . . . : 10.0.0.14393.X64/4
   User name . . . . . . : DESKTOP-2M6NKLL\Chris
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-02-21 18:35:53
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 25s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 3

   Objects scanned . . . : 1.904.839
   Files scanned . . . . : 49.538
   Remnants scanned  . . : 436.540 files / 1.418.761 keys

Malware _____________________________________________________________________

   C:\WINDOWS\system32\config\systemprofile\AppData\Local\DMR\File Repair - CHIP-Installer.exe
      Size . . . . . . . : 1.496.584 bytes
      Age  . . . . . . . : 23.8 days (2017-01-28 22:29:10)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : 5196A3C348D6E26EB74DB1AEFE33B2492D8A0E139E132280DC01CC948079668D
      Needs elevation  . : Yes
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen
      Fuzzy  . . . . . . : 104.0
      Forensic Cluster
         -0.0s C:\Windows\System32\config\systemprofile\AppData\Local\DMR\
          0.0s C:\Windows\System32\config\systemprofile\AppData\Local\DMR\File Repair - CHIP-Installer.exe


Suspicious files ____________________________________________________________

   C:\Users\Chris\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.422.784 bytes
      Age  . . . . . . . : 1.9 days (2017-02-19 20:08:01)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C2280BABEB08B58E46141BA6BE499ACA4779C2DE22910F8C56BCD041AD8E07D6
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Chris\Desktop\FRST64.exe
      Size . . . . . . . : 2.422.784 bytes
      Age  . . . . . . . : 0.0 days (2017-02-21 17:32:57)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 49CE8654FAF2CE65F8A87A16D0C202D3679C5A9A1F971D670DF2C67827F77500
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Chris\Desktop\FRST64.exe
          1.5s C:\Users\Chris\Desktop\FRST-OlderVersion\
          4.2s C:\Windows\Prefetch\FRST64.EXE-652A0E81.pf
         11.6s C:\FRST\Logs\ct
         11.6s C:\Users\Chris\Desktop\Fixlog.txt
         11.7s C:\Windows\Prefetch\NVOAWRAPPERCACHE.EXE-C3E594FB.pf
         11.9s C:\Windows\Prefetch\DLLHOST.EXE-DACE9A9B.pf
         12.0s C:\Windows\Prefetch\BITSADMIN.EXE-71339457.pf
         12.0s C:\Windows\Prefetch\IPCONFIG.EXE-912F3D5B.pf
         12.3s C:\Windows\Prefetch\NETSH.EXE-F1B6DA12.pf
         12.9s C:\ProgramData\NVIDIA\MessageBus_12756_0x2692E8EDEC0.log
         12.9s C:\ProgramData\NVIDIA\MessageBus_12756_0x2692E8EE0E0.log
         13.9s C:\ProgramData\NVIDIA\MessageBus_7292_0x5C8E3A0.log
         21.7s C:\Windows\Prefetch\DASHOST.EXE-5E5F38F6.pf
         22.7s C:\Windows\Prefetch\NVCONTAINER.EXE-73C1041F.pf
         22.7s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         22.8s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
         26.7s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf
         36.4s C:\FRST\Logs\Fixlog_21-02-2017 17.33.33.txt
         36.6s C:\Users\Chris\AppData\Local\IconCache.db
         36.6s C:\Users\Chris\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x00000000000000b1.db

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
durchgeführt von Chris (Administrator) auf DESKTOP-2M6NKLL (21-02-2017 18:39:06)
Gestartet von C:\Users\Chris\Desktop
Geladene Profile: Chris (Verfügbare Profile: Chris)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Akamai Technologies, Inc.) C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Chris\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Ruiware) D:\WinPatrol\WinPatrol.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.) <===== ACHTUNG
HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Run: [Spotify Web Helper] => C:\Users\Chris\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-20] (Spotify Ltd)
HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Run: [WinPatrol] => D:\WinPatrol\winpatrol.exe [1231240 2016-11-14] (Ruiware)
HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{19eb9ae3-527e-44e3-bbd5-7d176c4ff30d}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{9a9780da-5392-447d-830c-de21e4f15d60}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{ae647b26-9842-48b9-8376-c59f5f8cabab}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{da0ba8eb-9cdd-48eb-84c1-7c479440b9ea}: [DhcpNameServer] 192.168.2.1 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168 [2017-02-21]
FF Extension: (English (GB) Language Pack) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2017-02-11]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-24]
FF Extension: (Locale Switcher) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168\Extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi [2017-02-11]
FF Extension: (Youtube Converter MP3) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2016-09-02]
FF Extension: (Adblock Plus) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\c68157cf.default-1470330932168\features\{5fdee43e-2231-4aa4-acfc-8e250a4cceff}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2085067102-2347417263-2365046495-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-02-18] ()

Chrome: 
=======
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google Präsentationen) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-14]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-14]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-14]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-28]
CHR Extension: (Google Tabellen) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-14]
CHR Extension: (Avira Browserschutz) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-30]
CHR Extension: (Skype) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-11-01]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-28]
CHR Extension: (Google Mail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-16] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-02-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-05-14] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [185128 2015-05-29] (Intel Corporation)
R3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [281896 2015-05-29] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0cc477a6fec64d8c\nvlddmkm.sys [14516664 2017-02-10] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-05-04] (Realtek                                            )
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2016-07-16] (Realtek Semiconductor Corporation                           )
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [159952 2015-11-14] (Ray Hinchliffe)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 VCSVADHWSer; C:\WINDOWS\system32\DRIVERS\vcsvad.sys [29320 2015-10-01] (AVSOFT Corp.)
R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx64.sys [43472 2016-07-27] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-21 18:39 - 2017-02-21 18:39 - 00021507 _____ C:\Users\Chris\Desktop\FRST.txt
2017-02-21 18:35 - 2017-02-21 18:37 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-21 18:34 - 2017-02-21 18:35 - 11581544 _____ (SurfRight B.V.) C:\Users\Chris\Downloads\HitmanPro_x64.exe
2017-02-21 17:38 - 2017-02-21 17:39 - 02870984 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_deu.exe
2017-02-21 17:33 - 2017-02-21 17:33 - 00002306 _____ C:\Users\Chris\Desktop\Fixlog.txt
2017-02-21 17:32 - 2017-02-21 17:32 - 00000000 ____D C:\Users\Chris\Desktop\FRST-OlderVersion
2017-02-20 17:36 - 2017-02-20 17:36 - 00000000 ____D C:\Users\Chris\Desktop\kamila16
2017-02-19 20:11 - 2017-02-19 20:14 - 00263324 _____ C:\TDSSKiller.3.1.0.12_19.02.2017_20.11.08_log.txt
2017-02-19 20:10 - 2017-02-19 20:10 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Chris\Downloads\tdsskiller.exe
2017-02-19 20:09 - 2017-02-19 20:09 - 00044438 _____ C:\Users\Chris\Downloads\Addition.txt
2017-02-19 20:08 - 2017-02-21 18:39 - 00000000 ____D C:\FRST
2017-02-19 20:08 - 2017-02-21 17:32 - 02422784 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2017-02-19 20:08 - 2017-02-19 20:09 - 00041103 _____ C:\Users\Chris\Downloads\FRST.txt
2017-02-17 19:25 - 2017-02-17 19:44 - 58142701 _____ C:\Users\Chris\Downloads\topless light.mp4
2017-02-15 14:58 - 2017-02-15 14:58 - 00000000 ____D C:\Users\Chris\ansel
2017-02-14 23:13 - 2017-02-14 23:13 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-14 23:13 - 2017-02-09 23:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-14 23:12 - 2017-02-10 03:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00944224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00719856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00618416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00605120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-02-14 23:12 - 2017-02-10 03:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-09 19:51 - 2017-02-10 23:19 - 00542248 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-02-09 19:51 - 2017-02-09 19:51 - 00000000 ____D C:\ProgramData\For Honor
2017-02-08 16:14 - 2017-02-08 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 05:38 - 2017-02-07 05:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-31 02:56 - 2017-01-31 02:57 - 00000000 ____D C:\Users\Chris\Documents\Anno 2205
2017-01-30 16:38 - 2017-01-30 16:38 - 00000234 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anno 2205.url
2017-01-29 16:00 - 2017-02-21 17:58 - 00000000 ____D C:\Users\Chris\AppData\Local\Ubisoft Game Launcher
2017-01-29 16:00 - 2017-01-29 16:00 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Ubisoft
2017-01-29 16:00 - 2017-01-29 16:00 - 00000000 ____D C:\ProgramData\Ubisoft
2017-01-29 15:58 - 2017-01-29 15:58 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-01-29 15:18 - 2017-01-29 15:18 - 00000000 ____D C:\WINDOWS\SysWOW64\AGEIA
2017-01-29 15:18 - 2017-01-29 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
2017-01-29 15:18 - 2017-01-29 15:18 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-01-28 15:17 - 2017-01-28 15:17 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-27 14:53 - 2017-02-20 22:29 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-27 14:53 - 2017-01-27 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2017-01-27 14:53 - 2017-01-27 14:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-27 14:53 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-27 14:53 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-27 14:53 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-27 14:47 - 2017-01-27 14:49 - 00000000 ____D C:\AdwCleaner
2017-01-26 01:13 - 2017-01-26 01:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-39-1.exe
2017-01-26 01:12 - 2017-01-26 01:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-39-1.dll
2017-01-26 01:09 - 2017-01-26 01:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1-1-0-39-1.dll
2017-01-26 01:09 - 2017-01-26 01:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-39-1.exe
2017-01-25 14:24 - 2017-01-24 01:00 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-01-25 14:24 - 2017-01-20 17:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-25 14:24 - 2017-01-20 17:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-25 14:24 - 2017-01-20 17:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-25 14:24 - 2017-01-20 17:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-25 14:21 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 14:21 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-21 17:49 - 2016-11-18 15:16 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\Mozilla
2017-02-21 17:44 - 2016-08-05 20:45 - 00000000 ____D C:\Users\Chris
2017-02-21 17:40 - 2016-07-16 23:51 - 03446682 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-21 17:40 - 2016-07-16 23:51 - 00938182 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-21 17:40 - 2015-11-05 21:11 - 06958546 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-21 17:34 - 2016-09-14 01:46 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-21 17:34 - 2016-08-05 20:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-21 17:34 - 2016-08-05 20:44 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-21 17:33 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-21 17:33 - 2016-04-10 10:01 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\Temp
2017-02-21 17:28 - 2016-04-11 20:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-21 14:41 - 2016-03-14 17:33 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Skype
2017-02-20 23:22 - 2016-08-05 20:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-20 20:14 - 2016-11-07 19:51 - 00000000 ____D C:\Users\Chris\AppData\Local\Spotify
2017-02-20 19:31 - 2016-11-07 19:50 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Spotify
2017-02-20 17:42 - 2016-03-19 00:47 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2017-02-19 20:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-19 01:43 - 2016-03-14 21:44 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2017-02-19 00:08 - 2016-03-14 17:43 - 00000000 ____D C:\Users\Chris\Documents\The Lord of the Rings Online
2017-02-18 15:21 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-16 17:12 - 2016-04-16 11:51 - 00000000 ___RD C:\Users\Chris\Dropbox
2017-02-15 22:23 - 2016-03-14 18:37 - 00000000 ____D C:\Users\Chris\AppData\Local\Adobe
2017-02-15 22:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 22:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-15 15:02 - 2016-03-14 18:39 - 00000000 ____D C:\Users\Chris\AppData\Roaming\TS3Client
2017-02-15 15:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-14 23:14 - 2016-08-05 20:44 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-14 23:14 - 2016-02-18 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-14 23:13 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-14 23:13 - 2016-03-14 17:32 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-14 17:00 - 2016-12-09 15:56 - 00000000 ____D C:\Users\Chris\Knuddels-Stapp
2017-02-13 22:13 - 2016-11-28 22:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-13 22:13 - 2016-03-14 17:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-10 03:33 - 2016-07-14 19:15 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 03:33 - 2016-07-14 19:15 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 03:33 - 2016-07-14 19:15 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-10 00:13 - 2017-01-01 19:51 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-09 23:57 - 2016-08-05 20:44 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-09 23:57 - 2016-08-05 20:44 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-09 23:57 - 2016-08-05 20:44 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-09 23:57 - 2016-08-05 20:44 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-09 23:57 - 2016-08-05 20:44 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-09 23:57 - 2016-08-05 20:44 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-09 23:57 - 2016-08-05 20:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-09 23:57 - 2016-08-05 20:44 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-09 19:51 - 2016-12-09 01:45 - 00000000 ____D C:\Users\Chris\Documents\My Games
2017-02-09 15:44 - 2016-03-14 17:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-09 15:44 - 2016-03-14 17:33 - 00000000 ____D C:\ProgramData\Skype
2017-02-09 12:10 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SystemApps
2017-02-08 16:14 - 2016-04-16 11:47 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-07 14:34 - 2016-03-14 19:54 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 23:12 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-04 23:12 - 2015-11-05 21:20 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-31 03:41 - 2016-03-14 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-01-29 15:58 - 2016-06-11 11:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-28 15:10 - 2016-12-14 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 14:54 - 2016-03-14 19:52 - 00000000 ____D C:\Users\Chris\AppData\Local\Google
2017-01-28 00:11 - 2017-01-01 19:51 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2017-01-01 19:51 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2016-10-06 19:40 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2016-10-06 19:40 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2016-10-06 19:40 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2016-10-06 19:40 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2016-10-06 19:40 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-28 00:11 - 2016-08-05 20:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-28 00:11 - 2016-08-05 20:44 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-27 15:01 - 2016-03-14 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2017-01-27 15:01 - 2016-03-14 21:08 - 00000000 ____D C:\ProgramData\InstallMate
2017-01-26 01:13 - 2016-03-14 17:32 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-01-26 01:12 - 2016-03-14 17:32 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-01-26 01:09 - 2016-03-14 17:32 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-01-26 01:09 - 2016-03-14 17:32 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-01-25 19:38 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 01:00 - 2016-07-14 19:15 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-01-24 01:00 - 2016-07-14 19:15 - 00217528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-01-23 10:40 - 2016-12-15 18:39 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-23 10:40 - 2016-03-14 17:44 - 00000000 ____D C:\Users\Chris\AppData\Local\Akamai
2017-01-23 10:40 - 2016-03-14 17:23 - 00002440 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 10:40 - 2016-03-14 17:23 - 00000000 ___RD C:\Users\Chris\OneDrive

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-07-27 21:37 - 2016-07-27 21:37 - 0001167 _____ () C:\Users\Chris\AppData\Roaming\trace_FilterInstaller.txt
2016-07-27 21:37 - 2016-07-27 21:37 - 0000000 _____ () C:\Users\Chris\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-08-30 23:51 - 2017-01-14 02:11 - 0015872 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-05 20:45 - 2016-08-05 20:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-08-30 23:46 - 2016-08-30 23:47 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-15 20:42 - 2017-01-10 22:54 - 0005943 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 20:42 - 2017-01-09 20:30 - 0018438 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-14 19:33

==================== Ende von FRST.txt ============================

--- --- ---

[/CODE]

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-02-2017
durchgeführt von Chris (21-02-2017 18:39:22)
Gestartet von C:\Users\Chris\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-05 19:49:47)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2085067102-2347417263-2365046495-500 - Administrator - Disabled)
Chris (S-1-5-21-2085067102-2347417263-2365046495-1001 - Administrator - Enabled) => C:\Users\Chris
DefaultAccount (S-1-5-21-2085067102-2347417263-2365046495-503 - Limited - Disabled)
Gast (S-1-5-21-2085067102-2347417263-2365046495-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
AGEIA PhysX v7.07.09 (HKLM-x32\...\{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 - AGEIA Technologies, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version:  - Ubisoft)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Datenrettung by EaseUS (HKLM\...\Datenrettung by EaseUS_is1) (Version:  - EaseUS)
Deadlight (HKLM\...\Steam App 211400) (Version:  - Tequila Works, S.L.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
File Repair (HKLM-x32\...\File Repair_is1) (Version:  - File Repair)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Knuddels Standalone App (HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Knuddels App ) (Version: "2015.12.6.0" - "Knuddels App")
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 2.6.55 (remove only) (HKLM-x32\...\ManyCam) (Version: 2.6.55 - ManyCam LLC)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 de)) (Version: 45.7.1 - Mozilla)
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\MPEG4E) (Version:  - )
netis Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0193 - netis Systems Co.,Ltd.)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Walking Dead (HKLM\...\Steam App 207610) (Version:  - Telltale Games)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {003D87C9-8305-4802-B303-24E5CF415B18} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {01F75D02-88A8-4415-82A6-CE9CB48DCEE0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-16] (Dropbox, Inc.)
Task: {19F368A0-953B-4868-98EE-22FE1DC26823} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {2E7ABA58-2703-42C4-95F9-3448C7027324} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {42661BCB-AAA8-4D5F-AE20-C24079689118} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-14] (Google Inc.)
Task: {6AEB1581-AD0B-498E-A552-774E5FEB2FB9} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {A2758957-7E91-4DE2-90D0-61D99D4B0CCB} - System32\Tasks\{2E2CE07B-4A22-40E3-B7DB-A94E8F2C6065} => Firefox.exe hxxp://ui.skype.com/ui/0/7.26.0.101/de/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {A45ABF86-8FAB-42D0-BE17-37B4906AE157} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {A4B1CEF0-6F9D-4A6B-BD9F-CD34CACBE8C0} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {A7A31280-0758-4A15-9A25-21158FDEC16B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {AD9AA984-C7BA-4E53-8B6C-6243F400FC1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-14] (Google Inc.)
Task: {ADC928F9-840F-4781-9BF4-1128D1262A05} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {DC7E16CF-2756-413B-B61B-C5BDEB7DFD99} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {DF925662-4A94-4046-B400-177FA2C39028} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-16] (Dropbox, Inc.)
Task: {E246099F-849F-492E-BE6A-11576D2E3B2A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Chris\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 17:14 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-01 19:51 - 2017-01-20 19:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-01 19:51 - 2017-01-20 19:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-08-05 20:44 - 2017-02-09 23:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-14 17:14 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-27 23:43 - 2016-02-03 11:33 - 00566440 _____ () D:\Secure Eraser\Secure Eraser\SecEraser64.dll
2016-09-16 20:21 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 23:07 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 23:07 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 23:07 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 23:07 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 23:07 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 23:07 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 23:07 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-01 19:51 - 2017-01-20 19:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-01-01 19:51 - 2017-01-20 19:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-01 19:51 - 2017-01-20 19:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-01 19:51 - 2017-01-20 19:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-01-01 19:51 - 2017-01-20 14:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-01-01 19:51 - 2017-01-20 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-01-01 19:51 - 2017-01-20 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-01-01 19:51 - 2017-01-20 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-01-01 19:51 - 2017-01-20 14:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-01-01 19:51 - 2017-01-20 14:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-01-01 19:51 - 2017-01-20 14:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-01-01 19:51 - 2017-01-20 14:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2015-07-10 23:37 - 2015-07-10 23:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2009-01-27 13:44 - 2009-01-27 13:42 - 00019456 _____ () D:\Free Video Converter\videocore.dll
2009-01-27 13:44 - 2009-01-27 13:42 - 06963712 _____ () D:\Free Video Converter\videotrans.dll
2009-01-27 13:44 - 2009-01-27 13:42 - 00452608 _____ () D:\Free Video Converter\videoformat.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 08:24 - 2015-10-30 08:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2085067102-2347417263-2365046495-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{11f462d9-2000-4ae7-8f3b-0642b2ffd935}.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{12AE60BE-F879-4319-A0DC-BE9AEAD0CE48}] => (Block) D:\emule\emule.exe
FirewallRules: [{181360E1-C9E8-455D-99E6-131683220D3C}] => (Block) D:\emule\emule.exe
FirewallRules: [UDP Query User{8AE1D52E-CD4C-41E4-83C7-919B8467C612}D:\emule\emule.exe] => (Allow) D:\emule\emule.exe
FirewallRules: [TCP Query User{E715626D-5355-4642-A41F-4CC92AC4F94F}D:\emule\emule.exe] => (Allow) D:\emule\emule.exe
FirewallRules: [UDP Query User{622B407F-52D7-48AC-90A4-6BD14F84933F}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [TCP Query User{E88FDFBF-0AB6-428C-8165-0F310CFB3C2C}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [UDP Query User{DAD85C45-431B-4DD6-A525-B426A459FE9C}C:\users\chris\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\chris\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F0A32B70-289F-4070-9CCB-31538FB402C7}C:\users\chris\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\chris\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{869CF435-5417-43AC-9F5F-FEBEFE78C62A}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [TCP Query User{891C6FDD-CF68-46CA-8EB9-0FE1B24957D5}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [{014D2387-E39A-41B9-803E-0A263344B7C1}] => (Allow) D:\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{5854A898-A87A-4B74-B202-A1B47C48715D}] => (Allow) D:\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{1E60E0CA-5C42-4171-AD8C-E5E1B1D454D5}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{74007E34-C52E-4760-B362-BF7537146471}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{B1F7CC13-CAAF-4593-B432-8A3512307827}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{B04720A5-8D7F-45A8-972B-033E54CF0FFF}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [UDP Query User{19A3B84A-10BE-4751-AEF5-1633F0C3301C}C:\users\chris\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\chris\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{98575832-8285-4D19-A4B8-AEAFB7D5CA69}C:\users\chris\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\chris\appdata\local\akamai\netsession_win.exe
FirewallRules: [{48F6365B-BA62-4E2C-B945-17768DAA787F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8B7CEE7F-2DD7-4A0E-AE13-04F74C34F002}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D78AD65D-6212-4D19-BD96-22A2BAF831B4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2D4CBE06-750C-4BBB-8C49-3D944845F12D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3F767099-AB22-46EE-8227-66C7B488277C}] => (Allow) LPort=2869
FirewallRules: [{75214EA1-E104-45FF-95F1-B28D73291FDC}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{D595D634-2A0E-4D5F-9B1F-C03998F2EDFE}C:\users\chris\knuddels-stapp\commonfiles\java\bin\javaw.exe] => (Allow) C:\users\chris\knuddels-stapp\commonfiles\java\bin\javaw.exe
FirewallRules: [UDP Query User{133011E3-66A3-4029-ACD0-67D9F352A8EC}C:\users\chris\knuddels-stapp\commonfiles\java\bin\javaw.exe] => (Allow) C:\users\chris\knuddels-stapp\commonfiles\java\bin\javaw.exe
FirewallRules: [TCP Query User{F2CCFF41-5159-447A-893C-E6B1267F7490}C:\users\chris\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chris\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{92C9167B-ADC7-4DC3-B985-A3079FA1C5D1}C:\users\chris\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chris\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BEE8C6A0-F562-4B52-B138-32A6DA87F199}] => (Allow) D:\Steam\steamapps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{19CACF43-7A15-41A9-94A7-80B819A93565}] => (Allow) D:\Steam\steamapps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{CA9F0CE5-430E-4408-BCD9-84F382617D59}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{92A85300-F70B-4A42-A2AA-49F73AAE0243}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{D11E5A30-AD83-4D19-B8A0-6C54C88ADC61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{5F27A7CA-4C2C-4FEF-BB26-C4ED874A30A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2CA6C599-C573-43FF-95B4-035EE8708F87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7044EC4A-4ADD-4EA5-AC0E-79BAA7A1180A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{50E02735-6DB6-4450-B9EB-E3D6271481DA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{9FA2CF16-5EC5-40DC-B777-42446D47BCEE}] => (Allow) D:\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{A386E0FC-2559-4433-9A23-7C4151536D8E}] => (Allow) D:\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{735D0EDD-4C6A-4F4E-B6D5-6356C01C62B8}] => (Allow) D:\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{6A519412-2B07-4BF6-94FF-252E51CCE5E0}] => (Allow) D:\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{088C10F5-3D83-4093-85E3-AF96C01B1FCF}] => (Allow) D:\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{81F61CB2-745A-4539-80B9-878BF089CA6A}] => (Allow) D:\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{06325CE9-BDB2-408E-AE27-ABCF69C5CB97}] => (Allow) D:\Ubisoft\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [{0A514671-7FB6-4B5E-84FC-9D538FB8FF88}] => (Allow) D:\Ubisoft\Neuer Ordner\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{42AE3F03-BDB0-4EED-A98A-31515639D50B}] => (Allow) D:\Ubisoft\Neuer Ordner\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{201C7FE2-223D-43C1-B7BD-5098B243AB0D}] => (Allow) D:\Ubisoft\Neuer Ordner\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{27B7A7E9-52F9-426F-8701-E3E6C2CC1CD8}] => (Allow) D:\Ubisoft\Neuer Ordner\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{80421629-6DDE-4676-BF6D-AE6E38A7AD17}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8B6E4D6B-48BF-4969-A1F9-64D27D4E180A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{5EAC7426-FC3E-4CC8-AA26-70419E473DC0}D:\ubisoft\for honor\forhonorbeta\forhonor.exe] => (Allow) D:\ubisoft\for honor\forhonorbeta\forhonor.exe
FirewallRules: [UDP Query User{BC641ECA-BA91-4A03-8291-7BFD38155864}D:\ubisoft\for honor\forhonorbeta\forhonor.exe] => (Allow) D:\ubisoft\for honor\forhonorbeta\forhonor.exe

==================== Wiederherstellungspunkte =========================

04-02-2017 23:11:56 DirectX wurde installiert
09-02-2017 19:50:51 DirectX wurde installiert
18-02-2017 19:12:51 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/21/2017 06:31:40 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/21/2017 06:31:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/21/2017 06:31:12 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/21/2017 05:40:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/21/2017 05:39:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/21/2017 05:39:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Chris\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/21/2017 05:39:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\users\chris\downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/21/2017 05:34:09 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) Das System kann die angegebene Datei nicht finden.

Error: (02/20/2017 05:29:16 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/19/2017 01:43:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lotroclient.exe, Version: 1903.58.2974.4098, Zeitstempel: 0x58a0a01c
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.479, Zeitstempel: 0x58256ca0
Ausnahmecode: 0xc0000017
Fehleroffset: 0x000cd686
ID des fehlerhaften Prozesses: 0x1c30
Startzeit der fehlerhaften Anwendung: 0x01d28a309439bff4
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Turbine\Der Herr der Ringe Online\lotroclient.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: a35fd624-488a-4f0e-906c-0f6edd6062b9
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (02/21/2017 05:41:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Chris\AppData\Local\Temp\ehdrv.sys

Error: (02/21/2017 05:41:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/21/2017 05:41:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/21/2017 05:41:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Chris\AppData\Local\Temp\ehdrv.sys

Error: (02/21/2017 05:41:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/21/2017 05:41:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Chris\AppData\Local\Temp\ehdrv.sys

Error: (02/21/2017 05:40:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/21/2017 05:40:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Chris\AppData\Local\Temp\ehdrv.sys

Error: (02/21/2017 05:40:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/21/2017 05:40:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Chris\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2017-01-28 15:14:02.447
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2016-09-02 22:25:21.765
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.764
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.762
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.731
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.730
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.728
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.694
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-02 22:25:21.692
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 21%
Installierter physikalischer RAM: 16346.72 MB
Verfügbarer physikalischer RAM: 12774.73 MB
Summe virtueller Speicher: 18778.72 MB
Verfügbarer virtueller Speicher: 14016.82 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:222.98 GB) (Free:127.88 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (D1-P1) (Fixed) (Total:931.51 GB) (Free:257.48 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:362.09 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: EF94E5D9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=500 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 38E4ADF8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 67EB62E7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

ob es noch Probleme gibt kann ich jetzt noch nicht sagen

M-K-D-B · 21.02.2017, 20:33

Servus,

Zitat:

CHIP-Installer.exe

Bitte keinen Chip-Installer mehr verwenden! Bitte lesen: CHIP-Installer – was ist das?

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\Windows\System32\config\systemprofile\AppData\Local\DMR
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	Microsoft Security Essentials	ESET

Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

januskopf198 · 22.02.2017, 16:47

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-02-2017
durchgeführt von Chris (22-02-2017 16:45:44) Run:2
Gestartet von C:\Users\Chris\Desktop
Geladene Profile: Chris (Verfügbare Profile: Chris)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
C:\Windows\System32\config\systemprofile\AppData\Local\DMR
Reboot:
end
*****************

Prozesse erfolgreich geschlossen.
C:\Windows\System32\config\systemprofile\AppData\Local\DMR => erfolgreich verschoben


Das System musste neu gestartet werden.

==== Ende von Fixlog 16:45:45 ====

M-K-D-B · 22.02.2017, 20:51

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

20.02.2017, 20:46	#6
M-K-D-B /// TB-Ausbilder	Verdacht auf Virus Servus, du hast am 27.01. AdwCleaner und MBAM ausgeführt. Wurde dabei etwas gefunden? Wenn ja, bitte die Logdateien posten.

Verdacht auf Virus

Plagegeister aller Art und deren Bekämpfung: Verdacht auf Virus